BleepingComputer.com: Windows Recovery Malware Infection [Computer 1]

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Windows Recovery Malware Infection [Computer 1] WIndows Recovery Console and HDD failure popups.

#16 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 11 May 2011 - 07:57 AM

Hi!

Yes ESET can take some time to run.

The items found by ESET are currently in system restore/quarantine and will be dealt with once we clean-up our tools later.

Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform.
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.

  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.



NEXT



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.



NEXT:



What outstanding issues (if any) are you still experiencing with your computer?
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#17 User is offline   nyclad 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 44
  • Joined: 06-September 10

Posted 11 May 2011 - 12:36 PM

Hi ST,


I removed Adobe Reader, and didn't reinstall it.

I removed Java, and reinstalled it per the instructions above. However, after Java said it had successfully installed, there was a popup window that read: "Installer: Wrapper CreateFile failed with error 5: Access is denied." I tried again to run the Java installer as Administrator, and it said Java was already installed, so I chose the install again option, and everything was identical as the first time, including the same error message. I decided to skip to the nexty step anyways.

I ran OTL and it came up with two logs, OTL.txt and Extras.txt. I didn't know if you want the second report, but I figure it can't hurt to post both.


As far as other issues, I do notice that some desktop items are missing, such as icons for the Recycle Bin and Internet Explorer, as well as the programs on the Start Menu. If there was a way to make the reappear, that'd be great, but if not, it's no big deal.

OTL.TXT

OTL logfile created on: 5/8/2011 9:51:56 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 541.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.08 Gb Total Space | 113.07 Gb Free Space | 51.85% Space Free | Partition Type: NTFS
Drive D: | 14.51 Gb Total Space | 1.47 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 94.01 Mb Free Space | 94.79% Space Free | Partition Type: FAT32
Drive F: | 3.99 Gb Total Space | 3.99 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: STEEV-NB | User Name: Steev | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 08:41:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/08 08:41:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/06 16:23:18 | 006,128,720 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/03 18:17:08 | 000,654,848 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/22 05:58:18 | 000,265,400 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/28 14:36:52 | 000,246,520 | -H-- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/04/23 17:55:56 | 000,103,992 | -H-- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010/04/09 15:43:38 | 000,026,168 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/03/31 18:53:18 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/03/25 10:25:22 | 030,969,208 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | -H-- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/26 03:03:00 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\stacsv.exe -- (STacSV)
SRV - [2009/11/13 12:28:04 | 000,110,592 | -H-- | M] (WDC) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/13 10:25:30 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/16 09:58:08 | 000,020,480 | -H-- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/05/01 15:41:21 | 000,058,720 | -H-- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\srenum.sys -- (srenum)
DRV - [2011/05/01 15:34:57 | 000,020,480 | -H-- | M] (NT Kernel Resources) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndisrd.sys -- (ndisrd)
DRV - [2010/12/08 05:12:38 | 000,251,728 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/12 14:19:38 | 000,299,984 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:54 | 000,025,680 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 04:48:56 | 000,034,384 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 04:48:50 | 000,026,064 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,030,288 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,021,072 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/12 14:49:18 | 000,060,104 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/07/12 14:48:56 | 000,073,032 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/06/22 04:30:14 | 000,116,224 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BRCMHD32.sys -- (BRCMDECO)
DRV - [2010/02/26 03:03:00 | 000,423,424 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/08 22:57:16 | 000,186,912 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/11/11 13:09:22 | 000,018,136 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)
DRV - [2009/10/27 12:02:14 | 000,023,936 | -H-- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 15:02:53 | 000,311,296 | -H-- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 15:02:51 | 004,231,168 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/06/03 16:17:14 | 000,131,584 | -H-- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ArcHlp.sys -- (archlp)
DRV - [2009/02/13 12:02:52 | 000,011,520 | -H-- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/07/16 14:29:43 | 000,020,504 | -H-- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007/07/16 14:29:33 | 000,017,432 | -H-- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\Firefox [2010/06/10 10:54:55 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/10 10:54:57 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/01 14:35:28 | 000,000,000 | -H-D | M]


Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [cftmon] C:\Windows\System32\dafr.exe (vuoopjgqkoybrxsctdvw)
O4 - HKLM..\Run: [DTRun] C:\Program Files\ArcSoft\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Lviehfngpqg] File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe ()
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [506E7F4A_0] File not found
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [engel] File not found
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [fhFLtreUvTGXnKC] C:\ProgramData\fhFLtreUvTGXnKC.exe (WinTrust)
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [Lfodupadewiyohup] C:\Users\Steev\AppData\Local\mgesyp.dll (ArcSoft Inc.)
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [Lviehfngpqg] File not found
O4 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000..\Run: [Zxjejd] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\System32) - C:\Windows\System32 [2011/05/08 09:48:24 | 000,000,000 | -H-D | M]
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 08:53:12 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Steev\Desktop\OTL.exe
[2011/05/01 17:01:40 | 000,000,000 | -H-D | C] -- C:\32788R22FWJFW
[2011/05/01 16:07:37 | 000,000,000 | -H-D | C] -- C:\Windows\Minidump
[2011/05/01 15:46:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011/05/01 15:46:51 | 000,000,000 | -H-D | C] -- C:\Users\Steev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011/05/01 15:36:32 | 000,385,024 | -H-- | C] (vuoopjgqkoybrxsctdvw) -- C:\Windows\System32\dafr.exe
[2011/05/01 15:35:53 | 000,000,000 | -H-D | C] -- C:\RECYCLER
[2011/05/01 15:35:50 | 000,000,000 | -H-D | C] -- C:\Users\Steev\AppData\Roaming\engel
[2011/05/01 15:34:57 | 000,520,704 | -H-- | C] (WinTrust) -- C:\ProgramData\fhFLtreUvTGXnKC.exe
[2011/05/01 15:34:57 | 000,020,480 | -H-- | C] (NT Kernel Resources) -- C:\Windows\System32\drivers\ndisrd.sys
[2011/05/01 15:34:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Search Toolbar
[2011/04/30 20:56:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/04/30 20:55:38 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/04/30 20:04:14 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/30 20:04:12 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/22 18:02:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/22 18:02:35 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/22 18:02:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/22 18:02:34 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/22 18:02:32 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/04/22 18:02:31 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/04/22 18:02:28 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/22 18:02:28 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/08 23:02:04 | 000,390,656 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\ipcoin815.dll
[2011/04/08 14:07:08 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\HP
[2011/04/08 14:06:49 | 000,013,929 | -H-- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hppfaxprintermon5.dll
[2011/04/08 14:06:49 | 000,009,451 | -H-- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hppfaxprintermonui5.dll
[2011/04/08 13:25:23 | 000,161,280 | -H-- | C] (Hewlett-Packard Corporation) -- C:\Windows\System32\hpcpn093.dll
[2011/04/08 13:25:22 | 000,059,928 | -H-- | C] (Hewlett-Packard) -- C:\Windows\System32\fxcompchannel.dll
[2011/04/08 13:23:42 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/04/08 13:20:58 | 000,026,136 | -H-- | C] (Hewlett Packard) -- C:\Windows\System32\drivers\hpfxgen.sys
[2011/04/08 13:20:58 | 000,020,504 | -H-- | C] (Hewlett Packard) -- C:\Windows\System32\drivers\hpfxfax.sys
[2011/04/08 13:20:58 | 000,017,432 | -H-- | C] (Hewlett Packard) -- C:\Windows\System32\drivers\hpfxbulk.sys
[2011/04/08 13:20:56 | 000,770,048 | -H-- | C] (Hewlett-Packard) -- C:\Windows\System32\hpptsp05.dll
[2011/04/08 13:20:56 | 000,761,856 | -H-- | C] (Hewlett-Packard) -- C:\Windows\System32\hpxp2320.dll
[2011/04/08 13:20:56 | 000,450,560 | -H-- | C] (Hewlett-Packard) -- C:\Windows\System32\hppasc12.dll
[2011/04/08 13:20:56 | 000,331,776 | -H-- | C] (Hewlett-Packard) -- C:\Windows\System32\hppcpr12.dll
[2011/04/08 13:20:56 | 000,188,416 | -H-- | C] (Hewlett Packard) -- C:\Windows\System32\hppcew12.dll
[2011/04/08 13:20:55 | 000,188,416 | -H-- | C] (Hewlett Packard) -- C:\Windows\System32\hppafx12.dll
[2011/04/08 13:20:55 | 000,059,928 | -H-- | C] (Hewlett-Packard) -- C:\Windows\System32\fxfaxchannel.dll
[2011/04/08 13:18:58 | 000,000,000 | -H-D | C] -- C:\CM_2320_Full_Solution_Win7_3_1_AM-EMEA1
[2011/04/08 13:09:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\HP
[2011/04/08 13:08:31 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\SWF Studio
[2011/04/08 13:06:14 | 000,000,000 | -H-D | C] -- C:\HP_CM2320_series_full_solution_v3.0_AM-EMEA
[2011/04/08 10:51:58 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/08 10:51:58 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/08 10:51:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/08 10:51:57 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/08 10:51:57 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/08 10:51:57 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/08 10:51:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/08 10:51:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/08 10:51:56 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/08 10:51:56 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/08 10:51:56 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/08 10:51:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/08 10:51:55 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/08 10:51:55 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/08 10:51:55 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/08 