Browser redirects and pop-ups

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

DaMasterMoose

Thread Starter
Joined
Dec 18, 2010
Messages
15
I am getting random redirects and then pop-ups. I ran malware-bytes and it cleaned up 5 objects. The behavior continues. I tried following the steps for HiJackThis and it generates a blank log. I tried to "run it as administrator" but the check box is gray. I tried the dds.scr as well and it came back with an error "The dependency service or group failed to start". Running windows vista home. I have copied all data that I can off to an external hard drive already. I did have symantec endpoint protection and ad-adware running on the machine as well. Any ideas where to start?
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi

Please do the following:


  • Download OTL and save it to your desktop.
  • Double click on the
    icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.


NEXT




Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
 

DaMasterMoose

Thread Starter
Joined
Dec 18, 2010
Messages
15
OTL logfile created on: 12/24/2010 11:26:28 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Jenise\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 19.14 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
Drive D: | 111.44 Gb Total Space | 24.00 Gb Free Space | 21.54% Space Free | Partition Type: NTFS

Computer Name: GWLT | User Name: Jenise | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/24 11:20:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jenise\Desktop\OTL.exe
PRC - [2010/03/01 18:53:20 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/01 18:53:18 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/21 17:53:18 | 000,640,760 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/04 19:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/04 18:55:38 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/04/04 18:55:36 | 002,475,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (SafeList) ==========

MOD - [2010/12/24 11:20:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jenise\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/07 13:33:58 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/09/22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 18:53:18 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/21 14:12:42 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/11/13 15:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/11/04 03:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/07/20 20:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/04/04 19:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/04/04 18:55:36 | 002,475,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/04/04 02:45:18 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/01/31 08:37:02 | 000,157,016 | ---- | M] (Smith Micro Software, Inc.) [Auto | Stopped] -- C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe -- (Stuffit Archive Name Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfjqk.sys -- (efeia)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/12/16 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101223.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/16 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101223.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/18 07:34:22 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/18 07:34:22 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys -- (EraserUtilDrvI10)
DRV - [2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/09/30 06:53:12 | 001,184,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/09 08:58:56 | 004,749,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/07/10 06:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009/04/27 17:54:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/28 11:52:25 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/04 10:55:53 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/11/04 03:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/10/15 08:32:08 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/10/15 08:30:04 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/10/15 08:29:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/09/18 03:14:44 | 000,251,392 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/06/26 19:23:12 | 000,011,264 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/06/11 20:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/06/11 14:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/12 23:48:04 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/04/27 17:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/03/21 19:14:24 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/03/21 19:14:24 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/03/21 19:14:24 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/02/21 12:55:00 | 000,299,008 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/17 18:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/10/30 20:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/30 20:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/04/26 04:38:40 | 000,186,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0109&m=m-7347u
IE - HKLM\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVe0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVe0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274


[2009/07/07 07:39:53 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Mozilla\Extensions
[2009/07/07 07:39:53 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/12/18 17:41:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/12/18 21:46:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVe0.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVe0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (TVersitybar Toolbar) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - C:\Program Files\TVersitybar\tbTVe0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: webkinz.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Jenise\Pictures\winter_EN-GB3611258492.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jenise\Pictures\winter_EN-GB3611258492.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/24 11:20:28 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Jenise\Desktop\OTL.exe
[2010/12/19 21:52:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\_copied files
[2010/12/18 23:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/18 21:57:57 | 000,000,000 | ---D | C] -- C:\Users\Jenise\AppData\Local\temp
[2010/12/18 21:46:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/12/18 21:01:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/18 20:47:27 | 000,330,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
[2010/12/18 20:47:27 | 000,000,000 | ---D | C] -- C:\DRIVERS
[2010/12/18 18:31:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/18 18:31:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/18 18:31:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/18 18:31:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/18 18:31:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/18 17:41:26 | 000,000,000 | ---D | C] -- C:\Users\Jenise\AppData\Local\Mozilla
[2010/12/18 17:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/12/16 12:59:38 | 000,000,000 | ---D | C] -- C:\Users\Jenise\AppData\Roaming\Malwarebytes
[2010/12/16 12:59:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/16 12:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/16 12:59:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/16 12:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/15 14:26:04 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/15 14:26:02 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/15 14:26:01 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/15 14:26:01 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/15 14:25:59 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/15 14:25:58 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/15 14:25:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/15 14:25:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/15 14:25:54 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/15 14:25:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/15 14:25:53 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/15 14:25:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/15 14:25:53 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/15 14:25:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/15 14:25:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/15 14:25:52 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/15 14:25:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/15 14:25:52 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/15 14:25:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/15 14:25:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/15 14:25:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/15 14:25:52 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/15 14:25:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/15 14:25:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/15 14:25:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/15 14:25:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/11/28 08:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/11/28 08:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\TVersitybar
[2010/11/28 08:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TVersity
[2010/11/25 10:33:38 | 000,000,000 | ---D | C] -- C:\Users\Jenise\Documents\WWS Logs
[2010/07/28 19:20:56 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2010/12/24 11:23:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/24 11:22:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/24 11:22:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/24 11:20:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jenise\Desktop\OTL.exe
[2010/12/21 00:00:23 | 000,000,610 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2010/12/20 18:31:43 | 000,624,128 | ---- | M] () -- C:\Users\Jenise\Desktop\dds.scr
[2010/12/20 17:42:16 | 000,002,525 | ---- | M] () -- C:\Users\Jenise\Desktop\HiJackThis.lnk
[2010/12/20 17:22:28 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{66F1F043-2D37-434F-BE46-4A631A2DD830}.job
[2010/12/20 17:16:54 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/20 17:16:54 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/20 17:16:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/20 17:08:14 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/12/20 17:08:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/20 17:07:04 | 196,407,191 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/20 16:26:34 | 000,001,356 | ---- | M] () -- C:\Users\Jenise\AppData\Local\d3d9caps.dat
[2010/12/18 21:46:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/18 20:19:39 | 000,553,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/18 18:22:48 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2010/12/18 17:41:24 | 000,001,750 | ---- | M] () -- C:\Users\Jenise\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/18 17:41:24 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/17 20:46:25 | 000,096,256 | ---- | M] () -- C:\Users\Jenise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/16 15:46:04 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/12/14 09:56:48 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/12/14 09:56:48 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2070N.DAT
[2010/12/13 18:55:18 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/12/12 17:46:49 | 000,003,140 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/12/04 14:21:58 | 000,006,753 | ---- | M] () -- C:\Users\Jenise\AppData\Roaming\PrimoPDFSet.xml
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/12/20 18:31:41 | 000,624,128 | ---- | C] () -- C:\Users\Jenise\Desktop\dds.scr
[2010/12/18 23:39:36 | 000,002,525 | ---- | C] () -- C:\Users\Jenise\Desktop\HiJackThis.lnk
[2010/12/18 20:22:04 | 000,000,394 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{66F1F043-2D37-434F-BE46-4A631A2DD830}.job
[2010/12/18 18:31:34 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/18 18:31:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/18 18:31:34 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/18 18:31:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/18 18:31:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/18 18:22:48 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif
[2010/12/18 17:41:24 | 000,001,750 | ---- | C] () -- C:\Users\Jenise\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/18 17:41:24 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/18 15:35:48 | 196,407,191 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/28 19:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/07/28 19:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/12/17 13:14:42 | 000,000,056 | ---- | C] () -- C:\Windows\azzCardfile Settings.ini
[2009/11/20 17:46:08 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/09/10 13:39:17 | 000,003,526 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/08/31 16:26:45 | 000,000,959 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/08/07 12:44:38 | 000,003,140 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/08/07 12:44:38 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\E6515269CE.sys
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/09 20:58:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/19 16:47:24 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/16 19:19:27 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/04/01 12:15:53 | 000,001,356 | ---- | C] () -- C:\Users\Jenise\AppData\Local\d3d9caps.dat
[2009/03/31 11:31:43 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/03/31 11:31:28 | 002,255,360 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/03/31 11:31:28 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/03/31 11:31:28 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/03/31 11:31:27 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/03/31 11:31:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/03/29 11:24:36 | 000,000,552 | ---- | C] () -- C:\Users\Jenise\AppData\Local\d3d8caps.dat
[2009/03/28 11:52:24 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/03/27 21:26:44 | 000,000,314 | ---- | C] () -- C:\Users\Jenise\AppData\Roaming\wklnhst.dat
[2009/03/24 02:50:16 | 000,006,753 | ---- | C] () -- C:\Users\Jenise\AppData\Roaming\PrimoPDFSet.xml
[2009/03/22 23:13:15 | 000,036,571 | ---- | C] () -- C:\Users\Jenise\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/03/13 20:08:13 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/07 14:34:54 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/03/07 12:34:38 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/03/06 03:11:47 | 000,000,063 | ---- | C] () -- C:\Windows\wininit.ini
[2009/03/06 00:04:09 | 000,000,377 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/03/05 10:40:35 | 000,096,256 | ---- | C] () -- C:\Users\Jenise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/22 18:32:17 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/08/18 21:28:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/07/30 00:40:43 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/07/30 00:40:42 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008/04/28 12:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/12/21 10:13:56 | 000,191,136 | ---- | C] () -- C:\Windows\System32\plx_upldr.dll

