Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random redirect in Firefox, IE


  • This topic is locked This topic is locked
8 replies to this topic

#1 amagerbro82

amagerbro82

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 08 June 2010 - 08:17 PM

Randomly being redirected in Firefox, IE. New tab opens at random (not necessarily on-click) to search page with text from previous Google search, or to a random ad page. Any assistance with this is greatly appreciated! GMER log below, DDS log attached






GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-08 20:33:38
Windows 6.1.7600
Running: y1tqw5xr.exe; Driver: C:UsersRyanAppDataLocalTempuwldqpob.sys


---- System - GMER 1.0.15 ----

SSDT 88713DE8 ZwAlertResumeThread
SSDT 88713EA8 ZwAlertThread
SSDT 886C3910 ZwAllocateVirtualMemory
SSDT 85E07B50 ZwAlpcConnectPort
SSDT 8823E288 ZwAssignProcessToJobObject
SSDT 88235B30 ZwCreateMutant
SSDT 886703B8 ZwCreateSymbolicLinkObject
SSDT 88584E28 ZwCreateThread
SSDT 8823E098 ZwCreateThreadEx
SSDT 8823E368 ZwDebugActiveProcess
SSDT 886BEC50 ZwDuplicateObject
SSDT 886D1C38 ZwFreeVirtualMemory
SSDT 88713C68 ZwImpersonateAnonymousToken
SSDT 88713D28 ZwImpersonateThread
SSDT 85EFFC18 ZwLoadDriver
SSDT 886C24F8 ZwMapViewOfSection
SSDT 88235A70 ZwOpenEvent
SSDT 88687828 ZwOpenProcess
SSDT 886BF0C0 ZwOpenProcessToken
SSDT 88679DF0 ZwOpenSection
SSDT 886BED20 ZwOpenThread
SSDT 8823E198 ZwProtectVirtualMemory
SSDT 886CD320 ZwResumeThread
SSDT 886D1C00 ZwSetContextThread
SSDT 886C87A0 ZwSetInformationProcess
SSDT 8823E008 ZwSetSystemInformation
SSDT 88679ED0 ZwSuspendProcess
SSDT 886C8720 ZwSuspendThread
SSDT 88584F08 ZwTerminateProcess
SSDT 886C5C30 ZwTerminateThread
SSDT 8858E1C0 ZwUnmapViewOfSection
SSDT 88585B78 ZwWriteVirtualMemory

INT 0x1F SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281BAF8
INT 0x37 SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281B104
INT 0xC1 SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281B3F4
INT 0xD1 SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82803634
INT 0xD2 SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82803898
INT 0xDF SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281B1DC
INT 0xE1 SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281B958
INT 0xE3 SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281B6F8
INT 0xFD SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281BF2C
INT 0xFE SystemRootsystem32halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281C1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8286D8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8288D3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 139B 82894668 8 Bytes CALL 2B11B7AA
.text ntoskrnl.exe!KeRemoveQueueEx + 13B3 82894680 4 Bytes [10, 39, 6C, 88]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BF 8289468C 4 Bytes [50, 7B, E0, 85]
.text ntoskrnl.exe!KeRemoveQueueEx + 1413 828946E0 4 Bytes [88, E2, 23, 88]
.text ntoskrnl.exe!KeRemoveQueueEx + 148F 8289475C 4 Bytes [30, 5B, 23, 88]
.text ...
.text C:Windowssystem32DRIVERSatikmdag.sys section is writeable [0x92C2B000, 0x227A14, 0xE8000020]
.text peauth.sys A4CA3C9D 28 Bytes [C4, 14, B6, 65, C1, 97, 8B, ...]
.text peauth.sys A4CA3CC1 28 Bytes [C4, 14, B6, 65, C1, 97, 8B, ...]
PAGE peauth.sys A4CA9E20 101 Bytes [C9, DF, D5, 5C, 18, D7, 87, ...]
PAGE peauth.sys A4CAA02C 102 Bytes [50, 7C, 34, 31, F4, B2, 98, ...]

---- User code sections - GMER 1.0.15 ----

.text C:Windowssystem32svchost.exe[960] ntdll.dll!NtProtectVirtualMemory 77115360 5 Bytes JMP 0023000A
.text C:Windowssystem32svchost.exe[960] ntdll.dll!NtWriteVirtualMemory 77115EE0 5 Bytes JMP 0025000A
.text C:Windowssystem32svchost.exe[960] ntdll.dll!KiUserExceptionDispatcher 77116448 5 Bytes JMP 0022000A
.text C:Windowssystem32svchost.exe[960] ole32.dll!CoCreateInstance 759357FC 5 Bytes JMP 005C000A
.text C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe[2000] ntdll.dll!NtProtectVirtualMemory 77115360 5 Bytes JMP 0023000A
.text C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe[2000] ntdll.dll!NtWriteVirtualMemory 77115EE0 5 Bytes JMP 0025000A
.text C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe[2000] ntdll.dll!KiUserExceptionDispatcher 77116448 5 Bytes JMP 0022000A
.text C:WindowsExplorer.EXE[3644] ntdll.dll!NtProtectVirtualMemory 77115360 5 Bytes JMP 001C000A
.text C:WindowsExplorer.EXE[3644] ntdll.dll!NtWriteVirtualMemory 77115EE0 5 Bytes JMP 001D000A
.text C:WindowsExplorer.EXE[3644] ntdll.dll!KiUserExceptionDispatcher 77116448 5 Bytes JMP 001B000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe[2196] @ C:Windowssystem32SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe[2196] @ C:Windowssystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe[2196] @ C:Windowssystem32USER32.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe[2196] @ C:Windowssystem32ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe[2196] @ C:Windowssystem32CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe[2196] @ C:Windowssystem32WININET.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[3644] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipAlloc] [73E72494] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225cagdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[3644] @ C:WindowsExplorer.EXE [gdiplus.dll!GdiplusStartup] [73E55624] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225cagdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[3644] @ C:WindowsExplorer.EXE [gdiplus.dll!GdiplusShutdown] [73E556E2] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225cagdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[3644] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipFree] [73E7250F] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225cagdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[3644] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E68573] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225cagdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[3644] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipDisposeImage] [73E64D27] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225cagdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[3644] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E650CE] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225cagdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[3644] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E651A3] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225cagdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[3644] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73E666D0] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225cagdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[3644] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E682CA] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225cagdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[3644] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E68819] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225cagdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[3644] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E6907A] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225cagdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[3644] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E6E21D] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225cagdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:WindowsExplorer.EXE[3644] @ C:WindowsExplorer.EXE [gdiplus.dll!GdipCloneImage] [73E64C59] C:WindowsWinSxSx86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225cagdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:Program FilesTiVoDesktopTiVoTransfer.exe[4008] @ C:Windowssystem32USER32.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:Program FilesTiVoDesktopTiVoTransfer.exe[4008] @ C:Windowssystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:Program FilesTiVoDesktopTiVoTransfer.exe[4008] @ C:Windowssystem32ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:Program FilesTiVoDesktopTiVoTransfer.exe[4008] @ C:Windowssystem32SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:Program FilesTiVoDesktopTiVoTransfer.exe[4008] @ C:Windowssystem32CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:Program FilesTiVoDesktopTiVoTransfer.exe[4008] @ C:Windowssystem32WININET.dll [KERNEL32.dll!GetProcAddress] [75145E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device DriverACPI_HAL Device00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice Drivertdx DeviceTcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice Drivervolmgr DeviceHarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice Drivervolmgr DeviceHarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice Drivervolmgr DeviceHarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice Drivervolmgr DeviceHarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice Drivertdx DeviceUdp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice Drivertdx DeviceRawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec

Duplicate post, apologies.

Merged topics then posts so attachment would be present in original topic. ~ OB

Attached Files

  • Attached File  DDS.txt   25.63KB   7 downloads

Edited by amagerbro82, 09 June 2010 - 08:36 AM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:24 PM

Posted 12 June 2010 - 07:21 PM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the "Custom Scans/Fixes" section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
  • Push the button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into the body of your next reply.

~Blade


In your next reply, please include the following:
OTL.txt
Extras.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 amagerbro82

amagerbro82
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 14 June 2010 - 10:18 AM

OTL.txt:


OTL logfile created on: 6/14/2010 8:09:40 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Ryan\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 32.18 Gb Free Space | 43.20% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 182.37 Gb Free Space | 39.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIMROD
Current User Name: Ryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/09 10:39:28 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/13 13:34:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/11/02 13:17:08 | 000,604,888 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
PRC - [2009/11/02 13:17:06 | 002,195,160 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoServer.exe
PRC - [2009/11/02 13:17:04 | 000,430,808 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoNotify.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/17 19:08:08 | 000,045,603 | ---- | M] (The Pidgin developer community) -- C:\Program Files\Pidgin\pidgin.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/02 16:59:08 | 001,457,152 | ---- | M] (Phoenix Labs) -- C:\Program Files\PeerGuardian2\pg2.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2010/06/09 10:39:28 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/01 10:37:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe -- (NAV)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/13 13:34:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/02 13:17:00 | 001,098,968 | ---- | M] (TiVo Inc.) [Disabled | Stopped] -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)


========== Driver Services (SafeList) ==========

DRV - [2010/05/28 15:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100604.004\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/27 00:24:01 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/27 00:24:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/20 14:33:55 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100608.056\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/20 14:33:54 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100608.056\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/20 14:10:39 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1107000.00C\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 17:46:04 | 000,537,136 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1107000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1107000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1107000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1107000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/01/29 02:03:58 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/14 12:56:16 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/29 20:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1107000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/08/05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-735432975-4119433706-3575066661-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-735432975-4119433706-3575066661-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-735432975-4119433706-3575066661-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-735432975-4119433706-3575066661-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-735432975-4119433706-3575066661-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D 91 BB AA 57 07 CB 01 [binary data]
IE - HKU\S-1-5-21-735432975-4119433706-3575066661-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-735432975-4119433706-3575066661-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-735432975-4119433706-3575066661-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-735432975-4119433706-3575066661-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-735432975-4119433706-3575066661-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/25 22:01:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010/06/01 12:12:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/24 08:57:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/09 10:44:43 | 000,000,000 | ---D | M]

[2009/11/01 10:37:40 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2010/06/09 10:44:26 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fvhgfth5.default\extensions
[2010/01/07 12:47:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fvhgfth5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/14 09:46:47 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fvhgfth5.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/09 10:44:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fvhgfth5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/09 10:44:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/02 22:38:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/02 22:37:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/08 10:30:42 | 000,000,916 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-735432975-4119433706-3575066661-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKU\S-1-5-21-735432975-4119433706-3575066661-1001..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKU\S-1-5-21-735432975-4119433706-3575066661-1001..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-735432975-4119433706-3575066661-1001..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-735432975-4119433706-3575066661-1001..\Run: [TivoTransfer] C:\Program Files\TiVo\Desktop\TiVoTransfer.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-735432975-4119433706-3575066661-1001..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe ()
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-735432975-4119433706-3575066661-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-735432975-4119433706-3575066661-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plu...Detection32.cab (Device Detection)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 22:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/14 08:08:26 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2010/06/09 10:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/06/09 10:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/06/09 10:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/06/09 10:40:26 | 000,207,952 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Ryan\Desktop\uninstall_flash_player.exe
[2010/06/08 21:16:06 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\HPAppData
[2010/06/08 20:35:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/06/08 11:37:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Updater5
[2010/06/08 10:09:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Adobe_Acrobat_Pro_Extended_v9.x_by_CORE
[2010/06/07 18:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/06/07 18:29:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/07 18:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/07 18:21:07 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HJTInstall.exe
[2010/06/07 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Adobe Acrobat 9.0 Pro
[2010/06/04 11:06:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\My Scans
[2010/06/04 09:14:00 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Autoruns3
[2010/06/03 19:33:50 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\ProcessExplorer
[2010/06/03 14:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/06/02 22:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/06/02 22:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/02 22:38:01 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/06/02 22:38:01 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/06/02 22:38:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/06/02 22:38:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/06/02 22:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/26 21:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/24 19:17:27 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1107000.00C\symtdiv.sys
[2010/05/24 19:17:26 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1107000.00C\cchpx86.sys
[2010/05/24 19:17:26 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1107000.00C\symds.sys
[2010/05/24 19:17:26 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1107000.00C\srtsp.sys
[2010/05/24 19:17:26 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1107000.00C\symefa.sys
[2010/05/24 19:17:26 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1107000.00C\ironx86.sys
[2010/05/24 19:17:26 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1107000.00C\srtspx.sys
[2010/05/24 19:17:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1107000.00C
[2010/05/24 08:50:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Google
[2010/05/21 19:26:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Audacity
[2010/05/21 19:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2010/05/21 19:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/05/21 08:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/05/21 08:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/21 08:24:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Deployment
[2010/05/21 08:24:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Apps
[2010/05/20 14:12:16 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/05/20 14:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/05/20 14:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/05/20 14:10:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2010/05/20 14:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010/05/20 14:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/05/20 14:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/17 09:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\Real