10:51:54 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/08 10:51:54 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/08 10:51:54 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/08 10:51:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/08 10:51:54 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/08 10:51:54 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/08 10:51:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/08 10:51:53 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/08 10:51:53 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/08 10:51:53 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/08 10:51:52 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/08 10:51:52 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/08 10:51:52 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/08 10:51:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/08 10:51:51 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/08 10:51:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/08 10:51:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/08 10:51:50 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/08 10:51:50 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/08 10:51:50 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/08 10:51:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/08 10:51:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/08 10:51:49 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/08 10:51:49 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/03/03 12:27:10 | 000,122,880 | -H-- | C] (ArcSoft Inc.) -- C:\Users\Steev\AppData\Local\mgesyp.dll
[3 C:\Users\Steev\AppData\Roaming\*.tmp files -> C:\Users\Steev\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/08 09:51:46 | 000,034,560 | ---- | M] () -- C:\Windows\System32\drivers\Normandy.sys
[2011/05/08 09:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/08 09:50:43 | 796,020,736 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 09:50:41 | 226,552,569 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/08 09:26:39 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2769440373-2176610137-4011517129-1000UA.job
[2011/05/08 09:26:07 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 09:26:07 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 08:41:52 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Steev\Desktop\OTL.exe
[2011/05/08 08:41:44 | 000,133,632 | -H-- | M] () -- C:\Users\Steev\Desktop\RKUnhookerLE.EXE
[2011/05/01 18:01:13 | 000,000,000 | -H-- | M] () -- C:\Users\Steev\defogger_reenable
[2011/05/01 17:27:04 | 000,624,178 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/01 17:27:04 | 000,106,522 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/01 15:46:52 | 000,000,631 | -H-- | M] () -- C:\Users\Steev\Desktop\Windows Recovery.lnk
[2011/05/01 15:44:42 | 000,000,336 | -H-- | M] () -- C:\ProgramData\36822792
[2011/05/01 15:44:34 | 000,444,416 | -H-- | M] () -- C:\ProgramData\36822792.exe
[2011/05/01 15:41:21 | 000,058,720 | -H-- | M] () -- C:\Windows\System32\drivers\srenum.sys
[2011/05/01 15:41:21 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\msrun.exe
[2011/05/01 15:37:28 | 000,001,608 | -H-- | M] () -- C:\Users\Steev\AppData\Roaming\7BBE.808
[2011/05/01 15:36:56 | 000,000,093 | -H-- | M] () -- C:\Windows\System32\winset.ini
[2011/05/01 15:36:32 | 000,385,024 | -H-- | M] (vuoopjgqkoybrxsctdvw) -- C:\Windows\System32\dafr.exe
[2011/05/01 15:36:21 | 000,050,000 | -H-- | M] () -- C:\Windows\System32\ww1waf.dll
[2011/05/01 15:34:57 | 000,020,480 | -H-- | M] (NT Kernel Resources) -- C:\Windows\System32\drivers\ndisrd.sys
[2011/05/01 15:34:54 | 000,520,704 | -H-- | M] (WinTrust) -- C:\ProgramData\fhFLtreUvTGXnKC.exe
[2011/05/01 09:14:04 | 113,882,525 | -H-- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/05/01 07:33:17 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2769440373-2176610137-4011517129-1000Core.job
[2011/04/30 22:12:38 | 000,002,363 | -H-- | M] () -- C:\Users\Steev\Desktop\Google Chrome.lnk
[2011/04/30 21:50:34 | 000,474,208 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/29 12:45:36 | 000,301,568 | -H-- | M] () -- C:\Users\Steev\Desktop\gmer.exe
[2011/04/08 23:02:04 | 000,390,656 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\ipcoin815.dll
[2011/04/08 14:08:50 | 000,176,747 | -H-- | M] () -- C:\Windows\hppins12.dat
[2011/04/08 14:06:46 | 000,000,608 | -HS- | M] () -- C:\Windows\System32\winzvprt5.sys
[2011/04/08 14:06:46 | 000,000,222 | -H-- | M] () -- C:\Windows\System32\hppfaxprinter5.ini
[2011/04/08 13:29:27 | 000,000,987 | -H-- | M] () -- C:\Windows\hpntwksetup.ini
[2011/04/08 10:53:40 | 000,001,411 | -H-- | M] () -- C:\Users\Steev\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/08 10:51:58 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/08 10:51:58 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/08 10:51:58 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/08 10:51:57 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/08 10:51:57 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/08 10:51:57 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/08 10:51:57 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/08 10:51:56 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/08 10:51:56 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/08 10:51:56 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/08 10:51:56 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/08 10:51:56 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/08 10:51:55 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/08 10:51:55 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/08 10:51:55 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/08 10:51:55 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/08 