========== LOP Check ==========

[2010/02/02 00:27:33 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Aisle 5 Games, Inc
[2010/08/29 14:20:02 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Alawar
[2009/12/17 13:14:42 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\azzCardfile
[2010/03/06 10:11:02 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Babylonia
[2009/03/29 11:19:51 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\BSplayer PRO
[2009/09/01 10:08:40 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\BudgetExpress 3
[2010/03/01 20:38:01 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Camel101
[2009/04/20 13:53:33 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Canon
[2010/05/03 23:07:39 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/06 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
[2010/03/24 22:08:56 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\eFax Messenger
[2010/10/12 13:33:19 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Efficient Diary Pro
[2010/03/25 15:22:58 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\EleFun Games
[2010/01/19 23:47:58 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Faerie Solitaire
[2010/02/24 22:26:03 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Farm Mania
[2009/08/22 07:19:15 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\FlashGet
[2009/04/28 12:00:09 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\FOG Downloader
[2010/04/03 08:03:32 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\FotkiDesktop
[2010/06/08 23:16:38 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Freezetag
[2010/07/25 15:17:30 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Friday's games
[2009/12/31 22:49:26 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\funkitron
[2010/01/15 23:41:57 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Gamehouse JanesZOO
[2010/03/16 23:42:03 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\GameInvest
[2010/03/30 23:12:36 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Gamers Digital
[2010/07/06 13:27:43 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\GhostFleet
[2010/06/11 00:48:06 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\HdO Adventure
[2009/06/07 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Hoyle Casino
[2009/03/10 23:55:00 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Hoyle FaceCreator
[2010/10/19 22:20:06 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Hoyle Puzzle and Board Games
[2010/03/02 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\HSA
[2009/03/06 02:58:28 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\ICQ
[2010/03/04 21:37:36 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\IronCode
[2010/01/04 22:25:33 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\iWin
[2010/03/24 22:10:56 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\j2 Global
[2010/03/25 22:23:29 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Meridian93
[2010/07/16 14:18:10 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Merscom
[2009/12/19 09:00:06 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\monkey money
[2009/12/23 20:43:25 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\My Games
[2010/09/20 23:03:50 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\MysteryStudio
[2010/01/14 22:50:49 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Pi Eye Games
[2010/01/03 13:24:49 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Pirateville
[2010/01/10 12:07:30 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\PlayFirst
[2010/07/05 19:41:32 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\PoBros
[2009/07/07 07:39:51 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Postbox
[2009/12/25 21:52:57 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Purple Patch Games
[2009/03/05 11:23:39 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Quicken WillMaker
[2010/08/12 14:40:19 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\RayV
[2010/08/12 14:19:45 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Research In Motion
[2009/04/20 02:03:40 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Runes of Avalon
[2009/08/14 16:08:09 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\SecondLife
[2010/02/26 11:20:50 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Shape games
[2010/01/04 18:41:59 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Skip-Bo
[2009/07/17 01:51:33 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Template
[2010/08/25 07:56:16 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\TitanicMystery
[2010/07/27 22:31:51 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Twintale Entertainment
[2010/01/10 11:53:47 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Unity
[2009/04/15 12:39:55 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\uTorrent
[2009/05/01 10:13:54 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\WildTangent
[2009/10/20 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Windows Live Writer
[2010/01/13 14:18:46 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\YoudaGames
[2010/03/27 00:20:21 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\ZEMNOTT
[2009/03/28 22:54:59 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\__JensOldFlashGet
[2010/12/13 18:55:18 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/12/20 17:22:48 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/20 17:22:28 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{66F1F043-2D37-434F-BE46-4A631A2DD830}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0E0E9645
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:51EFAA18
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FE53E4F7
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:80D975A5
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0E1DD4C5
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
 

DaMasterMoose

Thread Starter
Joined
Dec 18, 2010
Messages
15
OTL Extras logfile created on: 12/24/2010 11:26:28 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Jenise\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 19.14 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
Drive D: | 111.44 Gb Total Space | 24.00 Gb Free Space | 21.54% Space Free | Partition Type: NTFS

Computer Name: GWLT | User Name: Jenise | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.txt [@ = NFOpad] -- C:\Program Files\NFOpad\nfopad.exe (True Human Design (THD))