========== Files - Modified Within 30 Days ==========

[2010/06/14 08:39:34 | 002,621,440 | -HS- | M] () -- C:\Users\Ryan\ntuser.dat
[2010/06/14 08:04:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/09 10:58:09 | 000,000,278 | ---- | M] () -- C:\Users\Ryan\Desktop\jd-gui.cfg
[2010/06/09 10:52:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/09 10:51:35 | 000,380,701 | ---- | M] () -- C:\Users\Ryan\Desktop\Office 2010 Activation Patch.exe
[2010/06/09 10:45:47 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/06/09 10:45:47 | 000,001,882 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/06/09 10:39:28 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2010/06/09 07:13:37 | 006,358,904 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1107000.00C\Cat.DB
[2010/06/08 20:59:59 | 2414,473,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/08 20:59:08 | 001,092,203 | -H-- | M] () -- C:\Users\Ryan\AppData\Local\IconCache.db
[2010/06/08 20:57:52 | 000,000,020 | ---- | M] () -- C:\Users\Ryan\defogger_reenable
[2010/06/08 20:35:13 | 529,632,889 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/08 19:28:48 | 002,524,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/08 19:22:38 | 000,293,376 | ---- | M] () -- C:\Users\Ryan\Desktop\y1tqw5xr.exe
[2010/06/08 18:31:24 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/06/08 18:13:26 | 000,109,032 | ---- | M] () -- C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/08 11:45:39 | 000,319,204 | ---- | M] () -- C:\Users\Ryan\Desktop\gc-7.pdf
[2010/06/08 11:33:58 | 000,002,061 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010/06/08 11:33:58 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
[2010/06/08 11:33:56 | 000,002,459 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/06/08 10:30:42 | 000,000,916 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/08 10:09:04 | 000,093,564 | ---- | M] () -- C:\Users\Ryan\Desktop\Adobe_Acrobat_Pro_Extended_v9.x_by_CORE.zip
[2010/06/07 18:21:27 | 000,002,039 | ---- | M] () -- C:\Users\Ryan\Desktop\HijackThis.lnk
[2010/06/07 16:20:17 | 003,704,271 | ---- | M] () -- C:\Users\Ryan\Desktop\ComboFix.exe
[2010/06/04 14:22:51 | 001,097,487 | ---- | M] () -- C:\Users\Ryan\Desktop\Dinka & EDX - Elements (Ross Brabz Summer Bootleg).mp3.part
[2010/06/04 11:10:10 | 000,255,905 | ---- | M] () -- C:\Users\Ryan\Desktop\scan0001.pdf
[2010/06/04 10:40:36 | 015,660,323 | ---- | M] () -- C:\Users\Ryan\Desktop\Bag It Up (Bold & Beautiful Glamour.mp3
[2010/06/04 09:47:45 | 000,742,498 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/06/04 09:47:45 | 000,741,544 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2010/06/04 09:47:45 | 000,738,900 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010/06/04 09:47:45 | 000,737,554 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2010/06/04 09:47:45 | 000,737,186 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2010/06/04 09:47:45 | 000,727,628 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2010/06/04 09:47:45 | 000,724,276 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2010/06/04 09:47:45 | 000,712,014 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2010/06/04 09:47:45 | 000,680,764 | ---- | M] () -- C:\Windows\System32\perfh00E.dat
[2010/06/04 09:47:45 | 000,666,810 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2010/06/04 09:47:45 | 000,659,302 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2010/06/04 09:47:45 | 000,497,596 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2010/06/04 09:47:45 | 000,482,444 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2010/06/04 09:47:45 | 000,452,522 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2010/06/04 09:47:45 | 000,441,090 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2010/06/04 09:47:45 | 000,428,842 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2010/06/04 09:47:45 | 000,412,872 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2010/06/04 09:47:45 | 000,404,218 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2010/06/04 09:47:45 | 000,162,696 | ---- | M] () -- C:\Windows\System32\perfc00E.dat
[2010/06/04 09:47:45 | 000,152,118 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2010/06/04 09:47:45 | 000,149,646 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2010/06/04 09:47:45 | 000,149,000 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2010/06/04 09:47:45 | 000,148,022 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010/06/04 09:47:45 | 000,147,306 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2010/06/04 09:47:45 | 000,145,484 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/06/04 09:47:45 | 000,143,336 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2010/06/04 09:47:45 | 000,142,420 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2010/06/04 09:47:45 | 000,139,062 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2010/06/04 09:47:45 | 000,136,614 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2010/06/04 09:47:45 | 000,121,982 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2010/06/04 09:47:45 | 000,120,270 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2010/06/04 09:47:45 | 000,119,842 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2010/06/04 09:47:45 | 000,114,928 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2010/06/04 09:47:45 | 000,097,004 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2010/06/04 09:47:45 | 000,092,416 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2010/06/04 09:47:45 | 000,084,688 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2010/06/04 09:47:44 | 017,476,204 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/04 09:47:44 | 000,691,080 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/06/04 09:47:44 | 000,672,056 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010/06/04 09:47:44 | 000,664,734 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/04 09:47:44 | 000,598,696 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2010/06/04 09:47:44 | 000,510,668 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2010/06/04 09:47:44 | 000,484,562 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2010/06/04 09:47:44 | 000,144,342 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/06/04 09:47:44 | 000,137,098 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010/06/04 09:47:44 | 000,121,982 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/04 09:47:44 | 000,104,334 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2010/06/04 09:47:44 | 000,095,034 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2010/06/04 09:47:44 | 000,094,578 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2010/06/04 09:11:59 | 000,000,422 | ---- | M] () -- C:\Windows\win.ini
[2010/06/03 14:57:42 | 002,770,944 | ---- | M] () -- C:\Users\Ryan\Desktop\2.avi
[2010/06/03 14:57:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/03 14:57:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/03 14:51:53 | 003,804,672 | ---- | M] () -- C:\Users\Ryan\Desktop\test.avi
[2010/06/03 14:51:12 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010/06/03 14:50:41 | 001,364,995 | ---- | M] () -- C:\Users\Ryan\Desktop\Camstudio2-0.exe
[2010/06/03 14:50:34 | 001,359,301 | ---- | M] () -- C:\Users\Ryan\Desktop\Camstudio-2.0-w32.zip
[2010/06/02 22:37:29 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/06/02 22:37:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/06/02 22:37:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/06/02 22:37:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/06/01 15:25:22 | 000,000,000 | -H-- | M] () -- C:\Users\Ryan\Documents\Default.rdp
[2010/06/01 10:21:12 | 000,128,959 | ---- | M] () -- C:\Users\Ryan\Desktop\Office (2).zip
[2010/06/01 08:59:29 | 000,128,959 | ---- | M] () -- C:\Users\Ryan\Desktop\Office
[2010/06/01 08:58:40 | 000,128,959 | ---- | M] () -- C:\Users\Ryan\Desktop\Office.zip
[2010/05/28 07:57:13 | 000,002,238 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/05/25 12:45:05 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/05/24 08:57:39 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/21 19:25:54 | 000,001,012 | ---- | M] () -- C:\Users\Ryan\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/05/21 19:25:35 | 000,001,095 | ---- | M] () -- C:\Users\Ryan\Desktop\Adobe Photoshop CS4.lnk
[2010/05/20 14:10:39 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/05/20 14:10:39 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/05/20 14:10:39 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/05/19 18:25:45 | 001,988,679 | ---- | M] () -- C:\Users\Ryan\Desktop\2010 Cheat Sheet.pdf
[2010/05/19 12:46:51 | 000,012,848 | ---- | M] () -- C:\Users\Ryan\Documents\UPS.docx

========== Files Created - No Company Name ==========

[2010/06/09 10:58:09 | 000,000,278 | ---- | C] () -- C:\Users\Ryan\Desktop\jd-gui.cfg
[2010/06/09 10:47:31 | 000,702,291 | ---- | C] () -- C:\Users\Ryan\Desktop\jd-gui-0.3.2.windows.zip
[2010/06/09 10:45:47 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/06/09 10:45:47 | 000,001,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/06/08 20:57:34 | 000,000,020 | ---- | C] () -- C:\Users\Ryan\defogger_reenable
[2010/06/08 20:35:13 | 529,632,889 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/08 19:24:18 | 000,525,824 | ---- | C] () -- C:\Users\Ryan\Desktop\dds.scr
[2010/06/08 19:24:09 | 000,050,477 | ---- | C] () -- C:\Users\Ryan\Desktop\Defogger.exe
[2010/06/08 19:22:38 | 000,293,376 | ---- | C] () -- C:\Users\Ryan\Desktop\y1tqw5xr.exe
[2010/06/08 11:33:58 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010/06/08 11:33:57 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
[2010/06/08 11:33:56 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/06/08 10:09:05 | 000,093,564 | ---- | C] () -- C:\Users\Ryan\Desktop\Adobe_Acrobat_Pro_Extended_v9.x_by_CORE.zip
[2010/06/07 18:21:27 | 000,002,039 | ---- | C] () -- C:\Users\Ryan\Desktop\HijackThis.lnk
[2010/06/07 18:20:36 | 003,704,271 | ---- | C] () -- C:\Users\Ryan\Desktop\ComboFix.exe
[2010/06/04 11:10:17 | 000,255,905 | ---- | C] () -- C:\Users\Ryan\Desktop\scan0001.pdf
[2010/06/04 10:44:05 | 001,097,487 | ---- | C] () -- C:\Users\Ryan\Desktop\Dinka & EDX - Elements (Ross Brabz Summer Bootleg).mp3.part
[2010/06/04 10:40:36 | 015,660,323 | ---- | C] () -- C:\Users\Ryan\Desktop\Bag It Up (Bold & Beautiful Glamour.mp3
[2010/06/03 19:33:36 | 001,728,943 | ---- | C] () -- C:\Users\Ryan\Desktop\ProcessExplorer.zip
[2010/06/03 14:57:46 | 002,770,944 | ---- | C] () -- C:\Users\Ryan\Desktop\2.avi
[2010/06/03 14:57:25 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/06/03 14:57:25 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/06/03 14:52:02 | 003,804,672 | ---- | C] () -- C:\Users\Ryan\Desktop\test.avi
[2010/06/03 14:51:11 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010/06/03 14:50:32 | 001,359,301 | ---- | C] () -- C:\Users\Ryan\Desktop\Camstudio-2.0-w32.zip
[2010/06/01 15:25:22 | 000,000,000 | -H-- | C] () -- C:\Users\Ryan\Documents\Default.rdp
[2010/06/01 10:21:11 | 000,128,959 | ---- | C] () -- C:\Users\Ryan\Desktop\Office (2).zip
[2010/06/01 08:59:29 | 000,128,959 | ---- | C] () -- C:\Users\Ryan\Desktop\Office
[2010/06/01 08:58:39 | 000,128,959 | ---- | C] () -- C:\Users\Ryan\Desktop\Office.zip
[2010/05/28 07:55:29 | 006,358,904 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\Cat.DB
[2010/05/26 21:30:05 | 016,170,151 | ---- | C] () -- C:\Users\Ryan\Desktop\TiVoDesktop2.5.1.exe
[2010/05/24 19:17:27 | 000,007,787 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\symnetv.cat
[2010/05/24 19:17:27 | 000,007,368 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\symnet.cat
[2010/05/24 19:17:27 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\symnetv.inf
[2010/05/24 19:17:27 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\symnet.inf
[2010/05/24 19:17:26 | 000,007,873 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\symefa.cat
[2010/05/24 19:17:26 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\srtspx.cat
[2010/05/24 19:17:26 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\srtsp.cat
[2010/05/24 19:17:26 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\iron.cat
[2010/05/24 19:17:26 | 000,007,425 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\symds.cat
[2010/05/24 19:17:26 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\cchpx86.cat
[2010/05/24 19:17:26 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\symefa.inf
[2010/05/24 19:17:26 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\symds.inf
[2010/05/24 19:17:26 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\cchpx86.inf
[2010/05/24 19:17:26 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\srtspx.inf
[2010/05/24 19:17:26 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\srtsp.inf
[2010/05/24 19:17:26 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\iron.inf
[2010/05/24 19:17:12 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1107000.00C\isolate.ini
[2010/05/24 08:57:39 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/21 19:25:54 | 000,001,012 | ---- | C] () -- C:\Users\Ryan\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/05/21 19:25:35 | 000,001,095 | ---- | C] () -- C:\Users\Ryan\Desktop\Adobe Photoshop CS4.lnk
[2010/05/20 14:12:16 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/05/20 14:12:16 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/05/20 14:10:31 | 000,002,238 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/05/19 18:25:42 | 001,988,679 | ---- | C] () -- C:\Users\Ryan\Desktop\2010 Cheat Sheet.pdf
[2010/05/19 12:46:50 | 000,012,848 | ---- | C] () -- C:\Users\Ryan\Documents\UPS.docx
[2009/11/17 11:41:38 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/16 12:03:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/11/01 11:18:04 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/11/01 11:18:04 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/11/01 11:18:02 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/01 11:18:02 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/11/01 11:18:01 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/11/01 11:18:00 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/11/01 11:17:59 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/06/14 08:38:31 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\.purple
[2009/11/17 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\acccore
[2010/05/21 21:07:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Audacity
[2010/05/28 07:51:12 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Azureus
[2009/11/16 12:44:33 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\DAEMON Tools Lite
[2010/04/27 11:16:46 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\gtk-2.0
[2009/11/10 16:01:32 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Leadertech
[2010/01/06 10:29:10 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\LegalSounds
[2009/11/16 12:39:55 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Notepad++
[2010/01/03 17:38:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Tific
[2010/06/14 08:37:31 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\uTorrent
[2010/06/09 10:51:17 | 000,016,114 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< End of report >