10:51:54 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/08 10:51:54 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/08 10:51:54 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/08 10:51:54 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/08 10:51:54 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/08 10:51:54 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/08 10:51:54 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/08 10:51:53 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/08 10:51:53 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/08 10:51:53 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/08 10:51:52 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/08 10:51:52 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/08 10:51:52 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/08 10:51:51 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/08 10:51:51 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/08 10:51:51 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/08 10:51:51 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/08 10:51:50 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/08 10:51:50 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/08 10:51:50 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/08 10:51:50 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/08 10:51:50 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/08 10:51:49 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/08 10:51:49 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/04/08 10:21:15 | 000,000,320 | -H-- | M] () -- C:\Windows\tasks\HPCeeScheduleForSteev.job
[3 C:\Users\Steev\AppData\Roaming\*.tmp files -> C:\Users\Steev\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/08 09:51:46 | 000,034,560 | ---- | C] () -- C:\Windows\System32\drivers\Normandy.sys
[2011/05/08 08:53:15 | 000,133,632 | -H-- | C] () -- C:\Users\Steev\Desktop\RKUnhookerLE.EXE
[2011/05/01 18:18:05 | 000,301,568 | -H-- | C] () -- C:\Users\Steev\Desktop\gmer.exe
[2011/05/01 18:01:13 | 000,000,000 | -H-- | C] () -- C:\Users\Steev\defogger_reenable
[2011/05/01 16:07:32 | 226,552,569 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/01 15:46:52 | 000,000,631 | -H-- | C] () -- C:\Users\Steev\Desktop\Windows Recovery.lnk
[2011/05/01 15:44:42 | 000,000,336 | -H-- | C] () -- C:\ProgramData\36822792
[2011/05/01 15:44:34 | 000,444,416 | -H-- | C] () -- C:\ProgramData\36822792.exe
[2011/05/01 15:41:21 | 000,058,720 | -H-- | C] () -- C:\Windows\System32\drivers\srenum.sys
[2011/05/01 15:41:21 | 000,004,128 | -H-- | C] () -- C:\Windows\System32\msrun.exe
[2011/05/01 15:36:35 | 000,001,608 | -H-- | C] () -- C:\Users\Steev\AppData\Roaming\7BBE.808
[2011/05/01 15:36:31 | 000,000,093 | -H-- | C] () -- C:\Windows\System32\winset.ini
[2011/05/01 15:36:21 | 000,050,000 | -H-- | C] () -- C:\Windows\System32\ww1waf.dll
[2011/04/08 14:06:46 | 000,000,222 | -H-- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2011/04/08 13:57:01 | 000,176,747 | -H-- | C] () -- C:\Windows\hppins12.dat
[2011/04/08 13:57:00 | 000,007,855 | -H-- | C] () -- C:\Windows\hppmdl12.dat
[2011/04/08 13:33:58 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2011/04/08 13:27:01 | 000,000,987 | -H-- | C] () -- C:\Windows\hpntwksetup.ini
[2011/04/08 13:20:25 | 000,003,212 | -H-- | C] () -- C:\Windows\System32\hppls2320.spf
[2011/04/08 13:20:24 | 000,000,665 | -H-- | C] () -- C:\Windows\System32\hppapr12.dat
[2011/04/08 10:51:54 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/01/27 15:11:26 | 000,000,020 | -H-- | C] () -- C:\Windows\System32\AVGRSSTX.DLL
[2010/08/10 22:54:03 | 000,000,016 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2010/08/07 21:52:06 | 000,256,512 | -H-- | C] () -- C:\Windows\PEV.exe
[2010/08/07 21:52:06 | 000,098,816 | -H-- | C] () -- C:\Windows\sed.exe
[2010/08/07 21:52:06 | 000,080,412 | -H-- | C] () -- C:\Windows\grep.exe
[2010/08/07 21:52:06 | 000,077,312 | -H-- | C] () -- C:\Windows\MBR.exe
[2010/08/07 21:52:06 | 000,068,096 | -H-- | C] () -- C:\Windows\zip.exe
[2010/08/06 19:05:52 | 000,168,448 | -H-- | C] () -- C:\Windows\System32\unrar.dll
[2010/08/06 19:05:51 | 000,000,038 | -H-- | C] () -- C:\Windows\avisplitter.ini
[2010/08/06 19:05:46 | 000,881,664 | -H-- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/08/06 19:05:45 | 003,596,288 | -H-- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/08/06 19:05:45 | 000,205,824 | -H-- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/08/06 19:05:40 | 000,085,504 | -H-- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/06/22 04:30:08 | 000,864,276 | RH-- | C] () -- C:\Windows\System32\drivers\bcm70015fw.bin
[2010/06/22 04:30:04 | 002,786,404 | RH-- | C] () -- C:\Windows\System32\drivers\bcm70012fw.bin
[2010/06/10 10:47:05 | 000,006,656 | -H-- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/06/10 10:38:29 | 000,073,728 | -H-- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/06/10 10:36:41 | 000,000,276 | -H-- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2010/06/10 10:36:41 | 000,000,217 | -H-- | C] () -- C:\Windows\System32\RStoneLog.ini
[2010/05/12 22:47:33 | 000,000,188 | -H-- | C] () -- C:\Windows\System32\HPWA.ini
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,474,208 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,624,178 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,106,522 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 15:09:19 | 001,498,564 | -H-- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/07/09 21:03:56 | 000,370,312 | -H-- | C] () -- C:\Windows\System32\sqlite3.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/03 16:17:14 | 000,131,584 | -H-- | C] () -- C:\Windows\System32\drivers\ArcHlp.sys
[2007/03/16 17:00:00 | 000,003,403 | -H-- | C] () -- C:\Windows\System32\hptcpmon.ini