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8AF962-286D-4085-BA04-F3A80A7CEFC3}" = lport=3390 | protocol=6 | dir=in | app=system |
"{0C071D1F-6FD1-4A40-B52B-C565950D7E41}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{107860A1-CA9F-4517-B9B0-8700D7CD8681}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{17648BFC-0B1F-400F-B2D6-3AAA5A0D66A1}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{1769A382-ECEE-44F3-A1D0-E0338A790568}" = rport=10243 | protocol=6 | dir=out | app=system |
"{181D03F6-AFD3-4A98-89B8-D513D29766F0}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{1A7E58C3-CF72-459A-A7EC-EEB48ABE37B5}" = rport=445 | protocol=6 | dir=out | app=system |
"{1E2DE4D9-8646-4BEC-9800-D17C73E07A97}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1F0BA520-9CF8-4F6A-97AD-99380F9FD94F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{28194F96-54EF-4807-8AC4-7EC187EB6EE1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{29BEA050-962C-4617-AA58-C0B1CC8B83E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BA443A4-7D8A-4834-88E2-94CDE08B8702}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{32F904CC-8AE3-41DC-85D9-34F3161F73FC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37959492-D6F8-47B2-A484-C66E29039A4B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3B7A82B0-1D5A-4459-A996-A8D81978460E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{4095B47D-63B4-44AD-A799-F1EFE12BA56A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44739DC9-CE00-414B-B99F-C6EF49FEC904}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4A6C49D4-68A4-4EF9-A5BF-BE95874C440A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BC5835A-6BAF-4F4A-A7AF-4B81744A998A}" = lport=10244 | protocol=6 | dir=in | app=system |
"{4C7CFBA0-921C-4F64-8B6A-E639BB118C2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DAF9630-A004-448D-8C16-FF047FC6C4C1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4EFC4706-C2F7-476B-B444-EE7A4A45D645}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{55F11ADC-642D-4CD1-A4F7-CAFD091843F1}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{568D220B-A907-42C5-8A19-BC9C84FD7591}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{56F4F2E2-1D9D-45DE-ACB6-672078B0DF00}" = rport=139 | protocol=6 | dir=out | app=system |
"{57085205-53BC-4542-84C7-B180B8311575}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5C93EADC-0AF7-4429-A553-CD5999D296F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5FA75ECB-B660-4278-8C2B-653F92172D2E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6483E32D-05CB-4FE8-AD50-FC99E6B77069}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{679DFBE4-A4A8-458D-B8EA-A3E00EBA5CE7}" = lport=138 | protocol=17 | dir=in | app=system |
"{68FE8A69-7E01-4BB2-A077-4BA6109AD470}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{69752759-E07B-4E6C-9579-0C5207E46969}" = lport=445 | protocol=6 | dir=in | app=system |
"{6A091B60-6861-4A8C-8FFD-A055E754E356}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70941D0D-8167-4A6A-A1C5-D3A11050BA08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75A20CE6-9740-4BF8-AE93-4756ACEC3E90}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B26DB31-AD31-47C7-BB67-A0CFCB4817B4}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{7D5C2335-36D9-4403-AF95-E9829751F1D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7FF6A6C2-A161-4AD3-B27B-982A772836BD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9312F8A9-C53E-4F05-BBC9-76F9AB7BB9D0}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{96A067C0-27A4-4E3D-BFC1-CAA226D2879D}" = lport=137 | protocol=17 | dir=in | app=system |
"{9BB95E8A-2483-4DC8-89D6-FA6850F9C041}" = rport=10244 | protocol=6 | dir=out | app=system |
"{A15E2FB3-176B-4462-9826-27AB28A74F30}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2236BE5-64D8-4A00-B92D-4F4337678B5B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A566872D-DA44-49BF-91C8-081C17A4CADB}" = rport=10244 | protocol=6 | dir=out | app=system |
"{AED14515-DE61-487F-AC6A-7E96997ECC86}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4243098-7E35-4658-BD4A-BEF4913E7BD7}" = rport=137 | protocol=17 | dir=out | app=system |
"{B4FE2CFC-1EFC-4E13-AF07-486CE7AD9EE9}" = rport=138 | protocol=17 | dir=out | app=system |
"{B6B48B2E-072E-4177-AC69-A9AC47BCD981}" = lport=10244 | protocol=6 | dir=in | app=system |
"{C179C7C3-8CC7-4F3E-AFBE-21377A27D875}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C273D776-8E75-4A4B-8B52-544C0B404DE4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5B0E24D-78EF-43C0-9F4B-153797C524B7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C9C09EFD-95F5-40C2-9C21-634C4ED9508F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCD89272-C308-4845-9373-29C168CA1509}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1811195-CD1B-4D6E-A0B8-228D612EEDDA}" = lport=139 | protocol=6 | dir=in | app=system |
"{D229DCE7-D561-4E6E-B094-36B9C72C1916}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D31B733D-C45C-4854-96E8-99923972D6FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D62A78D5-7225-4D67-864F-E4058E1213B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE7522E7-DFB8-4092-9225-E17156FAE957}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7D9A02C-26B4-4ADD-A6FF-4655CF6D221B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01138287-0A91-4D5F-9986-327620E87001}" = dir=in | app=c:\program files\pando networks\pando\pando.exe |
"{011A83DA-E058-499D-8017-BE9285605EC8}" = protocol=17 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{09D01437-3D8F-4418-8536-449B586615CA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{0ABCDB92-1595-43D0-A4CF-9D9453A73298}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0B1EDE71-8A27-49A3-AEA4-3E081DEA1865}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0D8DBC9D-D1A1-4170-B217-81F5A88A4367}" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.dll |
"{0EEF3467-3317-4CE9-9D8E-4A4D46EE7F6E}" = protocol=17 | dir=in | app=c:\users\jenise\appdata\local\apps\2.0\m3axw24t.h8t\oo99c5cr.g0t\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\curseclient.exe |
"{0F40914B-2810-4B39-9042-17698C55940C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{111BE99D-6D46-4BCA-B810-408615EF8A45}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
"{1B2F36CD-62AB-4182-BD1F-0F9E6B9BB306}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{1BA69F66-19D6-4722-BCAC-4A4BC7FA3F1C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{20475B2D-7914-4EB9-8D8A-4A2E086DEEDD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{223C540E-A100-4B8F-A3CF-2AEFC9B60EE1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{22455080-555B-4F0D-96F8-A5D4F803E2FB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2B3EE0EB-AB42-4290-8F5E-2D33E296A2D1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{2BA81951-6A8B-4BB5-A761-7984B5A612DC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E16B12E-3C65-4A50-B170-BF8E966ED4D7}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{31A3361B-D5E3-4480-88B4-FAF20A4BF7AC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{33D1804A-0B70-45F0-AC52-6D71D5F05AEB}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{356064FF-4E77-4ECE-9C0C-9C11132D7761}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{3701C945-5018-4607-9AD3-E10CD5CFE179}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{3A908366-197E-4314-BA18-3B59D672267F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B982E83-495F-4A2E-AB9E-FC134BEBE48E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D506FBF-24F5-4690-AF13-284F209D7691}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4566EB39-310E-4DD9-A1A5-86A6AC71FB3A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{472D02F0-9CD9-40C1-9530-411288D0E7F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{492548A0-9944-4C96-9634-41BC0F546546}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{4BE25216-D619-419E-AADA-CD89CE4D4B35}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4DC28FE4-3B6D-48F4-9A24-7A3E6E260D3C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{4E484357-C34A-4658-86F6-9332DA85155B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4EADCA49-120D-4D26-BE21-5818D58FCF4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{511F4DF7-F105-4759-8FEB-317AEFBDD089}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{51909606-7EBC-44BF-A71B-1101F9146CDF}" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.dll |
"{52EF8955-13D1-4296-A6B4-457EF607E993}" = protocol=17 | dir=in | app=c:\users\jenise\appdata\local\apps\2.0\m3axw24t.h8t\oo99c5cr.g0t\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{54EC8207-0081-4035-9B98-2494C08A7ADA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56353842-E42D-4A7B-99B7-4D28A1A2C7B9}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{5A2F30ED-95AD-49A0-BE47-5AC49565E833}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.2.9056-to-3.0.3.9183-enus-downloader.exe |
"{5D5C5885-CB35-43FC-8CF7-7FC7646291C2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
"{60C15C3B-930C-4A41-871C-A9F41B3AE532}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{62E42A48-7D32-4601-8DF9-2F48C50BB85E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{69272DB4-ED0D-43AE-9A79-CB1E048220A9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.2.9056-to-3.0.3.9183-enus-downloader.exe |
"{6B8D53C8-F478-4CC3-9D14-62F0C32CB3A7}" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"{6BA91837-A33B-4946-B143-5BA366C18AA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{71BBA4E9-4411-48D4-973B-EE5E190CC42D}" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"{7361E9F9-DE92-46B6-A47A-8B3BFF9CF5DF}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{745A30AB-636F-4EEA-B442-FFC3EE3CC4A8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{79617631-E309-4E78-8A6A-02D32D216332}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{79C69B43-1CAA-47DA-970A-834DF81DF1C5}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{7B73014C-D2EA-4716-8E49-DA9134FFAE74}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{7C57FBFC-540D-47A5-9CD3-2461879421D4}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{8396675E-0B17-4F4C-A001-F2AB4E76D83D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{851FBC9B-5550-47F0-A2FE-779FDE40EFEC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{85D2B9F8-FDF9-4306-9677-0E1EF35AEA14}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{86B5ED70-0033-4324-87D7-8281F011D7C5}" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"{87372D58-1B92-4A23-9A5E-11EBCAB4DC89}" = dir=in | app=c:\program files\pando networks\pando\pando.exe |
"{88FEE874-4A17-44CD-A3C2-812E580E3F8E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8B663FA5-EBF8-413F-B563-30CD5ED5E405}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8BD1A8BC-CD19-4C5C-9D4C-33DE5F457B75}" = protocol=6 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{8D8FEB4A-2A5A-41BE-8C11-F1905B19653E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8ECCC1C5-107E-42D5-BF20-96A0B47AEEC0}" = protocol=17 | dir=in | app=c:\programdata\tversity\media server\mediaserver.exe |
"{8F7CA367-5C76-43A6-AA2C-B8F70AD30B05}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{93581485-211A-49E8-A69A-DAD9175F2069}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{946BF0AF-A668-426C-9689-588E7245C00F}" = protocol=1 | dir=out | [email protected],-28544 |
"{9D7AFD52-701F-46BF-BBC4-370491913F50}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{A150AD39-0C9C-44E5-A526-021C3AABC500}" = protocol=58 | dir=out | [email protected],-28546 |