----------------------------------------------------------------------




Extras.txt:


OTL Extras logfile created on: 6/14/2010 8:09:40 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Ryan\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 32.18 Gb Free Space | 43.20% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 182.37 Gb Free Space | 39.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIMROD
Current User Name: Ryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-735432975-4119433706-3575066661-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop 2.8
"{4FB120F8-622C-4260-AB49-0F43A59CCF2A}" = iTunes
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.1
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{7ff90460-89b7-435b-b583-b37b2815ccc7}" = Python 3.1.1
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8E6252A1-7ECB-4A0F-B2C9-798ABC288131}" = Maximized Software TiViTunes
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CADD6FD0-1C07-4C22-B4F7-40ECE46546CC}" = UltraEdit 15.20
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2DC2589-C894-43DD-BA70-8FDCA7360584}" = 5600
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"bot-sentry" = Bot Sentry 1.3.0 (remove only)
"CamStudio" = CamStudio
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.3.0
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LegalSounds Music Downloader_is1" = LegalSounds Music Downloader 1.4
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NAV" = Norton AntiVirus
"Notepad++" = Notepad++
"PeerGuardian_is1" = PeerGuardian 2.0
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/9/2010 11:41:01 AM | Computer Name = Nimrod | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13182

Error - 6/9/2010 11:41:01 AM | Computer Name = Nimrod | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13182

Error - 6/14/2010 9:46:09 AM | Computer Name = Nimrod | Source = Bonjour Service | ID = 100
Description = 476: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/14/2010 9:46:09 AM | Computer Name = Nimrod | Source = Bonjour Service | ID = 100
Description = 480: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/14/2010 9:46:09 AM | Computer Name = Nimrod | Source = Bonjour Service | ID = 100
Description = 488: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/14/2010 9:46:09 AM | Computer Name = Nimrod | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/14/2010 9:49:11 AM | Computer Name = Nimrod | Source = Bonjour Service | ID = 100
Description = 496: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/14/2010 9:49:11 AM | Computer Name = Nimrod | Source = Bonjour Service | ID = 100
Description = 448: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/14/2010 9:49:11 AM | Computer Name = Nimrod | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/14/2010 9:49:11 AM | Computer Name = Nimrod | Source = Bonjour Service | ID = 100
Description = 492: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 6/14/2010 8:14:05 AM | Computer Name = Nimrod | Source = DCOM | ID = 10001
Description =

Error - 6/14/2010 8:38:15 AM | Computer Name = Nimrod | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NAV service.

Error - 6/14/2010 8:38:46 AM | Computer Name = Nimrod | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NAV service.

Error - 6/14/2010 8:39:18 AM | Computer Name = Nimrod | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NAV service.

Error - 6/14/2010 8:39:49 AM | Computer Name = Nimrod | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NAV service.

Error - 6/14/2010 9:44:37 AM | Computer Name = Nimrod | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 6/14/2010 9:59:14 AM | Computer Name = Nimrod | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NAV service.

Error - 6/14/2010 9:59:44 AM | Computer Name = Nimrod | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NAV service.

Error - 6/14/2010 10:00:14 AM | Computer Name = Nimrod | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NAV service.

Error - 6/14/2010 10:00:44 AM | Computer Name = Nimrod | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NAV service.


< End of report >


#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:24 PM

Posted 15 June 2010 - 09:05 AM

Hello.

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double click on renamed.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
ComboFix Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 amagerbro82

amagerbro82
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 15 June 2010 - 10:25 AM

ComboFix:

ComboFix 10-06-14.03 - Ryan 06/15/2010 10:38:55.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1642 [GMT -4:00]
Running from: c:\users\Ryan\Desktop\renamed.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\%appdata%
c:\windows\system32\ActNAV_cltDynam.dat
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif

.
((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))
.

2010-06-15 14:54 . 2010-06-15 15:05 -------- d-----w- c:\users\Ryan\AppData\Local\temp
2010-06-15 14:54 . 2010-06-15 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-07 22:21 . 2010-06-07 22:21 -------- d-----w- c:\program files\Trend Micro
2010-06-03 18:51 . 2010-06-03 23:08 -------- d-----w- c:\program files\CamStudio
2010-06-03 02:38 . 2010-06-03 02:38 -------- d-----w- c:\program files\Common Files\Java
2010-06-03 02:38 . 2010-06-03 02:37 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-03 02:37 . 2010-06-03 02:37 -------- d-----w- c:\program files\Java
2010-05-27 01:31 . 2010-05-27 01:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-24 12:50 . 2010-05-24 12:50 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Google
2010-05-21 23:26 . 2010-05-22 01:07 -------- d-----w- c:\users\Ryan\AppData\Roaming\Audacity
2010-05-21 23:26 . 2010-05-21 23:26 -------- d-----w- c:\program files\Lame for Audacity
2010-05-21 23:25 . 2010-05-21 23:25 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-05-21 12:40 . 2010-05-21 12:40 -------- d-----w- c:\program files\Adobe Media Player
2010-05-21 12:39 . 2010-05-21 12:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-21 12:24 . 2010-05-21 12:25 -------- d-----w- c:\users\Ryan\AppData\Local\Deployment
2010-05-21 12:24 . 2010-05-21 12:24 -------- d-----w- c:\users\Ryan\AppData\Local\Apps
2010-05-20 18:12 . 2010-05-20 18:10 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-20 18:10 . 2010-05-20 18:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-20 18:10 . 2010-05-20 18:12 -------- d-----w- c:\program files\Symantec
2010-05-20 18:10 . 2010-05-28 11:58 -------- d-----w- c:\windows\system32\drivers\NAV
2010-05-20 18:10 . 2010-05-20 18:10 -------- d-----w- c:\program files\Norton AntiVirus
2010-05-20 18:10 . 2010-05-20 19:21 -------- d-----w- c:\programdata\Norton
2010-05-20 18:09 . 2010-05-20 18:09 -------- d-----w- c:\program files\NortonInstaller
2010-05-17 13:18 . 2010-05-17 13:18 -------- d-----w- c:\program files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 15:08 . 2009-11-14 14:35 -------- d-----w- c:\program files\PeerGuardian2
2010-06-15 14:51 . 2009-11-01 14:49 -------- d-----w- c:\users\Ryan\AppData\Roaming\.purple
2010-06-15 14:48 . 2009-11-17 18:05 -------- d-----w- c:\users\Ryan\AppData\Roaming\Skype
2010-06-15 13:59 . 2010-06-15 13:59 -------- d-----w- c:\users\Ryan\AppData\Roaming\HPAppData
2010-06-15 12:08 . 2010-06-09 14:45 -------- d-----w- c:\program files\McAfee Security Scan
2010-06-14 12:37 . 2009-11-01 14:58 -------- d-----w- c:\users\Ryan\AppData\Roaming\uTorrent
2010-06-09 14:45 . 2010-06-09 14:45 -------- d-----w- c:\programdata\McAfee
2010-06-09 14:45 . 2010-06-09 14:45 -------- d-----w- c:\programdata\McAfee Security Scan
2010-06-08 22:31 . 2010-02-06 00:43 -------- d-----w- c:\program files\Safari
2010-06-08 22:13 . 2009-11-17 19:43 109032 ----a-w- c:\users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-08 15:45 . 2010-02-27 19:04 -------- d-----w- c:\users\Ryan\AppData\Roaming\vlc
2010-06-08 15:38 . 2009-11-14 20:09 -------- d-----w- c:\programdata\FLEXnet
2010-06-08 15:32 . 2009-11-14 19:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-08 13:13 . 2009-11-17 15:02 -------- d-----w- c:\program files\Yahoo!
2010-06-08 13:13 . 2009-11-17 15:04 -------- d-----w- c:\program files\Google
2010-06-07 22:43 . 2009-11-18 13:48 -------- d-----w- c:\program files\Growl for Windows
2010-06-04 13:19 . 2009-11-14 19:20 -------- d-----w- c:\programdata\Microsoft Help
2010-06-04 13:16 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-06-01 12:07 . 2009-11-25 16:45 -------- d-----w- c:\users\Ryan\AppData\Roaming\HpUpdate
2010-05-28 11:51 . 2009-11-14 14:38 -------- d-----w- c:\users\Ryan\AppData\Roaming\Azureus
2010-05-25 16:45 . 2009-11-14 14:37 -------- d-----w- c:\program files\Vuze
2010-05-22 13:26 . 2009-11-17 14:51 -------- d-----w- c:\program files\HP
2010-05-20 20:24 . 2009-11-10 14:25 -------- d-----w- c:\programdata\NortonInstaller
2010-05-20 18:10 . 2010-05-20 18:12 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-20 18:10 . 2010-05-20 18:12 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-17 10:39 . 2009-11-01 14:58 -------- d-----w- c:\program files\uTorrent
2010-05-14 13:34 . 2010-05-14 13:34 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-13 07:06 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-04 21:42 . 2010-05-04 21:35 -------- d-----w- c:\program files\SharePod
2010-04-27 21:43 . 2010-04-27 21:43 -------- d-----w- c:\program files\iTunes
2010-04-27 21:43 . 2010-04-27 21:43 -------- d-----w- c:\program files\iPod
2010-04-27 21:43 . 2009-11-01 15:28 -------- d-----w- c:\program files\Common Files\Apple
2010-04-27 21:38 . 2009-11-01 15:29 -------- d-----w- c:\program files\Bonjour
2010-04-27 15:16 . 2009-11-10 16:42 -------- d-----w- c:\users\Ryan\AppData\Roaming\gtk-2.0
2010-04-16 23:53 . 2010-04-16 23:53 -------- d-----w- c:\program files\Maximized Software
2010-04-16 23:39 . 2010-04-16 23:39 -------- d-----w- c:\programdata\TiVo
2010-04-16 23:39 . 2010-04-16 23:39 -------- d-----w- c:\program files\TiVo
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

------- Sigcheck -------

[-] 2010-03-01 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 1457152]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2009-11-02 2195160]
"TivoTransfer"="c:\program files\TiVo\Desktop\TiVoTransfer.exe" [2009-11-02 604888]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2009-11-02 430808]
"TranscodingService"="c:\program files\TiVo\Desktop\Plus\\TranscodingService.exe" [2009-11-02 856280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2010-6-8 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-01 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-14 691696]
R4 TivoBeacon2;TiVo Beacon Service;c:\program files\TiVo\Desktop\TiVoBeacon.exe [2009-11-02 1098968]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100604.004\IDSvix86.sys [2010-05-28 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAV\1107000.00C\SYMTDIV.SYS [2010-05-06 339504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100522.001\BHDrvx86.sys [2010-05-22 691248]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 30576]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\fvhgfth5.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85F40AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84ecae88
QueryNameProcedure -> 0x84eca018
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-06-15 11:23:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-15 15:23

Pre-Run: 34,301,480,960 bytes free
Post-Run: 34,083,405,824 bytes free

- - End Of File - - 014C33C06A038312B8EFFA3119907D9A


#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:24 PM

Posted 18 June 2010 - 01:07 AM

Hello.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link--> Virustotal

When the VirusTotal page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\windows\System32\user32.dll

Please post back the URL of the results page for each file in your next post.