< End of report >


EXTRAS.TXT

OTL Extras logfile created on: 5/8/2011 9:51:56 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 541.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.08 Gb Total Space | 113.07 Gb Free Space | 51.85% Space Free | Partition Type: NTFS
Drive D: | 14.51 Gb Total Space | 1.47 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 94.01 Mb Free Space | 94.79% Space Free | Partition Type: FAT32
Drive F: | 3.99 Gb Total Space | 3.99 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: STEEV-NB | User Name: Steev | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24495227-1B47-4D55-AC27-167B6BC3FF73}" = hppScanToCM2320
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{338DAD71-9CE7-4D63-B729-7E91C07A4D7D}" = Microsoft Search Enhancement Pack
"{34985F59-8F6F-46F4-9AD5-53E2714294D2}" = ArcSoft WebCam Companion 3
"{3598D33E-AF4E-4423-ABDD-9EA32D03D3DC}" = ArcSoft TotalMedia Theatre 3
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40C915B0-F2A0-423D-BEDF-04D3CE4D4DC5}" = HP Quick Launch
"{4123BE4D-C65C-467E-8071-232FB1FBF3B8}" = MSN Toolbar Platform
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F22707C-C8E4-4BC8-881C-FAAB2EF5914B}" = HP HomeBase
"{511CA535-9CB1-4128-A30C-5F4C5D4AB848}" = hppFaxUtilityCM2320
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53454A1C-26F6-4599-A410-847B6AAD0009}" = Motorola Driver Installation 4.6.5
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6590DC16-A0D3-4397-9A91-C4E8836E40A4}" = HP User Guides 0214
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{77697747-7567-428D-8394-2287586F6974}" = hppusgCM2320
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{99EE30D2-A7EA-486C-9AD4-57C8583375BF}" = hppSendFaxCM2320
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{AE7C40B6-9C6D-4022-B017-A41A6B7FA4D3}" = hppManualsCM2320
"{B226235F-51A4-4090-B5DB-5482A28D1B0F}" = hppFaxDrvCM2320
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DA200FDD-DE3D-4958-8465-C4FBC869544B}" = HP Software Framework
"{DB23EB2A-5137-4FA0-9A90-AAAABE4AADBA}" = HP QuickSync
"{DD7D788B-D6C2-4CB1-AACC-8614D6C21D7C}" = hppCLJCM2320
"{DFB3914C-99B4-43C7-A9B6-298C2E11152A}" = HP Wireless Assistant
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}" = HP Color LaserJet CM2320 MFP Series 3.1
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE01E1D7-D3C8-4B08-898A-C59A977098C5}" = Broadcom CrystalHD Decoder
"{FF841249-0D6B-41D7-8013-953EE3A33263}" = hppQFolderCM2320
"9657EE3B-8192-467a-8292-976253F38749_is1" = Jagged Alliance 2 v1.13 (EN) [1.0.0.2085]
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"ArcSoft TotalMedia" = ArcSoft TotalMedia Theatre3
"AVG" = AVG 2011
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"Jagged Alliance 2 Gold" = Jagged Alliance 2 Gold
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"My HP Game Console" = HP Game Console
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ScanTool.net for Windows" = ScanTool.net for Windows v1.13
"Search Toolbar" = Search Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT082124" = Blasterball 3
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082172" = Polar Bowler
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082222" = Insaniquarium Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082246" = Zuma Deluxe
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082409" = Mahjongg Artifacts
"WT082422" = Wedding Dash
"WT082427" = Slingo Deluxe
"WT082442" = Faerie Solitaire
"WT083489" = JoJo's Fashion Show
"WT083503" = Jewel Match 2
"WT083510" = Jewel Quest Solitaire
"WT083514" = Jewel Quest II
"WT083521" = Dream Chronicles
"WT083529" = Gem Shop
"ZumoDrive" = HP CloudDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2769440373-2176610137-4011517129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2011 1:06:08 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: ScanTool.exe, version: 1.13.0.0, time stamp:
0x4472d4e7 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00052d94 Faulting process id:
0x16ec Faulting application start time: 0x01cbdb57363d9e16 Faulting application path:
C:\Program Files\ScanTool.net_win\ScanTool.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: dcc5a6e8-474a-11e0-9355-00268286e822

Error - 3/5/2011 1:55:54 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: MotoConnect.exe, version: 1.1.30.0, time
stamp: 0x4c22fc56 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b8f0 Exception code: 0xe06d7363 Fault offset: 0x0000b760 Faulting
process id: 0x1410 Faulting application start time: 0x01cbdb5e90be568f Faulting application
path: C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe Faulting module
path: C:\Windows\system32\KERNELBASE.dll Report Id: d0a62bb1-4751-11e0-9355-be97d91f3397

Error - 3/7/2011 5:37:13 PM | Computer Name = Steev-NB | Source = RasClient | ID = 20227
Description =

Error - 3/7/2011 5:40:28 PM | Computer Name = Steev-NB | Source = RasClient | ID = 20227
Description =