"{A1E11D3C-633A-4F0A-8AEB-34474D3001F4}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{A3864740-0E5B-45A0-9634-72BF88133510}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{A9C990AF-58CC-4D65-A69F-E4E44B6244EF}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{AC2CF7DC-4DD5-4140-B3D4-B140AF8D58B5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD6CDEE5-10DB-4994-954A-965B105B8A01}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{ADBB62B4-C693-44AF-8140-94E0BD4F48C7}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{AFCA15E7-206F-4332-9084-D7366EAD1AC7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B00DA834-7668-43A9-AFD3-4DF9ECEC0661}" = protocol=6 | dir=in | app=c:\users\jenise\appdata\local\apps\2.0\m3axw24t.h8t\oo99c5cr.g0t\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{B34177AF-A8BA-458E-9406-014A93C7DA6B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B53A8D7F-E72F-48A1-BD94-245596A57C9E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BAC505F8-BDC4-472D-9C69-A2CCE2B34DB0}" = protocol=6 | dir=in | app=c:\programdata\tversity\media server\mediaserver.exe |
"{BCEB982D-6132-4790-A459-DB7CC6D37D31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD6AA54A-8D46-42CD-977B-008465EA31B7}" = protocol=1 | dir=in | [email protected],-28543 |
"{C0F3B998-D19E-4D03-B1F3-153232A71B17}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{C1B0BA9C-BD7A-4D67-8F62-8596169685C3}" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"{C2822CFF-EDB6-4338-BD56-0733E5071D6B}" = dir=in | app=c:\program files\pando networks\pando\pando.exe |
"{C663C177-1AB4-4A34-8D96-F2422D4CF7AC}" = protocol=6 | dir=in | app=c:\users\jenise\appdata\local\apps\2.0\m3axw24t.h8t\oo99c5cr.g0t\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\curseclient.exe |
"{C7CE2639-AA8D-450A-948C-B6B75FBC5DA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CEEC56C7-0604-4F9D-A3AC-3CEB98B8DCF2}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{D29119B2-59BB-42A8-AD48-A69EF26FA340}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D5F017D0-EDB0-464C-9530-D3BE2ED8FBA4}" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.dll |
"{D90A3B3F-A32A-4ECD-BCE5-45CBABAC5483}" = protocol=6 | dir=out | app=system |
"{E02EB3E0-950E-491B-AD2B-EBA1FF38B98C}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E07F9164-A2E9-4423-A25C-D57690A4B231}" = dir=in | app=e:\setup\hpznui01.exe |
"{E154BBA9-567F-414D-8F5E-C73FED13E98F}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{E49C77F2-8589-4709-BDE7-A50117E240D0}" = protocol=58 | dir=in | [email protected],-28545 |
"{EA1A49E9-D65D-4A05-87BC-F197469803F2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{F3FFE923-52EC-47FF-8019-00AD85843D74}" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.dll |
"{F7A2D723-57BF-4FDE-B4E5-A52E9085F1E6}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{FB412609-B011-4F65-BB67-6FDDB79BE005}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"TCP Query User{04583A68-FB4E-442D-A83E-06249678D1EE}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{0AEECDC0-F10B-4485-9FCE-5EB9C6474ED6}C:\users\jenise\desktop\yuleech-runesofmagic2_0_1_1821-en.exe" = protocol=6 | dir=in | app=c:\users\jenise\desktop\yuleech-runesofmagic2_0_1_1821-en.exe |
"TCP Query User{189EC05E-7E1F-4868-AED9-8710428CCD6B}C:\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\flashget\flashget.exe |
"TCP Query User{2A200CD4-3733-461F-82CE-21614F061EBA}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{2DDD48EA-EDDB-45C9-81BA-4FEF08200231}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{38290DD0-D9EB-4081-B44F-7CE5D38D2B05}C:\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\flashget\flashget.exe |
"TCP Query User{3E7A8181-AEEE-4013-A1E5-09043BDF07B2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{449F4ED0-3522-4F34-86EB-DB20DF4C4EEE}C:\program files\pando networks\pando\pando.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"TCP Query User{926942E6-B417-4B32-A51D-1C5F261F7F94}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{97118352-D035-4DB5-8004-AA44F52A6F28}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{990B0445-C1E9-47CF-9AE2-27DCD3427E1E}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"TCP Query User{DAFCB372-ED99-4CB3-A3CE-A0468052DC2F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{1EDC2A6F-8588-45FF-B05E-F71E05C1C3F7}C:\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\flashget\flashget.exe |
"UDP Query User{20BFE209-BABD-443C-9D69-0276E94375BC}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{2E68A0D9-E20C-4EFB-A5CE-9865D3AEAB7E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{70AFB612-6AA9-4DEF-9413-E410D8BB99D0}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{747A0BF5-DD18-45F7-836F-74BEC0C635BB}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"UDP Query User{8D62F7C4-7586-467F-A8CA-FCF47F5B9E2D}C:\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\flashget\flashget.exe |
"UDP Query User{9EA90CA3-9918-4589-80D9-A653FAF12867}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{D6911658-0007-44D8-A923-7EE859CDB91D}C:\program files\pando networks\pando\pando.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"UDP Query User{ED16951F-ABBA-40CB-8713-4F9FCA2CD20D}C:\users\jenise\desktop\yuleech-runesofmagic2_0_1_1821-en.exe" = protocol=17 | dir=in | app=c:\users\jenise\desktop\yuleech-runesofmagic2_0_1_1821-en.exe |
"UDP Query User{EFCEBBAF-1971-4A92-8972-12CCA325AF84}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{F8008564-1516-4993-8D4F-CD664967F2DF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FBD166BB-72E1-4B60-B4AC-02B71692F34E}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{010F7E2B-9ACA-4D31-B87C-09EC5CC8D3F1}" = TurboTax 2008 winiper
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{194D0B58-ED34-444F-A1D1-C1CACFC3B7EE}" = Cozi Outlook Toolbar
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2086A549-ED96-4dc9-BBE3-0538AB29ABEC}" = PSP Thumbnail Handler
"{22443966-38F8-8A4D-AA16-0FBFA246881F}" = Acrobat.com
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
"{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30E3DC12-65D7-4DFA-8F19-BA885B773A05}" = hp_pbk_fnt_romance_scrapbook01
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{334A33C2-B9A5-4322-AB83-EBF42BFCC470}" = Fresh RAM
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{385E26E0-EAA2-012B-ADA5-000000000000}" = TurboTax 2009 winiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39003340-EAA2-012B-ADCD-000000000000}" = TurboTax 2009 wkyiper
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3F99D180-34C3-4151-8C6C-86FC5D7BDFBD}" = Hoyle Casino
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76B2BC31-2D96-4170-9C44-09E13B5555F3}" = Symantec Endpoint Protection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77E912CE-6396-45B8-90C0-DF402B3D7566}" = BudgetExpress 3
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{812FF41B-6870-2964-2572-379477CEDA97}" = easy gadget
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87C79BE7-06DD-AA67-209C-1824B84C3A4F}" = Picaboo X
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}" = Serif WebPlus X2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DC15870-CB9B-471A-AE23-367C5C3B4702}" = hp_pbk_everyday_dogs_scrapbook01
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98881DD9-D574-42A6-B15D-1E553E1976EA}" = hp_pbk_soah_christmas_modern01
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9ED3C484-D002-4D4D-9BF3-C3DF9048EE7D}" = StuffIt 12
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{C200A620-DD82-42A9-9A32-2CDA92914DCB}" = O2Micro Flash Memory Card Reader Driver (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF404C21-47EB-4FA5-B920-91746874ED43}" = Ulead Photo Express My Scrapbook 2.0
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E9F3E83A-09AF-42BF-837E-7F749F1AABE3}" = Bookworm Adventures Vol. 2
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8024EB8-5B34-46FE-B15D-20ACF26FC20E}" = Hoyle Puzzle and Board Games
"{FC935397-C56E-4EE3-B9BC-1F7F3EA6CE41}" = Serif PhotoPlus X2
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = AI RoboForm (All Users)
"Alarm Clock_is1" = Alarm Clock v1.0
"amg-bigkahunareef2chainreaction" = Big Kahuna Reef 2 - Chain Reaction
"amg-bricksofcamelot" = Bricks of Camelot
"amg-bricksofegypt" = Bricks of Egypt
"amg-ecomatch" = Eco Match
"amg-elfbowlinghawaiianvacation" = Elf Bowling - Hawaiian Vacation
"amg-faeriesolitairetm" = Faerie Solitaire(TM)
"amg-farmfrenzy" = Farm Frenzy
"amg-gamehousesolitairechallenge" = GameHouse Solitaire Challenge
"amg-goldrushtreasurehunt" = Gold Rush - Treasure Hunt
"amg-legendsofthewildwestgoldenhill" = Legends of the Wild West - Golden Hill
"amg-lostcityofaquatica" = Lost City of Aquatica
"amg-lostinreefs" = Lost in Reefs
"amg-mahjongginvestigationsundersuspicion" = Mahjongg Investigations - Under Suspicion
"amg-monkeymoney" = Monkey Money
"amg-mysterylegendstmsleepyhollow" = Mystery Legends(TM) - Sleepy Hollow
"amg-picketfences" = Picket Fences
"amg-pokersuperstars2" = Poker Superstars 2
"amg-poshshop" = Posh Shop
"amg-qbeez2" = QBeez 2
"amg-rainbowweb2" = Rainbow Web 2
"amg-rainforestadventure" = Rainforest Adventure
"amg-relichunt" = Relic Hunt
"amg-scarabsofpharaoh" = Scarabs of Pharaoh
"amg-skipbocastawaycapertm" = SKIP-BO Castaway Caper(TM)
"amg-spongebobsquarepantscollapse" = SpongeBob SquarePants Collapse!
"amg-strikeball2" = Strike Ball 2
"amg-strikeball3" = Strike Ball 3
"amg-textexpress2deluxe" = Text Express 2 Deluxe
"amg-turtleodyssey" = Turtle Odyssey
"amg-wobblybobbly" = Wobbly Bobbly
"amg-wordtravels" = Word Travels
"amg-worldmosaics2" = World Mosaics 2
"AudibleManager" = AudibleManager
"azzCardfile_is1" = azzCardfile 4.0c
"Bejeweled Twist 1.0" = Bejeweled Twist 1.0
"BookWorm Deluxe 1.02" = BookWorm Deluxe 1.02
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.brighthouse.air.gadget.D76A18CCA16817C56F836CA64BA57EFAC2361D0A.1" = easy gadget
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Family Tree Heritage" = Family Tree Heritage
"Family Tree Maker 2009" = Family Tree Maker 2009
"Feeding Frenzy 2 1.0" = Feeding Frenzy 2 1.0
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FlashGet" = FlashGet 1.9.6.1073
"Flower Paradise" = Flower Paradise (remove only)
"Fotki Desktop_is1" = Fotki Desktop
"Google Calendar Sync" = Google Calendar Sync
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"Insaniquarium Deluxe 1.0" = Insaniquarium Deluxe 1.0
"iWinArcade" = iWin Games (remove only)
"Jewel Quest" = Jewel Quest (remove only)
"Jewel Quest II" = Jewel Quest II (remove only)
"Jewel Quest Solitaire" = Jewel Quest Solitaire (remove only)
"Jewel Quest Solitaire II" = Jewel Quest Solitaire II (remove only)
"Kidzui" = Kidzui
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.5
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Mah Jong Quest" = Mah Jong Quest (remove only)
"Mah Jong Quest III" = Mah Jong Quest III (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Money2007b" = Microsoft Money Essentials
"Monopoly Here & Now Edition" = Monopoly Here & Now Edition
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.1
"Musicnotes Player" = Musicnotes Player
"NFOpad" = NFOpad 1.52
"PDFZilla_is1" = PDFZilla V1.2
"Peggle Nights Deluxe 1.0" = Peggle Nights Deluxe 1.0
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"Picasa 3" = Picasa 3
"PrimoPDF4.1.0.9" = PrimoPDF
"Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
"Slingo Supreme" = Slingo Supreme (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tag&Rename_is1" = Tag&Rename 3.5.1
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.3
"TVersity Media Server " = TVersity Media Server 1.6 Beta
"TVersitybar Toolbar" = TVersitybar Toolbar
"TVWiz" = Intel(R) TV Wizard
"UnityWebPlayer" = Unity Web Player
"Warcraft II BNE" = Warcraft II BNE
"Warcraft III" = Warcraft III
"Web Games Player Plugin" = Web Games Player Plugin
"WildTangent gateway Master Uninstall" = Gateway Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Winmail Reader_is1" = Winmail Reader 1.1.11
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Wow Web Stats Client v3.0" = Wow Web Stats Client v3.0