If VirusTotal is busy, try the same at Jotti

~Blade


In your next reply, please include the following:
VirusTotal logs

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 amagerbro82

amagerbro82
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 18 June 2010 - 12:25 PM




File user32.dll received on 2010.06.08 14:40:42 (UTC)
Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.08 -
AhnLab-V3 2010.06.08.06 2010.06.08 -
AntiVir 8.2.2.6 2010.06.08 -
Antiy-AVL 2.0.3.7 2010.06.08 -
Authentium 5.2.0.5 2010.06.08 -
Avast 4.8.1351.0 2010.06.08 -
Avast5 5.0.332.0 2010.06.08 -
AVG 9.0.0.787 2010.06.08 -
BitDefender 7.2 2010.06.08 -
CAT-QuickHeal 10.00 2010.06.08 -
ClamAV 0.96.0.3-git 2010.06.08 -
Comodo 5028 2010.06.08 -
DrWeb 5.0.2.03300 2010.06.08 -
eSafe 7.0.17.0 2010.06.06 -
eTrust-Vet 36.1.7618 2010.06.08 -
F-Prot 4.6.0.103 2010.06.08 -
F-Secure 9.0.15370.0 2010.06.08 -
Fortinet 4.1.133.0 2010.06.08 -
GData 21 2010.06.08 -
Ikarus T3.1.1.84.0 2010.06.08 -
Jiangmin 13.0.900 2010.06.08 -
Kaspersky 7.0.0.125 2010.06.08 -
McAfee 5.400.0.1158 2010.06.08 -
McAfee-GW-Edition 2010.1 2010.06.08 -
Microsoft 1.5802 2010.06.08 -
NOD32 5182 2010.06.08 -
Norman 6.04.12 2010.06.07 -
nProtect 2010-06-08.01 2010.06.08 -
Panda 10.0.2.7 2010.06.07 -
PCTools 7.0.3.5 2010.06.08 -
Rising 22.51.01.04 2010.06.08 -
Sophos 4.53.0 2010.06.08 -
Sunbelt 6418 2010.06.08 -
Symantec 20101.1.0.89 2010.06.08 -
TheHacker 6.5.2.0.295 2010.06.08 -
TrendMicro 9.120.0.1004 2010.06.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.08 -
VBA32 3.12.12.5 2010.06.08 -
ViRobot 2010.6.8.2343 2010.06.08 -
VirusBuster 5.0.27.0 2010.06.07 -
Additional information
File&nbsp;size: 811520 bytes
MD5&nbsp;&nbsp;&nbsp;: 7bd7f45ff37fa0669cd32ca0ef46e22c
SHA1&nbsp;&nbsp;: 03c47973f52800a6ae21f1a5992e331b4a9b2837
SHA256: 88cf562d5f8c803a4ff8db28c355073c58be6c02ce950149584749d2d72cc6de
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x1F7C9<br> timedatestamp.....: 0x4A5BDB2F (Tue Jul 14 03:11:11 2009)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 4 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x6772F 0x67800 6.64 666f00ea11895893c60fedc6b1b331a6<br>.data 0x69000 0xF60 0x1000 1.75 a0266837467b196f479d1fca528ab23f<br>.rsrc 0x6A000 0x5A278 0x5A400 5.52 b32b75abdd1619519099bacc5ab208d9<br>.reloc 0xC5000 0x30A0 0x3200 6.69 339948e7d9261a997c94b586ec076ef2<br> <br> ( 3 imports )<br> <br>&gt; gdi32.dll: CreateFontIndirectW, GetClipRgn, ExtSelectClipRgn, GetHFONT, GetMapMode, SetGraphicsMode, GetClipBox, CreateRectRgn, CreateRectRgnIndirect, SetLayout, GetBoundsRect, ExcludeClipRect, PlayEnhMetaFile, Ellipse, CreateEllipticRgn, GdiFixUpHandle, CreatePen, Rectangle, GetTextCharacterExtra, SetTextCharacterExtra, GetCurrentObject, GetViewportOrgEx, SetViewportOrgEx, PolyPatBlt, CreateBrushIndirect, SetBoundsRect, CopyEnhMetaFileW, CopyMetaFileW, GetPaletteEntries, CreatePalette, SetPaletteEntries, GetPixel, ExtTextOutA, GetTextCharsetInfo, QueryFontAssocStatus, GetCharWidthInfo, GetCharWidthA, GetTextFaceW, GetCharABCWidthsA, GetCharABCWidthsW, SetBrushOrgEx, EnumFontsW, GetTextFaceAliasW, GetTextMetricsW, GetTextColor, GdiGetCodePage, GetTextCharset, GetBkMode, GetViewportExtEx, GetWindowExtEx, GdiGetCharDimensions, GdiPrinterThunk, GdiLoadType1Fonts, GdiAddFontResourceW, TranslateCharsetInfo, SaveDC, OffsetWindowOrgEx, RestoreDC, ExtTextOutW, GetDIBits, CreateDIBSection, SetStretchBltMode, SelectPalette, RealizePalette, SetDIBits, CreateDCW, CreateDIBitmap, CreateCompatibleBitmap, SetBitmapBits, DeleteDC, GdiValidateHandle, GdiDllInitialize, GdiProcessSetup, GetStockObject, CreateSolidBrush, CreateCompatibleDC, GdiConvertBitmapV5, GdiCreateLocalEnhMetaFile, GdiCreateLocalMetaFilePict, GetRgnBox, CombineRgn, OffsetRgn, MirrorRgn, EnableEUDC, GdiConvertToDevmodeW, GetTextExtentPointA, GetTextExtentPointW, CreateBitmap, SetLayoutWidth, PatBlt, TextOutA, TextOutW, SetTextAlign, GetTextAlign, IntersectClipRect, SelectObject, SetBkMode, GetBkColor, GetObjectW, SetTextColor, SetBkColor, GetLayout, StretchDIBits, GetDeviceCaps, GetDIBColorTable, GdiGetBitmapBitsSize, DeleteObject, DeleteMetaFile, DeleteEnhMetaFile, GdiConvertMetaFilePict, GdiConvertEnhMetaFile, GdiReleaseDC, StretchBlt, GetObjectType, GdiConvertAndCheckDC, SetRectRgn, BitBlt<br>&gt; kernel32.dll: SetLastError, InterlockedDecrement, InterlockedIncrement, GetACP, LocalReAlloc, LocalLock, LocalUnlock, LocalSize, LoadAppInitDlls, GetCurrentThreadId, GetModuleHandleW, QueryActCtxSettingsW, RegisterWaitForInputIdle, SizeofResource, LoadResource, LoadStringBaseExW, FindResourceExW, FindResourceExA, DisableThreadLibraryCalls, IsDBCSLeadByteEx, GetSystemDirectoryW, SearchPathW, ExpandEnvironmentStringsW, LoadLibraryExW, GlobalAddAtomW, GetCurrentProcess, GetCurrentThread, ExitThread, GetExitCodeThread, CreateThread, GlobalHandle, FoldStringW, Sleep, GetStringTypeW, GetStringTypeA, GetCPInfo, CompareStringW, FindResourceW, CloseHandle, ReadFile, SetFileTime, EnumResourceNamesExW, CreateProcessW, GetSystemWindowsDirectoryW, AddAtomA, AddAtomW, GetAtomNameA, GetAtomNameW, IsValidLocale, ConvertDefaultLocale, GetCurrentDirectoryW, SetCurrentDirectoryW, lstrlenW, GetLogicalDrives, FindClose, FindNextFileW, FindFirstFileW, GetThreadLocale, MulDiv, ProcessIdToSessionId, GetCurrentProcessId, WerpNotifyUseStringResource, InterlockedCompareExchange, IsDBCSLeadByte, GetVersionExW, RegQueryValueExW, RegOpenKeyExW, RegEnumValueW, RegQueryInfoKeyW, GetSystemDefaultLangID, WerpNotifyLoadStringResource, UnmapViewOfFile, GetFileSize, MapViewOfFile, CreateFileMappingW, LCMapStringW, QueryPerformanceCounter, QueryPerformanceFrequency, GetTickCount, lstrlenA, GlobalFindAtomA, GetModuleFileNameA, GetModuleHandleA, GlobalAddAtomA, DelayLoadFailureHook, LoadLibraryExA, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GlobalFindAtomW, GetPrivateProfileStringW, RegSetValueExW, RegCloseKey, RegCreateKeyExW, RegDeleteKeyExW, GetUserDefaultLCID, GlobalUnlock, GlobalLock, GlobalSize, LocalFree, GlobalDeleteAtom, LocalAlloc, DeleteAtom, FreeLibrary, GetProcAddress, LoadLibraryW, InterlockedExchange, GlobalGetAtomNameA, GlobalGetAtomNameW, GetModuleFileNameW, GlobalFree, GetLocaleInfoW, GlobalFlags, WideCharToMultiByte, GetLastError, GetOEMCP, GlobalReAlloc, MultiByteToWideChar, GlobalAlloc, WaitForMultipleObjectsEx, SetEvent, CreateFileW, lstrcmpiW, WritePrivateProfileStringW<br>&gt; ntdll.dll: RtlUnwind, RtlSetLastWin32Error, NlsAnsiCodePage, _aulldvrm, _wtoi, _alldiv, wcsncpy_s, iswspace, qsort, LdrFlushAlternateResourceModules, RtlCheckRegistryKey, RtlMultiByteToUnicodeSize, RtlPcToFileHeader, wcsrchr, RtlImageNtHeader, NtRaiseHardError, wcsncat_s, RtlIsNameLegalDOS8Dot3, strrchr, sscanf_s, strcpy_s, RtlSizeHeap, RtlGetThreadLangIdByIndex, RtlRunEncodeUnicodeString, RtlRunDecodeUnicodeString, RtlReAllocateHeap, CsrAllocateMessagePointer, RtlAllocateAndInitializeSid, RtlFreeSid, CsrAllocateCaptureBuffer, CsrCaptureMessageBuffer, CsrFreeCaptureBuffer, RtlNtStatusToDosError, NtOpenThreadToken, NtOpenProcessToken, NtQueryInformationToken, CsrClientCallServer, memmove, NtCallbackReturn, _allmul, RtlUnicodeToMultiByteSize, RtlInitializeCriticalSection, NtQuerySystemInformation, RtlDeleteCriticalSection, RtlGetIntegerAtom, _stricmp, _wcsicmp, CsrClientConnectToServer, RtlIsThreadWithinLoaderCallout, NtYieldExecution, NtCreateKey, NtSetValueKey, NtDeleteValueKey, NtOpenDirectoryObject, wcstoul, NtVdmControl, _vsnwprintf, RtlQueryInformationActiveActivationContext, RtlCreateUnicodeStringFromAsciiz, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlFreeUnicodeString, NtSetSecurityObject, NtQuerySecurityObject, NtQueryInformationProcess, wcstol, RtlActivateActivationContextUnsafeFast, RtlDeactivateActivationContextUnsafeFast, RtlFindActivationContextSectionString, RtlReleaseActivationContext, RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlLeaveCriticalSection, RtlEnterCriticalSection, memset, memcpy, RtlAllocateHeap, RtlFreeHeap, RtlOpenCurrentUser, NtEnumerateKey, wcscpy_s, wcscat_s, NtOpenKey, NtClose, NtQueryValueKey, swprintf_s, RtlInitUnicodeString, RtlUnicodeStringToInteger<br> <br> ( 1 exports )<br> <br>&gt; ActivateKeyboardLayout, AddClipboardFormatListener, AdjustWindowRect, AdjustWindowRectEx, AlignRects, AllowForegroundActivation, AllowSetForegroundWindow, AnimateWindow, AnyPopup, AppendMenuA, AppendMenuW, ArrangeIconicWindows, AttachThreadInput, BeginDeferWindowPos, BeginPaint, BlockInput, BringWindowToTop, BroadcastSystemMessage, BroadcastSystemMessageA, BroadcastSystemMessageExA, BroadcastSystemMessageExW, BroadcastSystemMessageW, BuildReasonArray, CalcMenuBar, CalculatePopupWindowPosition, CallMsgFilter, CallMsgFilterA, CallMsgFilterW, CallNextHookEx, CallWindowProcA, CallWindowProcW, CancelShutdown, CascadeChildWindows, CascadeWindows, ChangeClipboardChain, ChangeDisplaySettingsA, ChangeDisplaySettingsExA, ChangeDisplaySettingsExW, ChangeDisplaySettingsW, ChangeMenuA, ChangeMenuW, ChangeWindowMessageFilter, ChangeWindowMessageFilterEx, CharLowerA, CharLowerBuffA, CharLowerBuffW, CharLowerW, CharNextA, CharNextExA, CharNextW, CharPrevA, CharPrevExA, CharPrevW, CharToOemA, CharToOemBuffA, CharToOemBuffW, CharToOemW, CharUpperA, CharUpperBuffA, CharUpperBuffW, CharUpperW, CheckDesktopByThreadId, CheckDlgButton, CheckMenuItem, CheckMenuRadioItem, CheckRadioButton, CheckWindowThreadDesktop, ChildWindowFromPoint, ChildWindowFromPointEx, CliImmSetHotKey, ClientThreadSetup, ClientToScreen, ClipCursor, CloseClipboard, CloseDesktop, CloseGestureInfoHandle, CloseTouchInputHandle, CloseWindow, CloseWindowStation, ConsoleControl, ControlMagnification, CopyAcceleratorTableA, CopyAcceleratorTableW, CopyIcon, CopyImage, CopyRect, CountClipboardFormats, CreateAcceleratorTableA, CreateAcceleratorTableW, CreateCaret, CreateCursor, CreateDesktopA, CreateDesktopExA, CreateDesktopExW, CreateDesktopW, CreateDialogIndirectParamA, CreateDialogIndirectParamAorW, CreateDialogIndirectParamW, CreateDialogParamA, CreateDialogParamW, CreateIcon, CreateIconFromResource, CreateIconFromResourceEx, CreateIconIndirect, CreateMDIWindowA, CreateMDIWindowW, CreateMenu, CreatePopupMenu, CreateSystemThreads, CreateWindowExA, CreateWindowExW, CreateWindowStationA, CreateWindowStationW, CsrBroadcastSystemMessageExW, CtxInitUser32, DdeAbandonTransaction, DdeAccessData, DdeAddData, DdeClientTransaction, DdeCmpStringHandles, DdeConnect, DdeConnectList, DdeCreateDataHandle, DdeCreateStringHandleA, DdeCreateStringHandleW, DdeDisconnect, DdeDisconnectList, DdeEnableCallback, DdeFreeDataHandle, DdeFreeStringHandle, DdeGetData, DdeGetLastError, DdeGetQualityOfService, DdeImpersonateClient, DdeInitializeA, DdeInitializeW, DdeKeepStringHandle, DdeNameService, DdePostAdvise, DdeQueryConvInfo, DdeQueryNextServer, DdeQueryStringA, DdeQueryStringW, DdeReconnect, DdeSetQualityOfService, DdeSetUserHandle, DdeUnaccessData, DdeUninitialize, DefDlgProcA, DefDlgProcW, DefFrameProcA, DefFrameProcW, DefMDIChildProcA, DefMDIChildProcW, DefRawInputProc, DefWindowProcA, DefWindowProcW, DeferWindowPos, DeleteMenu, DeregisterShellHookWindow, DestroyAcceleratorTable, DestroyCaret, DestroyCursor, DestroyIcon, DestroyMenu, DestroyReasons, DestroyWindow, DeviceEventWorker, DialogBoxIndirectParamA, DialogBoxIndirectParamAorW, DialogBoxIndirectParamW, DialogBoxParamA, DialogBoxParamW, DisableProcessWindowsGhosting, DispatchMessageA, DispatchMessageW, DisplayConfigGetDeviceInfo, DisplayConfigSetDeviceInfo, DisplayExitWindowsWarnings, DlgDirListA, DlgDirListComboBoxA, DlgDirListComboBoxW, DlgDirListW, DlgDirSelectComboBoxExA, DlgDirSelectComboBoxExW, DlgDirSelectExA, DlgDirSelectExW, DoSoundConnect, DoSoundDisconnect, DragDetect, DragObject, DrawAnimatedRects, DrawCaption, DrawCaptionTempA, DrawCaptionTempW, DrawEdge, DrawFocusRect, DrawFrame, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawMenuBarTemp, DrawStateA, DrawStateW, DrawTextA, DrawTextExA, DrawTextExW, DrawTextW, DwmGetDxSharedSurface, DwmStartRedirection, DwmStopRedirection, EditWndProc, EmptyClipboard, EnableMenuItem, EnableScrollBar, EnableWindow, EndDeferWindowPos, EndDialog, EndMenu, EndPaint, EndTask, EnterReaderModeHelper, EnumChildWindows, EnumClipboardFormats, EnumDesktopWindows, EnumDesktopsA, EnumDesktopsW, EnumDisplayDevicesA, EnumDisplayDevicesW, EnumDisplayMonitors, EnumDisplaySettingsA, EnumDisplaySettingsExA, EnumDisplaySettingsExW, EnumDisplaySettingsW, EnumPropsA, EnumPropsExA, EnumPropsExW, EnumPropsW, EnumThreadWindows, EnumWindowStationsA, EnumWindowStationsW, EnumWindows, EqualRect, ExcludeUpdateRgn, ExitWindowsEx, FillRect, FindWindowA, FindWindowExA, FindWindowExW, FindWindowW, FlashWindow, FlashWindowEx, FrameRect, FreeDDElParam, FrostCrashedWindow, GetActiveWindow, GetAltTabInfo, GetAltTabInfoA, GetAltTabInfoW, GetAncestor, GetAppCompatFlags, GetAppCompatFlags2, GetAsyncKeyState, GetCapture, GetCaretBlinkTime, GetCaretPos, GetClassInfoA, GetClassInfoExA, GetClassInfoExW, GetClassInfoW, GetClassLongA, GetClassLongW, GetClassNameA, GetClassNameW, GetClassWord, GetClientRect, GetClipCursor, GetClipboardData, GetClipboardFormatNameA, GetClipboardFormatNameW, GetClipboardOwner, GetClipboardSequenceNumber, GetClipboardViewer, GetComboBoxInfo, GetCursor, GetCursorFrameInfo, GetCursorInfo, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetDialogBaseUnits, GetDisplayConfigBufferSizes, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetDlgItemTextA, GetDlgItemTextW, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetGUIThreadInfo, GetGestureConfig, GetGestureExtraArgs, GetGestureInfo, GetGuiResources, GetIconInfo, GetIconInfoExA, GetIconInfoExW, GetInputDesktop, GetInputLocaleInfo, GetInputState, GetInternalWindowPos, GetKBCodePage, GetKeyNameTextA, GetKeyNameTextW, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardLayoutNameA, GetKeyboardLayoutNameW, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetLastInputInfo, GetLayeredWindowAttributes, GetListBoxInfo, GetMagnificationDesktopColorEffect, GetMagnificationDesktopMagnification, GetMagnificationLensCtxInformation, GetMenu, GetMenuBarInfo, GetMenuCheckMarkDimensions, GetMenuContextHelpId, GetMenuDefaultItem, GetMenuInfo, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuItemInfoW, GetMenuItemRect, GetMenuState, GetMenuStringA, GetMenuStringW, GetMessageA, GetMessageExtraInfo, GetMessagePos, GetMessageTime, GetMessageW, GetMonitorInfoA, GetMonitorInfoW, GetMouseMovePointsEx, GetNextDlgGroupItem, GetNextDlgTabItem, GetOpenClipboardWindow, GetParent, GetPhysicalCursorPos, GetPriorityClipboardFormat, GetProcessDefaultLayout, GetProcessWindowStation, GetProgmanWindow, GetPropA, GetPropW, GetQueueStatus, GetRawInputBuffer, GetRawInputData, GetRawInputDeviceInfoA, GetRawInputDeviceInfoW, GetRawInputDeviceList, GetReasonTitleFromReasonCode, GetRegisteredRawInputDevices, GetScrollBarInfo, GetScrollInfo, GetScrollPos, GetScrollRange, GetSendMessageReceiver, GetShellWindow, GetSubMenu, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetTabbedTextExtentA, GetTabbedTextExtentW, GetTaskmanWindow, GetThreadDesktop, GetTitleBarInfo, GetTopLevelWindow, GetTopWindow, GetTouchInputInfo, GetUpdateRect, GetUpdateRgn, GetUpdatedClipboardFormats, GetUserObjectInformationA, GetUserObjectInformationW, GetUserObjectSecurity, GetWinStationInfo, GetWindow, GetWindowCompositionAttribute, GetWindowCompositionInfo, GetWindowContextHelpId, GetWindowDC, GetWindowDisplayAffinity, GetWindowInfo, GetWindowLongA, GetWindowLongW, GetWindowMinimizeRect, GetWindowModuleFileName, GetWindowModuleFileNameA, GetWindowModuleFileNameW, GetWindowPlacement, GetWindowRect, GetWindowRgn, GetWindowRgnBox, GetWindowRgnEx, GetWindowTextA, GetWindowTextLengthA, GetWindowTextLengthW, GetWindowTextW, GetWindowThreadProcessId, GetWindowWord, GhostWindowFromHungWindow, GrayStringA, GrayStringW, HideCaret, HiliteMenuItem, HungWindowFromGhostWindow, IMPGetIMEA, IMPGetIMEW, IMPQueryIMEA, IMPQueryIMEW, IMPSetIMEA, IMPSetIMEW, ImpersonateDdeClientWindow, InSendMessage, InSendMessageEx, InflateRect, InitializeLpkHooks, InsertMenuA, InsertMenuItemA, InsertMenuItemW, InsertMenuW, InternalGetWindowIcon, InternalGetWindowText, IntersectRect, InvalidateRect, InvalidateRgn, InvertRect, IsCharAlphaA, IsCharAlphaNumericA, IsCharAlphaNumericW, IsCharAlphaW, IsCharLowerA, IsCharLowerW, IsCharUpperA, IsCharUpperW, IsChild, IsClipboardFormatAvailable, IsDialogMessage, IsDialogMessageA, IsDialogMessageW, IsDlgButtonChecked, IsGUIThread, IsHungAppWindow, IsIconic, IsMenu, IsProcessDPIAware, IsRectEmpty, IsSETEnabled, IsServerSideWindow, IsThreadDesktopComposited, IsTopLevelWindow, IsTouchWindow, IsWinEventHookInstalled, IsWindow, IsWindowEnabled, IsWindowInDestroy, IsWindowRedirectedForPrint, IsWindowUnicode, IsWindowVisible, IsWow64Message, IsZoomed, KillTimer, LoadAcceleratorsA, LoadAcceleratorsW, LoadBitmapA, LoadBitmapW, LoadCursorA, LoadCursorFromFileA, LoadCursorFromFileW, LoadCursorW, LoadIconA, LoadIconW, LoadImageA, LoadImageW, LoadKeyboardLayoutA, LoadKeyboardLayoutEx, LoadKeyboardLayoutW, LoadLocalFonts, LoadMenuA, LoadMenuIndirectA, LoadMenuIndirectW, LoadMenuW, LoadRemoteFonts, LoadStringA, LoadStringW, LockSetForegroundWindow, LockWindowStation, LockWindowUpdate, LockWorkStation, LogicalToPhysicalPoint, LookupIconIdFromDirectory, LookupIconIdFromDirectoryEx, MBToWCSEx, MB_GetString, MapDialogRect, MapVirtualKeyA, MapVirtualKeyExA, MapVirtualKeyExW, MapVirtualKeyW, MapWindowPoints, MenuItemFromPoint, MenuWindowProcA, MenuWindowProcW, MessageBeep, MessageBoxA, MessageBoxExA, MessageBoxExW, MessageBoxIndirectA, MessageBoxIndirectW, MessageBoxTimeoutA, MessageBoxTimeoutW, MessageBoxW, ModifyMenuA, ModifyMenuW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow, MoveWindow, MsgWaitForMultipleObjects, MsgWaitForMultipleObjectsEx, NotifyOverlayWindow, NotifyWinEvent, OemKeyScan, OemToCharA, OemToCharBuffA, OemToCharBuffW, OemToCharW, OffsetRect, OpenClipboard, OpenDesktopA, OpenDesktopW, OpenIcon, OpenInputDesktop, OpenThreadDesktop, OpenWindowStationA, OpenWindowStationW, PackDDElParam, PaintDesktop, PaintMenuBar, PaintMonitor, PeekMessageA, PeekMessageW, PhysicalToLogicalPoint, PostMessageA, PostMessageW, PostQuitMessage, PostThreadMessageA, PostThreadMessageW, PrintWindow, PrivateExtractIconExA, PrivateExtractIconExW, PrivateExtractIconsA, PrivateExtractIconsW, PrivateRegisterICSProc, PtInRect, QueryDisplayConfig, QuerySendMessage, RealChildWindowFromPoint, RealGetWindowClass, RealGetWindowClassA, RealGetWindowClassW, ReasonCodeNeedsBugID, ReasonCodeNeedsComment, RecordShutdownReason, RedrawWindow, RegisterClassA, RegisterClassExA, RegisterClassExW, RegisterClassW, RegisterClipboardFormatA, RegisterClipboardFormatW, RegisterDeviceNotificationA, RegisterDeviceNotificationW, RegisterErrorReportingDialog, RegisterFrostWindow, RegisterGhostWindow, RegisterHotKey, RegisterLogonProcess, RegisterMessagePumpHook, RegisterPowerSettingNotification, RegisterRawInputDevices, RegisterServicesProcess, RegisterSessionPort, RegisterShellHookWindow, RegisterSystemThread, RegisterTasklist, RegisterTouchWindow, RegisterUserApiHook, RegisterWindowMessageA, RegisterWindowMessageW, ReleaseCapture, ReleaseDC, RemoveClipboardFormatListener, RemoveMenu, RemovePropA, RemovePropW, ReplyMessage, ResolveDesktopForWOW, ReuseDDElParam, ScreenToClient, ScrollChildren, ScrollDC, ScrollWindow, ScrollWindowEx, SendDlgItemMessageA, SendDlgItemMessageW, SendIMEMessageExA, SendIMEMessageExW, SendInput, SendMessageA, SendMessageCallbackA, SendMessageCallbackW, SendMessageTimeoutA, SendMessageTimeoutW, SendMessageW, SendNotifyMessageA, SendNotifyMessageW, SetActiveWindow, SetCapture, SetCaretBlinkTime, SetCaretPos, SetClassLongA, SetClassLongW, SetClassWord, SetClipboardData, SetClipboardViewer, SetCursor, SetCursorContents, SetCursorPos, SetDebugErrorLevel, SetDeskWallpaper, SetDisplayConfig, SetDlgItemInt, SetDlgItemTextA, SetDlgItemTextW, SetDoubleClickTime, SetFocus, SetForegroundWindow, SetGestureConfig, SetInternalWindowPos, SetKeyboardState, SetLastErrorEx, SetLayeredWindowAttributes, SetMagnificationDesktopColorEffect, SetMagnificationDesktopMagnification, SetMagnificationLensCtxInformation, SetMenu, SetMenuContextHelpId, SetMenuDefaultItem, SetMenuInfo, SetMenuItemBitmaps, SetMenuItemInfoA, SetMenuItemInfoW, SetMessageExtraInfo, SetMessageQueue, SetMirrorRendering, SetParent, SetPhysicalCursorPos, SetProcessDPIAware, SetProcessDefaultLayout, SetProcessWindowStation, SetProgmanWindow, SetPropA, SetPropW, SetRect, SetRectEmpty, SetScrollInfo, SetScrollPos, SetScrollRange, SetShellWindow, SetShellWindowEx, SetSysColors, SetSysColorsTemp, SetSystemCursor, SetSystemMenu, SetTaskmanWindow, SetThreadDesktop, SetTimer, SetUserObjectInformationA, SetUserObjectInformationW, SetUserObjectSecurity, SetWinEventHook, SetWindowCompositionAttribute, SetWindowContextHelpId, SetWindowDisplayAffinity, SetWindowLongA, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowRgn, SetWindowRgnEx, SetWindowStationUser, SetWindowTextA, SetWindowTextW, SetWindowWord, SetWindowsHookA, SetWindowsHookExA, SetWindowsHookExW, SetWindowsHookW, SfmDxBindSwapChain, SfmDxGetSwapChainStats, SfmDxOpenSwapChain, SfmDxQuerySwapChainBindingStatus, SfmDxReleaseSwapChain, SfmDxReportPendingBindingsToDwm, SfmDxSetSwapChainBindingStatus, SfmDxSetSwapChainStats, ShowCaret, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowStartGlass, ShowSystemCursor, ShowWindow, ShowWindowAsync, ShutdownBlockReasonCreate, ShutdownBlockReasonDestroy, ShutdownBlockReasonQuery, SoftModalMessageBox, SoundSentry, SubtractRect, SwapMouseButton, SwitchDesktop, SwitchDesktopWithFade, SwitchToThisWindow, SystemParametersInfoA, SystemParametersInfoW, TabbedTextOutA, TabbedTextOutW, TileChildWindows, TileWindows, ToAscii, ToAsciiEx, ToUnicode, ToUnicodeEx, TrackMouseEvent, TrackPopupMenu, TrackPopupMenuEx, TranslateAccelerator, TranslateAcceleratorA, TranslateAcceleratorW, TranslateMDISysAccel, TranslateMessage, TranslateMessageEx, UnhookWinEvent, UnhookWindowsHook, UnhookWindowsHookEx, UnionRect, UnloadKeyboardLayout, UnlockWindowStation, UnpackDDElParam, UnregisterClassA, UnregisterClassW, UnregisterDeviceNotification, UnregisterHotKey, UnregisterMessagePumpHook, UnregisterPowerSettingNotification, UnregisterSessionPort, UnregisterTouchWindow, UnregisterUserApiHook, UpdateLayeredWindow, UpdateLayeredWindowIndirect, UpdatePerUserSystemParameters, UpdateWindow, UpdateWindowTransform, User32InitializeImmEntryTable, UserClientDllInitialize, UserHandleGrantAccess, UserLpkPSMTextOut, UserLpkTabbedTextOut, UserRealizePalette, UserRegisterWowHandlers, VRipOutput, VTagOutput, ValidateRect, ValidateRgn, VkKeyScanA, VkKeyScanExA, VkKeyScanExW, VkKeyScanW, WCSToMBEx, WINNLSEnableIME, WINNLSGetEnableStatus, WINNLSGetIMEHotkey, WaitForInputIdle, WaitMessage, WinHelpA, WinHelpW, WindowFromDC, WindowFromPhysicalPoint, WindowFromPoint, _UserTestTokenForInteractive, gSharedInfo, gapfnScSendMessage, keybd_event, mouse_event, wsprintfA, wsprintfW, wvsprintfA, wvsprintfW
TrID&nbsp;&nbsp;: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
ssdeep: 12288:6UMmzZo/qril3O9BS+wHFk4VhFYKXypF39r9X3Mh5L+s5ENOeQiV1Li/kh:hM6IlSKizNrRaLeYeXV1i/kh
sigcheck: publisher....: Microsoft Corporation<br>copyright....: © Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: Multi-User Windows USER API Client DLL<br>original name: user32<br>internal name: user32<br>file version.: 6.1.7600.16385 (win7_rtm.090713-1255)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
PEiD&nbsp;&nbsp;: -
RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-

Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.08 -
AhnLab-V3 2010.06.08.06 2010.06.08 -
AntiVir 8.2.2.6 2010.06.08 -
Antiy-AVL 2.0.3.7 2010.06.08 -
Authentium 5.2.0.5 2010.06.08 -
Avast 4.8.1351.0 2010.06.08 -
Avast5 5.0.332.0 2010.06.08 -
AVG 9.0.0.787 2010.06.08 -
BitDefender 7.2 2010.06.08 -
CAT-QuickHeal 10.00 2010.06.08 -
ClamAV 0.96.0.3-git 2010.06.08 -
Comodo 5028 2010.06.08 -
DrWeb 5.0.2.03300 2010.06.08 -
eSafe 7.0.17.0 2010.06.06 -
eTrust-Vet 36.1.7618 2010.06.08 -
F-Prot 4.6.0.103 2010.06.08 -
F-Secure 9.0.15370.0 2010.06.08 -
Fortinet 4.1.133.0 2010.06.08 -
GData 21 2010.06.08 -
Ikarus T3.1.1.84.0 2010.06.08 -
Jiangmin 13.0.900 2010.06.08 -
Kaspersky 7.0.0.125 2010.06.08 -
McAfee 5.400.0.1158 2010.06.08 -
McAfee-GW-Edition 2010.1 2010.06.08 -
Microsoft 1.5802 2010.06.08 -
NOD32 5182 2010.06.08 -
Norman 6.04.12 2010.06.07 -
nProtect 2010-06-08.01 2010.06.08 -
Panda 10.0.2.7 2010.06.07 -
PCTools 7.0.3.5 2010.06.08 -
Rising 22.51.01.04 2010.06.08 -
Sophos 4.53.0 2010.06.08 -
Sunbelt 6418 2010.06.08 -
Symantec 20101.1.0.89 2010.06.08 -
TheHacker 6.5.2.0.295 2010.06.08 -
TrendMicro 9.120.0.1004 2010.06.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.08 -
VBA32 3.12.12.5 2010.06.08 -
ViRobot 2010.6.8.2343 2010.06.08 -
VirusBuster 5.0.27.0 2010.06.07 -