Error - 3/7/2011 5:45:20 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: MotoConnect.exe, version: 1.1.30.0, time
stamp: 0x4c22fc56 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b8f0 Exception code: 0xe06d7363 Fault offset: 0x0000b760 Faulting
process id: 0xe0c Faulting application start time: 0x01cbdd10f1c05b67 Faulting application
path: C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe Faulting module
path: C:\Windows\system32\KERNELBASE.dll Report Id: 32370319-4904-11e0-8973-c80aa9c418d6

Error - 3/9/2011 12:48:55 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: MotoConnect.exe, version: 1.1.30.0, time
stamp: 0x4c22fc56 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b8f0 Exception code: 0xe06d7363 Fault offset: 0x0000b760 Faulting
process id: 0x1650 Faulting application start time: 0x01cbde79df3f5425 Faulting application
path: C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe Faulting module
path: C:\Windows\system32\KERNELBASE.dll Report Id: 1e95f556-4a6d-11e0-ac32-cfa3592346da

Error - 3/19/2011 12:36:55 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: Flash10l.ocx, version: 10.1.102.64,
time stamp: 0x4cc0fef8 Exception code: 0xc0000005 Fault offset: 0x003f4c2f Faulting
process id: 0x15e4 Faulting application start time: 0x01cbe6519015754e Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash10l.ocx
Report
Id: 1952a55e-5247-11e0-8303-959d6a8f0ed7

Error - 3/19/2011 12:37:16 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: Flash10l.ocx, version: 10.1.102.64,
time stamp: 0x4cc0fef8 Exception code: 0xc0000005 Fault offset: 0x003f4c2f Faulting
process id: 0x1794 Faulting application start time: 0x01cbe653de61ef0e Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash10l.ocx
Report
Id: 25f121b8-5247-11e0-8303-959d6a8f0ed7

Error - 3/19/2011 12:52:14 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: MotoConnect.exe, version: 1.1.30.0, time
stamp: 0x4c22fc56 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b8f0 Exception code: 0xe06d7363 Fault offset: 0x0000b760 Faulting
process id: 0x11e4 Faulting application start time: 0x01cbe655fe020c25 Faulting application
path: C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe Faulting module
path: C:\Windows\system32\KERNELBASE.dll Report Id: 3d0c814d-5249-11e0-8303-959d6a8f0ed7

Error - 3/19/2011 1:09:46 PM | Computer Name = Steev-NB | Source = Application Error | ID = 1000
Description = Faulting application name: MotoConnect.exe, version: 1.1.30.0, time
stamp: 0x4c22fc56 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b8f0 Exception code: 0xe06d7363 Fault offset: 0x0000b760 Faulting
process id: 0xe00 Faulting application start time: 0x01cbe658706fc7c6 Faulting application
path: C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe Faulting module
path: C:\Windows\system32\KERNELBASE.dll Report Id: b014f661-524b-11e0-ac4a-a79c59a765b4

[ Hewlett-Packard Events ]
Error - 9/17/2010 8:06:07 PM | Computer Name = Steev-NB | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 9/17/2010 8:34:15 PM | Computer Name = Steev-NB | Source = Hewlett-Packard | ID = 0
Description = en-US Process must exit before requested information can be determined.
System

at System.Diagnostics.Process.EnsureState(State state) at System.Diagnostics.Process.get_ExitCode()

at g.a(FixableIssues[] A_0)

Error - 10/18/2010 3:51:07 PM | Computer Name = Steev-NB | Source = Hewlett-Packard | ID = 0
Description = en-US Exception of type 'System.Exception' was thrown. Configurator
at Configurator.ConfiguratorClass.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

Error - 10/18/2010 3:51:08 PM | Computer Name = Steev-NB | Source = Hewlett-Packard | ID = 0
Description = en-US Exception of type 'System.Exception' was thrown. Configurator
at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

Error - 11/13/2010 2:41:52 AM | Computer Name = Steev-NB | Source = Hewlett-Packard | ID = 0
Description =

Error - 4/22/2011 9:22:21 PM | Computer Name = Steev-NB | Source = Hewlett-Packard | ID = 0
Description =

[ HP Wireless Assistant Events ]
Error - 2/10/2011 12:01:38 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 2/10/2011 12:01:38 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 2/10/2011 4:41:19 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 2/10/2011 4:41:19 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 2/21/2011 7:14:30 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 2/21/2011 7:14:30 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 2/26/2011 4:53:45 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 2/26/2011 4:53:45 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 4/1/2011 5:16:32 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 4/1/2011 5:16:32 PM | Computer Name = Steev-NB | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

[ System Events ]
Error - 4/8/2011 6:23:49 PM | Computer Name = Steev-NB | Source = DCOM | ID = 10010
Description =

Error - 4/22/2011 8:50:11 PM | Computer Name = Steev-NB | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:21:59 AM on ?4/?9/?2011 was unexpected.