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 

DaMasterMoose

Thread Starter
Joined
Dec 18, 2010
Messages
15
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-24 12:09:55
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.FBEO
Running: gmer.exe; Driver: C:\Users\Jenise\AppData\Local\Temp\fxldqpow.sys

---- System - GMER 1.0.15 ----
INT 0x62 ? 86609BF8
INT 0x82 ? 86609BF8
INT 0x92 ? 858ABBF8
INT 0x92 ? 86609BF8
INT 0x92 ? 86609BF8
INT 0x92 ? 86609BF8
INT 0x92 ? 858ABBF8
INT 0xA2 ? 86609BF8
INT 0xA2 ? 86609BF8
INT 0xB2 ? 86609BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spui.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8E23441B 5 Bytes JMP 866091D8
.text aq8z2sz5.SYS 8E2DF000 22 Bytes [82, 33, 01, 82, 6C, 32, 01, ...]
.text aq8z2sz5.SYS 8E2DF017 167 Bytes [00, 32, 97, 79, 82, 3D, 95, ...]
.text aq8z2sz5.SYS 8E2DF0BF 13 Bytes [82, 00, 00, 00, 00, 00, 00, ...] {ADD BYTE [EAX], 0x0; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text aq8z2sz5.SYS 8E2DF0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6D, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; INSD ; POPF ; SCASB ; DEC EAX}
.text aq8z2sz5.SYS 8E2DF0DA 12 Bytes [00, 00, 02, 00, 00, 00, 26, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[120] ntdll.dll!NtProtectVirtualMemory 77494D34 5 Bytes JMP 02BB000A
.text C:\Windows\Explorer.EXE[120] ntdll.dll!NtWriteVirtualMemory 77495674 5 Bytes JMP 02EE000A
.text C:\Windows\Explorer.EXE[120] ntdll.dll!KiUserExceptionDispatcher 77495DC8 5 Bytes JMP 028D000A
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtProtectVirtualMemory 77494D34 5 Bytes JMP 004B000A
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtWriteVirtualMemory 77495674 5 Bytes JMP 004C000A
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!KiUserExceptionDispatcher 77495DC8 5 Bytes JMP 004A000A
.text C:\Windows\system32\svchost.exe[1024] ole32.dll!CoCreateInstance 770B9F3E 5 Bytes JMP 0059000A
.text C:\Windows\system32\svchost.exe[1024] USER32.dll!GetCursorPos 77290B88 5 Bytes JMP 0103000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] ntdll.dll!NtProtectVirtualMemory 77494D34 5 Bytes JMP 009A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] ntdll.dll!NtWriteVirtualMemory 77495674 5 Bytes JMP 009F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] ntdll.dll!KiUserExceptionDispatcher 77495DC8 5 Bytes JMP 0099000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!SetWindowsHookExW 772787AD 5 Bytes JMP 6F9C9AE9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!CallNextHookEx 77278E3B 5 Bytes JMP 6F9BD145 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!UnhookWindowsHookEx 772798DB 5 Bytes JMP 6F934696 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!CreateWindowExW 77281305 5 Bytes JMP 6F9CDB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!DialogBoxParamW 772A10B0 5 Bytes JMP 6F8F5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!DialogBoxIndirectParamW 772A2EF5 5 Bytes JMP 6FAC4FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!DialogBoxParamA 772B8152 5 Bytes JMP 6FAC4F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!DialogBoxIndirectParamA 772B847D 5 Bytes JMP 6FAC5052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!MessageBoxIndirectA 772CD4D9 5 Bytes JMP 6FAC4F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!MessageBoxIndirectW 772CD5D3 5 Bytes JMP 6FAC4EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!MessageBoxExA 772CD639 5 Bytes JMP 6FAC4E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!MessageBoxExW 772CD65D 5 Bytes JMP 6FAC4DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] ole32.dll!OleLoadFromStream 77081E80 5 Bytes JMP 6FAC5370 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1708] ole32.dll!CoCreateInstance 770B9F3E 5 Bytes JMP 6F9CDBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] ntdll.dll!NtProtectVirtualMemory 77494D34 5 Bytes JMP 0021000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] ntdll.dll!NtWriteVirtualMemory 77495674 5 Bytes JMP 0088000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] ntdll.dll!KiUserExceptionDispatcher 77495DC8 5 Bytes JMP 0020000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!CreateDialogParamW 772772A2 5 Bytes JMP 10134BA0 C:\Program Files\TVersitybar\tbTVe0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!CreateWindowExW 77281305 5 Bytes JMP 6F9CDB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!DialogBoxParamW 772A10B0 5 Bytes JMP 10134D20 C:\Program Files\TVersitybar\tbTVe0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!DialogBoxIndirectParamW 772A2EF5 5 Bytes JMP 6FAC4FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!DialogBoxParamA 772B8152 5 Bytes JMP 6FAC4F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!DialogBoxIndirectParamA 772B847D 5 Bytes JMP 6FAC5052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!MessageBoxIndirectA 772CD4D9 5 Bytes JMP 6FAC4F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!MessageBoxIndirectW 772CD5D3 5 Bytes JMP 6FAC4EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!MessageBoxExA 772CD639 5 Bytes JMP 6FAC4E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!MessageBoxExW 772CD65D 5 Bytes JMP 6FAC4DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 858AD1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{E0AFCA9B-9DD3-49DA-8E88-4432F05CE7D4} 86D67500
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 858A91F8
Device \Driver\usbuhci \Device\USBPDO-0 8665F1F8
Device \Driver\usbuhci \Device\USBPDO-1 8665F1F8
Device \Driver\usbuhci \Device\USBPDO-2 8665F1F8
Device \Driver\usbehci \Device\USBPDO-3 866601F8
Device \Driver\usbuhci \Device\USBPDO-4 8665F1F8
Device \Driver\usbuhci \Device\USBPDO-5 8665F1F8
Device \Driver\sptd \Device\3686372337 spui.sys
Device \Driver\usbuhci \Device\USBPDO-6 8665F1F8
Device \Driver\volmgr \Device\HarddiskVolume1 858A91F8
Device \Driver\usbehci \Device\USBPDO-7 866601F8
Device \Driver\volmgr \Device\HarddiskVolume2 858A91F8
Device \Driver\cdrom \Device\CdRom0 866EE1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [828C7390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [828C7390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume3 858A91F8
Device \Driver\cdrom \Device\CdRom1 866EE1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 86D67500
Device \Driver\Smb \Device\NetbiosSmb 86D421F8
Device \Driver\iScsiPrt \Device\RaidPort0 866F83F0
Device \Driver\netbt \Device\NetBT_Tcpip_{303BC344-9B58-4EB4-97AD-724DA608135B} 86D67500
Device \Driver\PCI_PNP6326 \Device\0000005f spui.sys
Device \Driver\usbuhci \Device\USBFDO-0 8665F1F8
Device \Driver\usbuhci \Device\USBFDO-1 8665F1F8
Device \Driver\usbuhci \Device\USBFDO-2 8665F1F8
Device \Driver\usbehci \Device\USBFDO-3 866601F8
Device \Driver\usbuhci \Device\USBFDO-4 8665F1F8
Device \Driver\usbuhci \Device\USBFDO-5 8665F1F8
Device \Driver\usbuhci \Device\USBFDO-6 8665F1F8
Device \Driver\usbehci \Device\USBFDO-7 866601F8
Device \Driver\aq8z2sz5 \Device\Scsi\aq8z2sz51Port4Path0Target0Lun0 866F4500
Device \Driver\aq8z2sz5 \Device\Scsi\aq8z2sz51 866F4500
Device \FileSystem\cdfs \Cdfs 871821F8
Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskHitachi_HTS543225L9A300_________________FBEOC40C#4&286e8e68&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\[email protected] 45262
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x77 0x85 0x5E 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x39 0xDD 0x89 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xE1 0x75 0x9C 0x4F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x77 0x85 0x5E 0x6B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x39 0xDD 0x89 0xE1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xE1 0x75 0x9C 0x4F ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 07: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 488396912 (+255): rootkit-like behavior;
---- Files - GMER 1.0.15 ----
File C:\Users\Jenise\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 680 bytes
File C:\Users\Jenise\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt 111 bytes
---- EOF - GMER 1.0.15 ----
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