Additional information
File&nbsp;size: 811520 bytes
MD5&nbsp;&nbsp;&nbsp;: 7bd7f45ff37fa0669cd32ca0ef46e22c
SHA1&nbsp;&nbsp;: 03c47973f52800a6ae21f1a5992e331b4a9b2837
SHA256: 88cf562d5f8c803a4ff8db28c355073c58be6c02ce950149584749d2d72cc6de
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x1F7C9<br> timedatestamp.....: 0x4A5BDB2F (Tue Jul 14 03:11:11 2009)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 4 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x6772F 0x67800 6.64 666f00ea11895893c60fedc6b1b331a6<br>.data 0x69000 0xF60 0x1000 1.75 a0266837467b196f479d1fca528ab23f<br>.rsrc 0x6A000 0x5A278 0x5A400 5.52 b32b75abdd1619519099bacc5ab208d9<br>.reloc 0xC5000 0x30A0 0x3200 6.69 339948e7d9261a997c94b586ec076ef2<br> <br> ( 3 imports )<br> <br>&gt; gdi32.dll: CreateFontIndirectW, GetClipRgn, ExtSelectClipRgn, GetHFONT, GetMapMode, SetGraphicsMode, GetClipBox, CreateRectRgn, CreateRectRgnIndirect, SetLayout, GetBoundsRect, ExcludeClipRect, PlayEnhMetaFile, Ellipse, CreateEllipticRgn, GdiFixUpHandle, CreatePen, Rectangle, GetTextCharacterExtra, SetTextCharacterExtra, GetCurrentObject, GetViewportOrgEx, SetViewportOrgEx, PolyPatBlt, CreateBrushIndirect, SetBoundsRect, CopyEnhMetaFileW, CopyMetaFileW, GetPaletteEntries, CreatePalette, SetPaletteEntries, GetPixel, ExtTextOutA, GetTextCharsetInfo, QueryFontAssocStatus, GetCharWidthInfo, GetCharWidthA, GetTextFaceW, GetCharABCWidthsA, GetCharABCWidthsW, SetBrushOrgEx, EnumFontsW, GetTextFaceAliasW, GetTextMetricsW, GetTextColor, GdiGetCodePage, GetTextCharset, GetBkMode, GetViewportExtEx, GetWindowExtEx, GdiGetCharDimensions, GdiPrinterThunk, GdiLoadType1Fonts, GdiAddFontResourceW, TranslateCharsetInfo, SaveDC, OffsetWindowOrgEx, RestoreDC, ExtTextOutW, GetDIBits, CreateDIBSection, SetStretchBltMode, SelectPalette, RealizePalette, SetDIBits, CreateDCW, CreateDIBitmap, CreateCompatibleBitmap, SetBitmapBits, DeleteDC, GdiValidateHandle, GdiDllInitialize, GdiProcessSetup, GetStockObject, CreateSolidBrush, CreateCompatibleDC, GdiConvertBitmapV5, GdiCreateLocalEnhMetaFile, GdiCreateLocalMetaFilePict, GetRgnBox, CombineRgn, OffsetRgn, MirrorRgn, EnableEUDC, GdiConvertToDevmodeW, GetTextExtentPointA, GetTextExtentPointW, CreateBitmap, SetLayoutWidth, PatBlt, TextOutA, TextOutW, SetTextAlign, GetTextAlign, IntersectClipRect, SelectObject, SetBkMode, GetBkColor, GetObjectW, SetTextColor, SetBkColor, GetLayout, StretchDIBits, GetDeviceCaps, GetDIBColorTable, GdiGetBitmapBitsSize, DeleteObject, DeleteMetaFile, DeleteEnhMetaFile, GdiConvertMetaFilePict, GdiConvertEnhMetaFile, GdiReleaseDC, StretchBlt, GetObjectType, GdiConvertAndCheckDC, SetRectRgn, BitBlt<br>&gt; kernel32.dll: SetLastError, InterlockedDecrement, InterlockedIncrement, GetACP, LocalReAlloc, LocalLock, LocalUnlock, LocalSize, LoadAppInitDlls, GetCurrentThreadId, GetModuleHandleW, QueryActCtxSettingsW, RegisterWaitForInputIdle, SizeofResource, LoadResource, LoadStringBaseExW, FindResourceExW, FindResourceExA, DisableThreadLibraryCalls, IsDBCSLeadByteEx, GetSystemDirectoryW, SearchPathW, ExpandEnvironmentStringsW, LoadLibraryExW, GlobalAddAtomW, GetCurrentProcess, GetCurrentThread, ExitThread, GetExitCodeThread, CreateThread, GlobalHandle, FoldStringW, Sleep, GetStringTypeW, GetStringTypeA, GetCPInfo, CompareStringW, FindResourceW, CloseHandle, ReadFile, SetFileTime, EnumResourceNamesExW, CreateProcessW, GetSystemWindowsDirectoryW, AddAtomA, AddAtomW, GetAtomNameA, GetAtomNameW, IsValidLocale, ConvertDefaultLocale, GetCurrentDirectoryW, SetCurrentDirectoryW, lstrlenW, GetLogicalDrives, FindClose, FindNextFileW, FindFirstFileW, GetThreadLocale, MulDiv, ProcessIdToSessionId, GetCurrentProcessId, WerpNotifyUseStringResource, InterlockedCompareExchange, IsDBCSLeadByte, GetVersionExW, RegQueryValueExW, RegOpenKeyExW, RegEnumValueW, RegQueryInfoKeyW, GetSystemDefaultLangID, WerpNotifyLoadStringResource, UnmapViewOfFile, GetFileSize, MapViewOfFile, CreateFileMappingW, LCMapStringW, QueryPerformanceCounter, QueryPerformanceFrequency, GetTickCount, lstrlenA, GlobalFindAtomA, GetModuleFileNameA, GetModuleHandleA, GlobalAddAtomA, DelayLoadFailureHook, LoadLibraryExA, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GlobalFindAtomW, GetPrivateProfileStringW, RegSetValueExW, RegCloseKey, RegCreateKeyExW, RegDeleteKeyExW, GetUserDefaultLCID, GlobalUnlock, GlobalLock, GlobalSize, LocalFree, GlobalDeleteAtom, LocalAlloc, DeleteAtom, FreeLibrary, GetProcAddress, LoadLibraryW, InterlockedExchange, GlobalGetAtomNameA, GlobalGetAtomNameW, GetModuleFileNameW, GlobalFree, GetLocaleInfoW, GlobalFlags, WideCharToMultiByte, GetLastError, GetOEMCP, GlobalReAlloc, MultiByteToWideChar, GlobalAlloc, WaitForMultipleObjectsEx, SetEvent, CreateFileW, lstrcmpiW, WritePrivateProfileStringW<br>&gt; ntdll.dll: RtlUnwind, RtlSetLastWin32Error, NlsAnsiCodePage, _aulldvrm, _wtoi, _alldiv, wcsncpy_s, iswspace, qsort, LdrFlushAlternateResourceModules, RtlCheckRegistryKey, RtlMultiByteToUnicodeSize, RtlPcToFileHeader, wcsrchr, RtlImageNtHeader, NtRaiseHardError, wcsncat_s, RtlIsNameLegalDOS8Dot3, strrchr, sscanf_s, strcpy_s, RtlSizeHeap, RtlGetThreadLangIdByIndex, RtlRunEncodeUnicodeString, RtlRunDecodeUnicodeString, RtlReAllocateHeap, CsrAllocateMessagePointer, RtlAllocateAndInitializeSid, RtlFreeSid, CsrAllocateCaptureBuffer, CsrCaptureMessageBuffer, CsrFreeCaptureBuffer, RtlNtStatusToDosError, NtOpenThreadToken, NtOpenProcessToken, NtQueryInformationToken, CsrClientCallServer, memmove, NtCallbackReturn, _allmul, RtlUnicodeToMultiByteSize, RtlInitializeCriticalSection, NtQuerySystemInformation, RtlDeleteCriticalSection, RtlGetIntegerAtom, _stricmp, _wcsicmp, CsrClientConnectToServer, RtlIsThreadWithinLoaderCallout, NtYieldExecution, NtCreateKey, NtSetValueKey, NtDeleteValueKey, NtOpenDirectoryObject, wcstoul, NtVdmControl, _vsnwprintf, RtlQueryInformationActiveActivationContext, RtlCreateUnicodeStringFromAsciiz, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlFreeUnicodeString, NtSetSecurityObject, NtQuerySecurityObject, NtQueryInformationProcess, wcstol, RtlActivateActivationContextUnsafeFast, RtlDeactivateActivationContextUnsafeFast, RtlFindActivationContextSectionString, RtlReleaseActivationContext, RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlLeaveCriticalSection, RtlEnterCriticalSection, memset, memcpy, RtlAllocateHeap, RtlFreeHeap, RtlOpenCurrentUser, NtEnumerateKey, wcscpy_s, wcscat_s, NtOpenKey, NtClose, NtQueryValueKey, swprintf_s, RtlInitUnicodeString, RtlUnicodeStringToInteger<br> <br> ( 1 exports )<br> <br>&gt; ActivateKeyboardLayout, AddClipboardFormatListener, AdjustWindowRect, AdjustWindowRectEx, AlignRects, AllowForegroundActivation, AllowSetForegroundWindow, AnimateWindow, AnyPopup, AppendMenuA, AppendMenuW, ArrangeIconicWindows, AttachThreadInput, BeginDeferWindowPos, BeginPaint, BlockInput, BringWindowToTop, BroadcastSystemMessage, BroadcastSystemMessageA, BroadcastSystemMessageExA, BroadcastSystemMessageExW, BroadcastSystemMessageW, BuildReasonArray, CalcMenuBar, CalculatePopupWindowPosition, CallMsgFilter, CallMsgFilterA, CallMsgFilterW, CallNextHookEx, CallWindowProcA, CallWindowProcW, CancelShutdown, CascadeChildWindows, CascadeWindows, ChangeClipboardChain, ChangeDisplaySettingsA, ChangeDisplaySettingsExA, ChangeDisplaySettingsExW, ChangeDisplaySettingsW, ChangeMenuA, ChangeMenuW, ChangeWindowMessageFilter, ChangeWindowMessageFilterEx, CharLowerA, CharLowerBuffA, CharLowerBuffW, CharLowerW, CharNextA, CharNextExA, CharNextW, CharPrevA, CharPrevExA, CharPrevW, CharToOemA, CharToOemBuffA, CharToOemBuffW, CharToOemW, CharUpperA, CharUpperBuffA, CharUpperBuffW, CharUpperW, CheckDesktopByThreadId, CheckDlgButton, CheckMenuItem, CheckMenuRadioItem, CheckRadioButton, CheckWindowThreadDesktop, ChildWindowFromPoint, ChildWindowFromPointEx, CliImmSetHotKey, ClientThreadSetup, ClientToScreen, ClipCursor, CloseClipboard, CloseDesktop, CloseGestureInfoHandle, CloseTouchInputHandle, CloseWindow, CloseWindowStation, ConsoleControl, ControlMagnification, CopyAcceleratorTableA, CopyAcceleratorTableW, CopyIcon, CopyImage, CopyRect, CountClipboardFormats, CreateAcceleratorTableA, CreateAcceleratorTableW, CreateCaret, CreateCursor, CreateDesktopA, CreateDesktopExA, CreateDesktopExW, CreateDesktopW, CreateDialogIndirectParamA, CreateDialogIndirectParamAorW, CreateDialogIndirectParamW, CreateDialogParamA, CreateDialogParamW, CreateIcon, CreateIconFromResource, CreateIconFromResourceEx, CreateIconIndirect, CreateMDIWindowA, CreateMDIWindowW, CreateMenu, CreatePopupMenu, CreateSystemThreads, CreateWindowExA, CreateWindowExW, CreateWindowStationA, CreateWindowStationW, CsrBroadcastSystemMessageExW, CtxInitUser32, DdeAbandonTransaction, DdeAccessData, DdeAddData, DdeClientTransaction, DdeCmpStringHandles, DdeConnect, DdeConnectList, DdeCreateDataHandle, DdeCreateStringHandleA, DdeCreateStringHandleW, DdeDisconnect, DdeDisconnectList, DdeEnableCallback, DdeFreeDataHandle, DdeFreeStringHandle, DdeGetData, DdeGetLastError, DdeGetQualityOfService, DdeImpersonateClient, DdeInitializeA, DdeInitializeW, DdeKeepStringHandle, DdeNameService, DdePostAdvise, DdeQueryConvInfo, DdeQueryNextServer, DdeQueryStringA, DdeQueryStringW, DdeReconnect, DdeSetQualityOfService, DdeSetUserHandle, DdeUnaccessData, DdeUninitialize, DefDlgProcA, DefDlgProcW, DefFrameProcA, DefFrameProcW, DefMDIChildProcA, DefMDIChildProcW, DefRawInputProc, DefWindowProcA, DefWindowProcW, DeferWindowPos, DeleteMenu, DeregisterShellHookWindow, DestroyAcceleratorTable, DestroyCaret, DestroyCursor, DestroyIcon, DestroyMenu, DestroyReasons, DestroyWindow, DeviceEventWorker, DialogBoxIndirectParamA, DialogBoxIndirectParamAorW, DialogBoxIndirectParamW, DialogBoxParamA, DialogBoxParamW, DisableProcessWindowsGhosting, DispatchMessageA, DispatchMessageW, DisplayConfigGetDeviceInfo, DisplayConfigSetDeviceInfo, DisplayExitWindowsWarnings, DlgDirListA, DlgDirListComboBoxA, DlgDirListComboBoxW, DlgDirListW, DlgDirSelectComboBoxExA, DlgDirSelectComboBoxExW, DlgDirSelectExA, DlgDirSelectExW, DoSoundConnect, DoSoundDisconnect, DragDetect, DragObject, DrawAnimatedRects, DrawCaption, DrawCaptionTempA, DrawCaptionTempW, DrawEdge, DrawFocusRect, DrawFrame, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawMenuBarTemp, DrawStateA, DrawStateW, DrawTextA, DrawTextExA, DrawTextExW, DrawTextW, DwmGetDxSharedSurface, DwmStartRedirection, DwmStopRedirection, EditWndProc, EmptyClipboard, EnableMenuItem, EnableScrollBar, EnableWindow, EndDeferWindowPos, EndDialog, EndMenu, EndPaint, EndTask, EnterReaderModeHelper, EnumChildWindows, EnumClipboardFormats, EnumDesktopWindows, EnumDesktopsA, EnumDesktopsW, EnumDisplayDevicesA, EnumDisplayDevicesW, EnumDisplayMonitors, EnumDisplaySettingsA, EnumDisplaySettingsExA, EnumDisplaySettingsExW, EnumDisplaySettingsW, EnumPropsA, EnumPropsExA, EnumPropsExW, EnumPropsW, EnumThreadWindows, EnumWindowStationsA, EnumWindowStationsW, EnumWindows, EqualRect, ExcludeUpdateRgn, ExitWindowsEx, FillRect, FindWindowA, FindWindowExA, FindWindowExW, FindWindowW, FlashWindow, FlashWindowEx, FrameRect, FreeDDElParam, FrostCrashedWindow, GetActiveWindow, GetAltTabInfo, GetAltTabInfoA, GetAltTabInfoW, GetAncestor, GetAppCompatFlags, GetAppCompatFlags2, GetAsyncKeyState