Please do the following

Refer to the ComboFix User's Guide

  1. Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
 

DaMasterMoose

Thread Starter
Joined
Dec 18, 2010
Messages
15
The box for combfix comes up and then disappears after a few moments. I then get a BSOD all I can see of it is that is iastor.sys.
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Please delete the copy of ComboFix that you have on your desktop

download a fresh copy but rename it to iexplore before saving it to your desktop

make certain when you run it that all your security systems are disabled or they will interfere


Now download and run TDSSKiller before re-running ComboFix, once TDSSKiller completes, retry ComboFix, post both logs


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
 

DaMasterMoose

Thread Starter
Joined
Dec 18, 2010
Messages
15
2010/12/27 09:34:29.0323 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/27 09:34:29.0323 ================================================================================
2010/12/27 09:34:29.0323 SystemInfo:
2010/12/27 09:34:29.0323
2010/12/27 09:34:29.0323 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/27 09:34:29.0323 Product type: Workstation
2010/12/27 09:34:29.0323 ComputerName: GWLT
2010/12/27 09:34:29.0323 UserName: Jenise
2010/12/27 09:34:29.0323 Windows directory: C:\Windows
2010/12/27 09:34:29.0323 System windows directory: C:\Windows
2010/12/27 09:34:29.0323 Processor architecture: Intel x86
2010/12/27 09:34:29.0323 Number of processors: 2
2010/12/27 09:34:29.0323 Page size: 0x1000
2010/12/27 09:34:29.0323 Boot type: Safe boot
2010/12/27 09:34:29.0323 ================================================================================
2010/12/27 09:34:40.0493 Initialize success
2010/12/27 09:34:45.0329 ================================================================================
2010/12/27 09:34:45.0329 Scan started
2010/12/27 09:34:45.0329 Mode: Manual;
2010/12/27 09:34:45.0329 ================================================================================
2010/12/27 09:34:46.0218 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/27 09:34:46.0311 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/12/27 09:34:46.0405 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/12/27 09:34:46.0436 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/12/27 09:34:46.0467 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/12/27 09:34:46.0623 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/27 09:34:46.0717 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/12/27 09:34:46.0842 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/27 09:34:46.0904 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/12/27 09:34:46.0967 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/12/27 09:34:47.0045 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/12/27 09:34:47.0123 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/12/27 09:34:47.0169 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/12/27 09:34:47.0294 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/12/27 09:34:47.0372 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/12/27 09:34:47.0435 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/27 09:34:47.0497 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/12/27 09:34:47.0606 athr (8b412ddc62a0510767c5d48192ee1324) C:\Windows\system32\DRIVERS\athr.sys
2010/12/27 09:34:47.0778 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/27 09:34:47.0840 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/12/27 09:34:47.0965 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/27 09:34:48.0043 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/27 09:34:48.0074 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/27 09:34:48.0199 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/27 09:34:48.0230 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/27 09:34:48.0308 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/27 09:34:48.0339 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/27 09:34:48.0464 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/27 09:34:48.0636 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/27 09:34:48.0698 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/27 09:34:48.0745 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/12/27 09:34:48.0854 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/27 09:34:48.0979 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/27 09:34:49.0010 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/12/27 09:34:49.0073 CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
2010/12/27 09:34:49.0197 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\Windows\system32\Drivers\COH_Mon.sys
2010/12/27 09:34:49.0244 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/27 09:34:49.0260 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/12/27 09:34:49.0291 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/12/27 09:34:49.0431 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/27 09:34:49.0509 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/27 09:34:49.0634 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/27 09:34:49.0697 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/27 09:34:49.0806 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/27 09:34:49.0884 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/27 09:34:49.0977 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/27 09:34:50.0165 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/12/27 09:34:50.0274 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/27 09:34:50.0367 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/12/27 09:34:50.0477 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/27 09:34:50.0555 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/27 09:34:50.0617 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/27 09:34:50.0757 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/27 09:34:50.0789 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/27 09:34:50.0835 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/27 09:34:50.0882 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/27 09:34:51.0038 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/12/27 09:34:51.0101 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/27 09:34:51.0132 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/27 09:34:51.0241 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/27 09:34:51.0397 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/12/27 09:34:51.0475 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/27 09:34:51.0553 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/27 09:34:51.0584 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/27 09:34:51.0662 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/27 09:34:51.0787 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/12/27 09:34:51.0927 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/12/27 09:34:52.0021 HSF_DPV (efed6bd9b9d5f407adca918bbe2d410d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/27 09:34:52.0130 HSXHWAZL (c2eb8396c46e13f76037d70eae8820a9) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/12/27 09:34:52.0177 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/27 09:34:52.0224 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/12/27 09:34:52.0317 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/27 09:34:52.0411 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
2010/12/27 09:34:52.0505 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/12/27 09:34:52.0676 igfx (9b1c286404283f71d14dd681408b9750) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/27 09:34:52.0817 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/27 09:34:52.0879 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2010/12/27 09:34:52.0941 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\Windows\system32\drivers\IntcHdmi.sys
2010/12/27 09:34:53.0035 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/12/27 09:34:53.0082 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/27 09:34:53.0144 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/27 09:34:53.0300 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/27 09:34:53.0316 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/27 09:34:53.0441 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/27 09:34:53.0487 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/12/27 09:34:53.0534 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/27 09:34:53.0612 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/27 09:34:53.0690 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/27 09:34:53.0877 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/27 09:34:53.0971 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2010/12/27 09:34:54.0033 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/27 09:34:54.0127 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
2010/12/27 09:34:54.0205 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/27 09:34:54.0252 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/27 09:34:54.0283 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/27 09:34:54.0330 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/27 09:34:54.0408 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/27 09:34:54.0501 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/27 09:34:54.0595 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/12/27 09:34:54.0657 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/12/27 09:34:54.0689 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/27 09:34:54.0720 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/27 09:34:54.0829 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/27 09:34:54.0876 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/27 09:34:54.0891 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/27 09:34:55.0001 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/12/27 09:34:55.0032 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/27 09:34:55.0063 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/27 09:34:55.0110 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/27 09:34:55.0188 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/27 09:34:55.0219 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/27 09:34:55.0250 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/27 09:34:55.0344 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/12/27 09:34:55.0391 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/12/27 09:34:55.0437 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/27 09:34:55.0531 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/27 09:34:55.0609 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/27 09:34:55.0640 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/27 09:34:55.0671 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/27 09:34:55.0765 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/27 09:34:55.0952 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/27 09:34:56.0015 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/27 09:34:56.0093 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/27 09:34:56.0171 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/27 09:34:56.0327 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101223.002\NAVENG.SYS
2010/12/27 09:34:56.0405 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101223.002\NAVEX15.SYS
2010/12/27 09:34:56.0529 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/27 09:34:56.0576 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/27 09:34:56.0607 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/27 09:34:56.0717 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/27 09:34:56.0748 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/27 09:34:56.0873 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/27 09:34:56.0935 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/27 09:34:57.0153 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
2010/12/27 09:34:57.0247 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/27 09:34:57.0294 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/27 09:34:57.0325 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/27 09:34:57.0403 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/27 09:34:57.0512 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/27 09:34:57.0543 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/27 09:34:57.0575 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/12/27 09:34:57.0606 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/12/27 09:34:57.0637 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/12/27 09:34:57.0809 O2MDRDR (16dfa5eff3f104c1d66bcb60c06a101f) C:\Windows\system32\DRIVERS\o2media.sys
2010/12/27 09:34:57.0824 O2SDRDR (6e590c91f97ae5e3408453c8ae9a3000) C:\Windows\system32\DRIVERS\o2sd.sys
2010/12/27 09:34:57.0965 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/12/27 09:34:58.0027 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/27 09:34:58.0074 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/27 09:34:58.0167 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/27 09:34:58.0214 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/27 09:34:58.0245 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/12/27 09:34:58.0261 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/27 09:34:58.0401 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/27 09:34:58.0573 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/27 09:34:58.0604 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/12/27 09:34:58.0698 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/27 09:34:58.0838 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/12/27 09:34:58.0932 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/27 09:34:58.0979 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/27 09:34:58.0994 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/27 09:34:59.0025 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/27 09:34:59.0119 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/27 09:34:59.0166 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/27 09:34:59.0213 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/27 09:34:59.0291 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/27 09:34:59.0337 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/12/27 09:34:59.0353 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/27 09:34:59.0415 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/27 09:34:59.0587 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2010/12/27 09:34:59.0634 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2010/12/27 09:34:59.0759 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/27 09:34:59.0805 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/27 09:34:59.0946 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/27 09:35:00.0008 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/27 09:35:00.0039 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/27 09:35:00.0133 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/27 09:35:00.0164 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/27 09:35:00.0211 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/12/27 09:35:00.0227 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/27 09:35:00.0320 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/27 09:35:00.0351 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/27 09:35:00.0383 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/12/27 09:35:00.0414 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/12/27 09:35:00.0445 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/12/27 09:35:00.0539 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/27 09:35:00.0663 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/12/27 09:35:00.0757 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/27 09:35:00.0804 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2010/12/27 09:35:00.0804 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/12/27 09:35:00.0819 sptd - detected Locked file (1)
2010/12/27 09:35:00.0897 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\Windows\system32\Drivers\SRTSP.SYS
2010/12/27 09:35:00.0944 SRTSPL (c668edee729925635c254b04e70f9493) C:\Windows\system32\Drivers\SRTSPL.SYS
2010/12/27 09:35:00.0975 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\Windows\system32\Drivers\SRTSPX.SYS
2010/12/27 09:35:01.0085 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/27 09:35:01.0116 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/27 09:35:01.0131 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/27 09:35:01.0272 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2010/12/27 09:35:01.0334 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/27 09:35:01.0381 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/27 09:35:01.0475 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/12/27 09:35:01.0521 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\Windows\System32\Drivers\SYMREDRV.SYS
2010/12/27 09:35:01.0553 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\Windows\System32\Drivers\SYMTDI.SYS
2010/12/27 09:35:01.0599 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/27 09:35:01.0693 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/27 09:35:01.0755 SynTP (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/27 09:35:01.0849 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/27 09:35:01.0958 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/27 09:35:02.0083 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/27 09:35:02.0145 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/27 09:35:02.0177 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/27 09:35:02.0255 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/27 09:35:02.0317 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/27 09:35:02.0395 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/27 09:35:02.0442 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/27 09:35:02.0504 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/27 09:35:02.0551 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/12/27 09:35:02.0598 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/27 09:35:02.0676 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/27 09:35:02.0738 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/12/27 09:35:02.0785 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/27 09:35:02.0801 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/27 09:35:02.0879 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/27 09:35:02.0988 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/27 09:35:03.0113 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/12/27 09:35:03.0191 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/27 09:35:03.0269 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/27 09:35:03.0331 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/27 09:35:03.0378 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/27 09:35:03.0456 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/27 09:35:03.0518 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/12/27 09:35:03.0581 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/27 09:35:03.0659 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/27 09:35:03.0705 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/27 09:35:03.0737 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/27 09:35:03.0815 UVCFTR (c9e1ea0b39b1177f58326230f3ff065e) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2010/12/27 09:35:03.0893 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/27 09:35:03.0924 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/27 09:35:04.0002 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/12/27 09:35:04.0064 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/12/27 09:35:04.0095 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/12/27 09:35:04.0127 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/27 09:35:04.0205 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/27 09:35:04.0283 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/27 09:35:04.0314 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/12/27 09:35:04.0439 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/27 09:35:04.0485 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/27 09:35:04.0501 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/27 09:35:04.0563 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/12/27 09:35:04.0641 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/27 09:35:04.0751 winachsf (d0116c473ef3c381a42bb55036a1adb1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/27 09:35:04.0938 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/27 09:35:05.0016 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/27 09:35:05.0156 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/12/27 09:35:05.0219 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/27 09:35:05.0312 XAudio (22a08b9faecd6a306868f59b7f03f188) C:\Windows\system32\DRIVERS\XAudio32.sys
2010/12/27 09:35:05.0375 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/12/27 09:35:05.0406 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/27 09:35:05.0437 ================================================================================
2010/12/27 09:35:05.0437 Scan finished
2010/12/27 09:35:05.0437 ================================================================================
2010/12/27 09:35:05.0453 Detected object count: 2
2010/12/27 09:35:34.0734 Locked file(sptd) - User select action: Skip
2010/12/27 09:35:34.0781 \HardDisk0 - will be cured after reboot
2010/12/27 09:35:34.0781 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/27 09:35:39.0679 Deinitialize success
 

DaMasterMoose

Thread Starter
Joined
Dec 18, 2010
Messages
15
ComboFix 10-12-24.01 - Jenise 12/27/2010 9:44.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3000.2043 [GMT -5:00]
Running from: c:\users\Jenise\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-11-27 to 2010-12-27 )))))))))))))))))))))))))))))))
.

2010-12-27 14:54 . 2010-12-27 15:04 -------- d-----w- c:\users\Jenise\AppData\Local\temp
2010-12-27 14:54 . 2010-12-27 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-20 02:50 . 2010-12-20 19:41 -------- d-----w- c:\users\Public\_copied files
2010-12-19 04:39 . 2010-12-19 04:39 388096 ----a-r- c:\users\Jenise\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-19 04:39 . 2010-12-19 04:39 -------- d-----w- c:\program files\Trend Micro
2010-12-19 01:47 . 2010-12-19 01:47 -------- d-----w- C:\DRIVERS
2010-12-19 01:47 . 2009-08-07 10:17 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-12-18 22:41 . 2010-12-18 22:41 -------- d-----w- c:\users\Jenise\AppData\Local\Mozilla
2010-12-16 17:59 . 2010-12-16 17:59 -------- d-----w- c:\users\Jenise\AppData\Roaming\Malwarebytes
2010-12-16 17:59 . 2010-12-16 17:59 -------- d-----w- c:\programdata\Malwarebytes
2010-12-16 17:59 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-16 17:59 . 2010-12-16 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-16 17:59 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 19:26 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 19:26 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 19:26 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 19:26 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 19:26 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 19:26 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 19:26 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 19:26 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 19:26 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-14 06:36 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2528291C-C288-41DC-BFFC-8A6265B970FF}\mpengine.dll
2010-11-28 13:35 . 2010-11-28 13:35 -------- d-----w- c:\program files\Conduit
2010-11-28 13:35 . 2010-11-28 13:36 -------- d-----w- c:\program files\TVersitybar
2010-11-28 13:31 . 2010-11-28 13:31 -------- d-----w- c:\programdata\TVersity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2009-10-03 05:33 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVe0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\TVersitybar\tbTVe0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVe0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66BD2442-241B-44CD-8C7A-B51037053CDB}"= "c:\program files\TVersitybar\tbTVe0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-09 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-09 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-09 153624]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2010-7-26 546360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^easy gadget.lnk]
path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\easy gadget.lnk
backup=c:\windows\pss\easy gadget.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fotki Desktop.lnk]
path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fotki Desktop.lnk
backup=c:\windows\pss\Fotki Desktop.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-01 23:53 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-03-17 07:17 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-09-10 02:58 638976 ----a-w- c:\program files\Camera Assistant Software for Gateway\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2008-10-07 20:25 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2007-09-25 09:29 2007088 ----a-w- c:\flashget\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-12-07 18:33 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 14:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-03-01 10:59 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 00:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 20:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
2010-04-14 22:55 4922552 ----a-w- c:\program files\Pando Networks\Pando\pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-09-04 00:04 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 17:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmAudio]
2008-08-05 03:22 2701880 ------w- c:\program files\CONEXANT\SmartAudio\SmAudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-05 04:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R0 efeia;efeia;c:\windows\System32\drivers\sfjqk.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
R2 gupdate1ca8a2e9ce572e0;Google Update Service (gupdate1ca8a2e9ce572e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 133104]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2010-01-21 78104]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-18 102448]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-07 30192]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-27 64160]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-28 717296]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-05-13 51288]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
rsmsvcs REG_MULTI_SZ ntmssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:53]

2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 15:33]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 15:33]

2010-12-27 c:\windows\Tasks\User_Feed_Synchronization-{66F1F043-2D37-434F-BE46-4A631A2DD830}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0109&m=m-7347u
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:59274
IE: &Download All with FlashGet - c:\flashget\jc_all.htm
IE: &Download with FlashGet - c:\flashget\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: webkinz.com\www
.
.
------- File Associations -------
.
.txt=NFOpad
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-12-27 10:11:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-27 15:11
ComboFix2.txt 2010-12-19 02:57

Pre-Run: 20,295,999,488 bytes free
Post-Run: 20,275,716,096 bytes free

- - End Of File - - CB58408E11F6609475B5F258F84BDA72
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
http://forums.techguy.org/7740894-post11.html