, GetCapture, GetCaretBlinkTime, GetCaretPos, GetClassInfoA, GetClassInfoExA, GetClassInfoExW, GetClassInfoW, GetClassLongA, GetClassLongW, GetClassNameA, GetClassNameW, GetClassWord, GetClientRect, GetClipCursor, GetClipboardData, GetClipboardFormatNameA, GetClipboardFormatNameW, GetClipboardOwner, GetClipboardSequenceNumber, GetClipboardViewer, GetComboBoxInfo, GetCursor, GetCursorFrameInfo, GetCursorInfo, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetDialogBaseUnits, GetDisplayConfigBufferSizes, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetDlgItemTextA, GetDlgItemTextW, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetGUIThreadInfo, GetGestureConfig, GetGestureExtraArgs, GetGestureInfo, GetGuiResources, GetIconInfo, GetIconInfoExA, GetIconInfoExW, GetInputDesktop, GetInputLocaleInfo, GetInputState, GetInternalWindowPos, GetKBCodePage, GetKeyNameTextA, GetKeyNameTextW, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardLayoutNameA, GetKeyboardLayoutNameW, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetLastInputInfo, GetLayeredWindowAttributes, GetListBoxInfo, GetMagnificationDesktopColorEffect, GetMagnificationDesktopMagnification, GetMagnificationLensCtxInformation, GetMenu, GetMenuBarInfo, GetMenuCheckMarkDimensions, GetMenuContextHelpId, GetMenuDefaultItem, GetMenuInfo, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuItemInfoW, GetMenuItemRect, GetMenuState, GetMenuStringA, GetMenuStringW, GetMessageA, GetMessageExtraInfo, GetMessagePos, GetMessageTime, GetMessageW, GetMonitorInfoA, GetMonitorInfoW, GetMouseMovePointsEx, GetNextDlgGroupItem, GetNextDlgTabItem, GetOpenClipboardWindow, GetParent, GetPhysicalCursorPos, GetPriorityClipboardFormat, GetProcessDefaultLayout, GetProcessWindowStation, GetProgmanWindow, GetPropA, GetPropW, GetQueueStatus, GetRawInputBuffer, GetRawInputData, GetRawInputDeviceInfoA, GetRawInputDeviceInfoW, GetRawInputDeviceList, GetReasonTitleFromReasonCode, GetRegisteredRawInputDevices, GetScrollBarInfo, GetScrollInfo, GetScrollPos, GetScrollRange, GetSendMessageReceiver, GetShellWindow, GetSubMenu, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetTabbedTextExtentA, GetTabbedTextExtentW, GetTaskmanWindow, GetThreadDesktop, GetTitleBarInfo, GetTopLevelWindow, GetTopWindow, GetTouchInputInfo, GetUpdateRect, GetUpdateRgn, GetUpdatedClipboardFormats, GetUserObjectInformationA, GetUserObjectInformationW, GetUserObjectSecurity, GetWinStationInfo, GetWindow, GetWindowCompositionAttribute, GetWindowCompositionInfo, GetWindowContextHelpId, GetWindowDC, GetWindowDisplayAffinity, GetWindowInfo, GetWindowLongA, GetWindowLongW, GetWindowMinimizeRect, GetWindowModuleFileName, GetWindowModuleFileNameA, GetWindowModuleFileNameW, GetWindowPlacement, GetWindowRect, GetWindowRgn, GetWindowRgnBox, GetWindowRgnEx, GetWindowTextA, GetWindowTextLengthA, GetWindowTextLengthW, GetWindowTextW, GetWindowThreadProcessId, GetWindowWord, GhostWindowFromHungWindow, GrayStringA, GrayStringW, HideCaret, HiliteMenuItem, HungWindowFromGhostWindow, IMPGetIMEA, IMPGetIMEW, IMPQueryIMEA, IMPQueryIMEW, IMPSetIMEA, IMPSetIMEW, ImpersonateDdeClientWindow, InSendMessage, InSendMessageEx, InflateRect, InitializeLpkHooks, InsertMenuA, InsertMenuItemA, InsertMenuItemW, InsertMenuW, InternalGetWindowIcon, InternalGetWindowText, IntersectRect, InvalidateRect, InvalidateRgn, InvertRect, IsCharAlphaA, IsCharAlphaNumericA, IsCharAlphaNumericW, IsCharAlphaW, IsCharLowerA, IsCharLowerW, IsCharUpperA, IsCharUpperW, IsChild, IsClipboardFormatAvailable, IsDialogMessage, IsDialogMessageA, IsDialogMessageW, IsDlgButtonChecked, IsGUIThread, IsHungAppWindow, IsIconic, IsMenu, IsProcessDPIAware, IsRectEmpty, IsSETEnabled, IsServerSideWindow, IsThreadDesktopComposited, IsTopLevelWindow, IsTouchWindow, IsWinEventHookInstalled, IsWindow, IsWindowEnabled, IsWindowInDestroy, IsWindowRedirectedForPrint, IsWindowUnicode, IsWindowVisible, IsWow64Message, IsZoomed, KillTimer, LoadAcceleratorsA, LoadAcceleratorsW, LoadBitmapA, LoadBitmapW, LoadCursorA, LoadCursorFromFileA, LoadCursorFromFileW, LoadCursorW, LoadIconA, LoadIconW, LoadImageA, LoadImageW, LoadKeyboardLayoutA, LoadKeyboardLayoutEx, LoadKeyboardLayoutW, LoadLocalFonts, LoadMenuA, LoadMenuIndirectA, LoadMenuIndirectW, LoadMenuW, LoadRemoteFonts, LoadStringA, LoadStringW, LockSetForegroundWindow, LockWindowStation, LockWindowUpdate, LockWorkStation, LogicalToPhysicalPoint, LookupIconIdFromDirectory, LookupIconIdFromDirectoryEx, MBToWCSEx, MB_GetString, MapDialogRect, MapVirtualKeyA, MapVirtualKeyExA, MapVirtualKeyExW, MapVirtualKeyW, MapWindowPoints, MenuItemFromPoint, MenuWindowProcA, MenuWindowProcW, MessageBeep, MessageBoxA, MessageBoxExA, MessageBoxExW, MessageBoxIndirectA, MessageBoxIndirectW, MessageBoxTimeoutA, MessageBoxTimeoutW, MessageBoxW, ModifyMenuA, ModifyMenuW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow, MoveWindow, MsgWaitForMultipleObjects, MsgWaitForMultipleObjectsEx, NotifyOverlayWindow, NotifyWinEvent, OemKeyScan, OemToCharA, OemToCharBuffA, OemToCharBuffW, OemToCharW, OffsetRect, OpenClipboard, OpenDesktopA, OpenDesktopW, OpenIcon, OpenInputDesktop, OpenThreadDesktop, OpenWindowStationA, OpenWindowStationW, PackDDElParam, PaintDesktop, PaintMenuBar, PaintMonitor, PeekMessageA, PeekMessageW, PhysicalToLogicalPoint, PostMessageA, PostMessageW, PostQuitMessage, PostThreadMessageA, PostThreadMessageW, PrintWindow, PrivateExtractIconExA, PrivateExtractIconExW, PrivateExtractIconsA, PrivateExtractIconsW, PrivateRegisterICSProc, PtInRect, QueryDisplayConfig, QuerySendMessage, RealChildWindowFromPoint, RealGetWindowClass, RealGetWindowClassA, RealGetWindowClassW, ReasonCodeNeedsBugID, ReasonCodeNeedsComment, RecordShutdownReason, RedrawWindow, RegisterClassA, RegisterClassExA, RegisterClassExW, RegisterClassW, RegisterClipboardFormatA, RegisterClipboardFormatW, RegisterDeviceNotificationA, RegisterDeviceNotificationW, RegisterErrorReportingDialog, RegisterFrostWindow, RegisterGhostWindow, RegisterHotKey, RegisterLogonProcess, RegisterMessagePumpHook, RegisterPowerSettingNotification, RegisterRawInputDevices, RegisterServicesProcess, RegisterSessionPort, RegisterShellHookWindow, RegisterSystemThread, RegisterTasklist, RegisterTouchWindow, RegisterUserApiHook, RegisterWindowMessageA, RegisterWindowMessageW, ReleaseCapture, ReleaseDC, RemoveClipboardFormatListener, RemoveMenu, RemovePropA, RemovePropW, ReplyMessage, ResolveDesktopForWOW, ReuseDDElParam, ScreenToClient, ScrollChildren, ScrollDC, ScrollWindow, ScrollWindowEx, SendDlgItemMessageA, SendDlgItemMessageW, SendIMEMessageExA, SendIMEMessageExW, SendInput, SendMessageA, SendMessageCallbackA, SendMessageCallbackW, SendMessageTimeoutA, SendMessageTimeoutW, SendMessageW, SendNotifyMessageA, SendNotifyMessageW, SetActiveWindow, SetCapture, SetCaretBlinkTime, SetCaretPos, SetClassLongA, SetClassLongW, SetClassWord, SetClipboardData, SetClipboardViewer, SetCursor, SetCursorContents, SetCursorPos, SetDebugErrorLevel, SetDeskWallpaper, SetDisplayConfig, SetDlgItemInt, SetDlgItemTextA, SetDlgItemTextW, SetDoubleClickTime, SetFocus, SetForegroundWindow, SetGestureConfig, SetInternalWindowPos, SetKeyboardState, SetLastErrorEx, SetLayeredWindowAttributes, SetMagnificationDesktopColorEffect, SetMagnificationDesktopMagnification, SetMagnificationLensCtxInformation, SetMenu, SetMenuContextHelpId, SetMenuDefaultItem, SetMenuInfo, SetMenuItemBitmaps, SetMenuItemInfoA, SetMenuItemInfoW, SetMessageExtraInfo, SetMessageQueue, SetMirrorRendering, SetParent, SetPhysicalCursorPos, SetProcessDPIAware, SetProcessDefaultLayout, SetProcessWindowStation, SetProgmanWindow, SetPropA, SetPropW, SetRect, SetRectEmpty, SetScrollInfo, SetScrollPos, SetScrollRange, SetShellWindow, SetShellWindowEx, SetSysColors, SetSysColorsTemp, SetSystemCursor, SetSystemMenu, SetTaskmanWindow, SetThreadDesktop, SetTimer, SetUserObjectInformationA, SetUserObjectInformationW, SetUserObjectSecurity, SetWinEventHook, SetWindowCompositionAttribute, SetWindowContextHelpId, SetWindowDisplayAffinity, SetWindowLongA, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowRgn, SetWindowRgnEx, SetWindowStationUser, SetWindowTextA, SetWindowTextW, SetWindowWord, SetWindowsHookA, SetWindowsHookExA, SetWindowsHookExW, SetWindowsHookW, SfmDxBindSwapChain, SfmDxGetSwapChainStats, SfmDxOpenSwapChain, SfmDxQuerySwapChainBindingStatus, SfmDxReleaseSwapChain, SfmDxReportPendingBindingsToDwm, SfmDxSetSwapChainBindingStatus, SfmDxSetSwapChainStats, ShowCaret, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowStartGlass, ShowSystemCursor, ShowWindow, ShowWindowAsync, ShutdownBlockReasonCreate, ShutdownBlockReasonDestroy, ShutdownBlockReasonQuery, SoftModalMessageBox, SoundSentry, SubtractRect, SwapMouseButton, SwitchDesktop, SwitchDesktopWithFade, SwitchToThisWindow, SystemParametersInfoA, SystemParametersInfoW, TabbedTextOutA, TabbedTextOutW, TileChildWindows, TileWindows, ToAscii, ToAsciiEx, ToUnicode, ToUnicodeEx, TrackMouseEvent, TrackPopupMenu, TrackPopupMenuEx, TranslateAccelerator, TranslateAcceleratorA, TranslateAcceleratorW, TranslateMDISysAccel, TranslateMessage, TranslateMessageEx, UnhookWinEvent, UnhookWindowsHook, UnhookWindowsHookEx, UnionRect, UnloadKeyboardLayout, UnlockWindowStation, UnpackDDElParam, UnregisterClassA, UnregisterClassW, UnregisterDeviceNotification, UnregisterHotKey, UnregisterMessagePumpHook, UnregisterPowerSettingNotification, UnregisterSessionPort, UnregisterTouchWindow, UnregisterUserApiHook, UpdateLayeredWindow, UpdateLayeredWindowIndirect, UpdatePerUserSystemParameters, UpdateWindow, UpdateWindowTransform, User32InitializeImmEntryTable, UserClientDllInitialize, UserHandleGrantAccess, UserLpkPSMTextOut, UserLpkTabbedTextOut, UserRealizePalette, UserRegisterWowHandlers, VRipOutput, VTagOutput, ValidateRect, ValidateRgn, VkKeyScanA, VkKeyScanExA, VkKeyScanExW, VkKeyScanW, WCSToMBEx, WINNLSEnableIME, WINNLSGetEnableStatus, WINNLSGetIMEHotkey, WaitForInputIdle, WaitMessage, WinHelpA, WinHelpW, WindowFromDC, WindowFromPhysicalPoint, WindowFromPoint, _UserTestTokenForInteractive, gSharedInfo, gapfnScSendMessage, keybd_event, mouse_event, wsprintfA, wsprintfW, wvsprintfA, wvsprintfW
TrID&nbsp;&nbsp;: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
ssdeep: 12288:6UMmzZo/qril3O9BS+wHFk4VhFYKXypF39r9X3Mh5L+s5ENOeQiV1Li/kh:hM6IlSKizNrRaLeYeXV1i/kh
sigcheck: publisher....: Microsoft Corporation<br>copyright....: © Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: Multi-User Windows USER API Client DLL<br>original name: user32<br>internal name: user32<br>file version.: 6.1.7600.16385 (win7_rtm.090713-1255)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
PEiD&nbsp;&nbsp;: -
RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-


#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:24 PM

Posted 19 June 2010 - 09:55 PM

Hello.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

~Blade


In your next reply, please include the following:
TDSSKiller log
How is the computer running now?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:24 PM

Posted 14 July 2010 - 10:28 AM

Due to lack of feedback, this topic is now Closed

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users