Collect::
c:\windows\System32\drivers\sfjqk.sys

Folder::
c:\program files\iWin Games

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:59274

Driver::
efeia
iWinTrusted
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
 

DaMasterMoose

Thread Starter
Joined
Dec 18, 2010
Messages
15
ComboFix 10-12-22.01 - Jenise 12/27/2010 10:46:03.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3000.2266 [GMT -5:00]
Running from: c:\users\Jenise\Desktop\ComboFix.exe
Command switches used :: c:\users\Jenise\Desktop\CFSCript.txt
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\iWin Games
c:\program files\iWin Games\AdminWorker.exe
c:\program files\iWin Games\firefox\chrome.manifest
c:\program files\iWin Games\firefox\chrome\iwinarcade.jar
c:\program files\iWin Games\firefox\install.rdf
c:\program files\iWin Games\firefox\iWinArcadeLauncher.exe
c:\program files\iWin Games\firefox\version
c:\program files\iWin Games\ftdownload.dat
c:\program files\iWin Games\gamepage\buynow.html
c:\program files\iWin Games\gamepage\common.js
c:\program files\iWin Games\gamepage\css\offline.css
c:\program files\iWin Games\gamepage\disconnected-upsell.html
c:\program files\iWin Games\gamepage\end.html
c:\program files\iWin Games\gamepage\expired.html
c:\program files\iWin Games\gamepage\images\alert32x32.gif
c:\program files\iWin Games\gamepage\images\bg_header.gif
c:\program files\iWin Games\gamepage\images\buttons\close-blue-28.gif
c:\program files\iWin Games\gamepage\images\buttons\continue-orange-132.gif
c:\program files\iWin Games\gamepage\images\buttons\yesiwantabackupcd-orange-197.gif
c:\program files\iWin Games\gamepage\images\common\header-bg.gif
c:\program files\iWin Games\gamepage\images\common\header-small-bg.gif
c:\program files\iWin Games\gamepage\images\common\loading.gif
c:\program files\iWin Games\gamepage\images\continuefreetrial-32.gif
c:\program files\iWin Games\gamepage\images\global\logo-invis.gif
c:\program files\iWin Games\gamepage\images\global\logo.gif
c:\program files\iWin Games\gamepage\images\global\page-bg-swirly.gif
c:\program files\iWin Games\gamepage\images\global\page-bg.gif
c:\program files\iWin Games\gamepage\images\global\page-header-small-bg.jpg
c:\program files\iWin Games\gamepage\images\logo.jpg
c:\program files\iWin Games\gamepage\images\misc\blue-bottom-triangle.gif
c:\program files\iWin Games\gamepage\images\misc\information.gif
c:\program files\iWin Games\gamepage\images\ous\divider.gif
c:\program files\iWin Games\gamepage\images\ous\eus.jpg
c:\program files\iWin Games\gamepage\images\ous\hotel-bg.gif
c:\program files\iWin Games\gamepage\images\ous\hotel-iwin.gif
c:\program files\iWin Games\gamepage\images\ous\opal.gif
c:\program files\iWin Games\gamepage\images\ous\opalbox.jpg
c:\program files\iWin Games\gamepage\images\ous\ous-promo-banner.jpg
c:\program files\iWin Games\gamepage\images\plans\plan1.gif
c:\program files\iWin Games\gamepage\images\plans\plan2.gif
c:\program files\iWin Games\gamepage\images\plans\plan3.gif
c:\program files\iWin Games\gamepage\images\product\feature.jpg
c:\program files\iWin Games\gamepage\open.html
c:\program files\iWin Games\gamepage\operationfailed.html
c:\program files\iWin Games\gamepage\scripts\disconnected-upsell.js
c:\program files\iWin Games\gamepage\scripts\popups.js
c:\program files\iWin Games\gamepage\scripts\prototype-1.6.js
c:\program files\iWin Games\gamepage\styles\base.css
c:\program files\iWin Games\gamepage\styles\disconnected-upsell.css
c:\program files\iWin Games\gamepage\styles\shoppingcart.css
c:\program files\iWin Games\gamepage\success.html
c:\program files\iWin Games\host.cfg
c:\program files\iWin Games\iWinGames.exe
c:\program files\iWin Games\iWinInfo.dll
c:\program files\iWin Games\iWinTrusted.exe
c:\program files\iWin Games\pages\alert32x32.gif
c:\program files\iWin Games\pages\arcadeCheck.js
c:\program files\iWin Games\pages\blank.html
c:\program files\iWin Games\pages\blank2.html
c:\program files\iWin Games\pages\error.html
c:\program files\iWin Games\pages\error404.css
c:\program files\iWin Games\pages\iwin_logo.gif
c:\program files\iWin Games\pages\login.html
c:\program files\iWin Games\pages\maintenance.html
c:\program files\iWin Games\pages\offline.css
c:\program files\iWin Games\pages\offline.html
c:\program files\iWin Games\pages\offline.jpg
c:\program files\iWin Games\pages\offline_tag.gif
c:\program files\iWin Games\pages\offlineBg.gif
c:\program files\iWin Games\pages\orange-im-connected-60.gif
c:\program files\iWin Games\pages\terrie404.gif
c:\program files\iWin Games\pages\test.html
c:\program files\iWin Games\sounds\animation.wav
c:\program files\iWin Games\sounds\animationBack.wav
c:\program files\iWin Games\sounds\button_click.wav
c:\program files\iWin Games\sounds\coins.wav
c:\program files\iWin Games\sounds\download_completed.wav
c:\program files\iWin Games\sounds\slidebackin.wav
c:\program files\iWin Games\sounds\slideout.wav
c:\program files\iWin Games\sounds\start.wav
c:\program files\iWin Games\Uninstall.exe
c:\program files\iWin Games\WebInstaller.exe
c:\program files\iWin Games\WebUpdater.bmp
c:\program files\iWin Games\WebUpdater.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_efeia
-------\Service_iWinTrusted

((((((((((((((((((((((((( Files Created from 2010-11-27 to 2010-12-27 )))))))))))))))))))))))))))))))
.
2010-12-27 15:54 . 2010-12-27 16:03 -------- d-----w- c:\users\Jenise\AppData\Local\temp
2010-12-27 15:54 . 2010-12-27 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-20 02:50 . 2010-12-20 19:41 -------- d-----w- c:\users\Public\_copied files
2010-12-19 04:39 . 2010-12-19 04:39 388096 ----a-r- c:\users\Jenise\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-19 04:39 . 2010-12-19 04:39 -------- d-----w- c:\program files\Trend Micro
2010-12-19 01:47 . 2010-12-19 01:47 -------- d-----w- C:\DRIVERS
2010-12-19 01:47 . 2009-08-07 10:17 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-12-18 22:41 . 2010-12-18 22:41 -------- d-----w- c:\users\Jenise\AppData\Local\Mozilla
2010-12-16 17:59 . 2010-12-16 17:59 -------- d-----w- c:\users\Jenise\AppData\Roaming\Malwarebytes
2010-12-16 17:59 . 2010-12-16 17:59 -------- d-----w- c:\programdata\Malwarebytes
2010-12-16 17:59 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-16 17:59 . 2010-12-16 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-16 17:59 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 19:26 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 19:26 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 19:26 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 19:26 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 19:26 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 19:26 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 19:26 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 19:26 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 19:26 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-14 06:36 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2528291C-C288-41DC-BFFC-8A6265B970FF}\mpengine.dll
2010-11-28 13:35 . 2010-11-28 13:35 -------- d-----w- c:\program files\Conduit
2010-11-28 13:35 . 2010-11-28 13:36 -------- d-----w- c:\program files\TVersitybar
2010-11-28 13:31 . 2010-11-28 13:31 -------- d-----w- c:\programdata\TVersity
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2009-10-03 05:33 222080 ------w- c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVe0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\TVersitybar\tbTVe0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVe0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66BD2442-241B-44CD-8C7A-B51037053CDB}"= "c:\program files\TVersitybar\tbTVe0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-05 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-09 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-09 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-09 153624]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2010-7-26 546360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^easy gadget.lnk]
path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\easy gadget.lnk
backup=c:\windows\pss\easy gadget.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fotki Desktop.lnk]
path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fotki Desktop.lnk
backup=c:\windows\pss\Fotki Desktop.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-01 23:53 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-03-17 07:17 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-09-10 02:58 638976 ----a-w- c:\program files\Camera Assistant Software for Gateway\traybar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2008-10-07 20:25 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2007-09-25 09:29 2007088 ----a-w- c:\flashget\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-12-07 18:33 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 14:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-03-01 10:59 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 00:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 20:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
2010-04-14 22:55 4922552 ----a-w- c:\program files\Pando Networks\Pando\pando.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-09-04 00:04 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 17:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmAudio]
2008-08-05 03:22 2701880 ------w- c:\program files\CONEXANT\SmartAudio\SmAudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-05 04:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca8a2e9ce572e0;Google Update Service (gupdate1ca8a2e9ce572e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 133104]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-07 30192]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-27 64160]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-28 717296]
S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-18 102448]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-05-13 51288]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
rsmsvcs REG_MULTI_SZ ntmssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-12-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:53]
2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 15:33]
2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 15:33]
2010-12-27 c:\windows\Tasks\User_Feed_Synchronization-{2BDACF90-D9BF-4D36-A6A6-559313B732D3}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0109&m=m-7347u
uInternet Settings,ProxyOverride = <local>
IE: &Download All with FlashGet - c:\flashget\jc_all.htm
IE: &Download with FlashGet - c:\flashget\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: webkinz.com\www
.
- - - - ORPHANS REMOVED - - - -
AddRemove-iWinArcade - c:\program files\iWin Games\Uninstall.exe

**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Smith Micro\StuffIt\ArcNameService.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\ehome\mcupdate.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-12-27 11:10:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-27 16:10
ComboFix2.txt 2010-12-27 15:11
ComboFix3.txt 2010-12-19 02:57
Pre-Run: 20,246,794,240 bytes free
Post-Run: 20,085,329,920 bytes free
- - End Of File - - E767AA782F189CC0480114632F731BDE
 

DaMasterMoose

Thread Starter
Joined
Dec 18, 2010
Messages
15
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5403
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
12/27/2010 4:22:51 PM
mbam-log-2010-12-27 (16-22-51).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 401796
Time elapsed: 2 hour(s), 25 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 

DaMasterMoose

Thread Starter
Joined
Dec 18, 2010
Messages
15
I ran the eset and it found nothing and there was no threats found to click on. I did not see anything to generate a log to submit.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top