Error - 4/22/2011 8:52:07 PM | Computer Name = Steev-NB | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 4/22/2011 8:52:07 PM | Computer Name = Steev-NB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 4/22/2011 10:27:49 PM | Computer Name = Steev-NB | Source = DCOM | ID = 10010
Description =

Error - 4/22/2011 11:52:21 PM | Computer Name = Steev-NB | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 4/22/2011 11:52:21 PM | Computer Name = Steev-NB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 4/23/2011 6:23:03 PM | Computer Name = Steev-NB | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 4/23/2011 6:24:19 PM | Computer Name = Steev-NB | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 4/23/2011 6:24:19 PM | Computer Name = Steev-NB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >

#18 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 11 May 2011 - 01:30 PM

Hi!

Please do the following;

Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



If the tool works as expected, and unhides your files, please run a new scan with OTL and post the log it produces. If it doesn't work as expected, please post back and let me know.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#19 User is offline   nyclad 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 44
  • Joined: 06-September 10

Posted 11 May 2011 - 01:56 PM

Hi ST,

Unhide.exe seems to have worked for the most part. I think it unhid 1-2 things on the desktop, but no Recycle Bin (it's not a big deal to me) as there was one pre-infection. The Start Menu seems to show everything back in it when you click on All Programs.

Did you want me to proceed to the OTL? Run it on regular RUN SCAN with "Scan All Users" checked?

#20 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 11 May 2011 - 02:06 PM

Hi!

Please follow the OTL instructions in this post: http://www.bleepingcomputer.com/forums/topic394949.html/page__view__findpost__p__2243009
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#21 User is offline   nyclad 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 44
  • Joined: 06-September 10

Posted 11 May 2011 - 02:57 PM

Hi ST,


I followed the instructions for the OTL.

Here's the report.

OTL logfile created on: 5/11/2011 12:13:36 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Steev\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 246.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.08 Gb Total Space | 163.14 Gb Free Space | 74.81% Space Free | Partition Type: NTFS
Drive D: | 14.51 Gb Total Space | 1.47 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 94.01 Mb Free Space | 94.79% Space Free | Partition Type: FAT32

Computer Name: STEEV-NB | User Name: Steev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 08:41:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steev\Desktop\OTL.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 05:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/03 18:17:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/04/23 17:55:58 | 000,363,064 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2010/04/23 17:55:56 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2010/04/09 15:43:38 | 000,026,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/04/09 15:42:00 | 000,601,144 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/03/31 18:53:18 | 000,338,168 | ---- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010/03/30 16:40:18 | 000,309,816 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2010/03/28 15:22:20 | 000,154,304 | ---- | M] (Zecter Inc.) -- C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
PRC - [2010/02/26 03:03:00 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/02/26 03:03:00 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\stacsv.exe
PRC - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/10/13 10:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 10:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\AEstSrv.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/05/08 08:41:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steev\Desktop\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/11/04 18:53:44 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll
MOD - [2010/04/09 15:41:44 | 000,014,392 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPKBDCTL.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/03 18:17:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/28 14:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/04/23 17:55:56 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010/04/09 15:43:38 | 000,026,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/03/31 18:53:18 | 000,338,168 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/26 03:03:00 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\stacsv.exe -- (STacSV)
SRV - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/13 10:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/05/01 15:34:57 | 000,020,480 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndisrd.sys -- (ndisrd)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/12 14:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/07/12 14:48:56 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/06/22 04:30:14 | 000,116,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BRCMHD32.sys -- (BRCMDECO)
DRV - [2010/02/26 03:03:00 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/08 22:57:16 | 000,186,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/11/11 13:09:22 | 000,018,136 | ---- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 15:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/06/03 16:17:14 | 000,131,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ArcHlp.sys -- (archlp)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/07/16 14:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007/07/16 14:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\Firefox [2010/06/10 10:54:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/10 10:54:57 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/05/09 13:18:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DTRun] C:\Program Files\ArcSoft\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 10:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/10 15:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/10 14:50:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/10 14:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/10 14:50:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/10 14:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/09 13:27:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/09 13:18:28 | 000,000,000 | ---D | C] -- C:\Users\Steev\AppData\Local\temp
[2011/05/09 12:57:45 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/09 12:47:47 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steev\Desktop\TDSSKiller.exe
[2011/05/09 10:01:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/08 08:53:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Steev\Desktop\OTL.exe
[2011/05/01 16:07:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/05/01 15:34:57 | 000,020,480 | ---- | C] (NT Kernel Resources) -- C:\Windows\System32\drivers\ndisrd.sys
[2011/04/30 20:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/04/30 20:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint

========== Files - Modified Within 30 Days ==========

[2011/05/11 12:09:48 | 000,014,128 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 12:09:48 | 000,014,128 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 12:06:41 | 000,636,630 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/11 12:06:41 | 000,110,746 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/11 12:02:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/11 12:02:00 | 796,020,736 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/11 11:43:57 | 000,502,095 | ---- | M] () -- C:\Users\Steev\Desktop\unhide.exe
[2011/05/11 10:26:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2769440373-2176610137-4011517129-1000UA.job
[2011/05/11 10:21:07 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSteev.job
[2011/05/11 09:49:53 | 000,001,393 | ---- | M] () -- C:\Users\Steev\Desktop\Internet Explorer.lnk
[2011/05/11 04:38:45 | 000,879,028 | ---- | M] () -- C:\Users\Steev\Desktop\SecurityCheck.exe
[2011/05/10 14:50:21 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/10 14:27:49 | 000,002,363 | ---- | M] () -- C:\Users\Steev\Desktop\Google Chrome.lnk
[2011/05/09 13:18:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/09 12:51:01 | 241,707,769 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/08 21:52:20 | 004,343,905 | R--- | M] () -- C:\Users\Steev\Desktop\ComboFix.exe
[2011/05/08 09:51:46 | 000,034,560 | ---- | M] () -- C:\Windows\System32\drivers\Normandy.sys
[2011/05/08 08:41:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steev\Desktop\OTL.exe
[2011/05/08 08:41:44 | 000,133,632 | ---- | M] () -- C:\Users\Steev\Desktop\RKUnhookerLE.EXE
[2011/05/01 18:01:13 | 000,000,000 | ---- | M] () -- C:\Users\Steev\defogger_reenable
[2011/05/01 15:34:57 | 000,020,480 | ---- | M] (NT Kernel Resources) -- C:\Windows\System32\drivers\ndisrd.sys
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steev\Desktop\TDSSKiller.exe
[2011/05/01 09:14:04 | 113,882,525 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm.old
[2011/05/01 07:33:17 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2769440373-2176610137-4011517129-1000Core.job
[2011/04/30 21:50:34 | 000,474,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/29 12:45:36 | 000,301,568 | ---- | M] () -- C:\Users\Steev\Desktop\gmer.exe

========== Files Created - No Company Name ==========

[2011/05/11 11:44:00 | 000,502,095 | ---- | C] () -- C:\Users\Steev\Desktop\unhide.exe
[2011/05/11 09:49:53 | 000,001,393 | ---- | C] () -- C:\Users\Steev\Desktop\Internet Explorer.lnk
[2011/05/11 04:38:58 | 000,879,028 | ---- | C] () -- C:\Users\Steev\Desktop\SecurityCheck.exe
[2011/05/10 14:50:21 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/08 22:04:38 | 004,343,905 | R--- | C] () -- C:\Users\Steev\Desktop\ComboFix.exe
[2011/05/08 09:51:46 | 000,034,560 | ---- | C] () -- C:\Windows\System32\drivers\Normandy.sys
[2011/05/08 08:53:15 | 000,133,632 | ---- | C] () -- C:\Users\Steev\Desktop\RKUnhookerLE.EXE
[2011/05/01 18:18:05 | 000,301,568 | ---- | C] () -- C:\Users\Steev\Desktop\gmer.exe
[2011/05/01 18:01:13 | 000,000,000 | ---- | C] () -- C:\Users\Steev\defogger_reenable
[2011/05/01 16:07:32 | 241,707,769 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/08 13:33:58 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2011/04/08 13:27:01 | 000,000,987 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011/04/08 13:20:24 | 000,000,665 | ---- | C] () -- C:\Windows\System32\hppapr12.dat
[2011/01/27 15:11:26 | 000,000,020 | ---- | C] () -- C:\Windows\System32\AVGRSSTX.DLL
[2010/08/10 22:54:03 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/08/07 21:52:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/07 21:52:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/07 21:52:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/07 21:52:06 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/07 21:52:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/06 19:05:52 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/08/06 19:05:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/08/06 19:05:46 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/08/06 19:05:45 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/08/06 19:05:45 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/08/06 19:05:40 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/06/22 04:30:08 | 000,864,276 | R--- | C] () -- C:\Windows\System32\drivers\bcm70015fw.bin
[2010/06/22 04:30:04 | 002,786,404 | R--- | C] () -- C:\Windows\System32\drivers\bcm70012fw.bin
[2010/06/10 10:47:05 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/06/10 10:38:29 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/06/10 10:36:41 | 000,000,276 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2010/06/10 10:36:41 | 000,000,217 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
[2010/05/12 22:47:33 | 000,000,188 | ---- | C] () -- C:\Windows\System32\HPWA.ini
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,474,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,636,630 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,110,746 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 15:09:19 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/07/09 21:03:56 | 000,370,312 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/03 16:17:14 | 000,131,584 | ---- | C] () -- C:\Windows\System32\drivers\ArcHlp.sys
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini

========== LOP Check ==========

[2010/12/07 21:48:49 | 000,000,000 | ---D | M] -- C:\Users\Steev\AppData\Roaming\AVG10
[2010/09/06 15:33:14 | 000,000,000 | ---D | M] -- C:\Users\Steev\AppData\Roaming\Faerie Solitaire
[2010/11/25 13:16:26 | 000,000,000 | ---D | M] -- C:\Users\Steev\AppData\Roaming\Western Digital
[2010/08/10 22:48:19 | 000,000,000 | ---D | M] -- C:\Users\Steev\AppData\Roaming\WildTangent
[2011/05/11 11:42:21 | 000,000,000 | ---D | M] -- C:\Users\Steev\AppData\Roaming\ZumoDrive
[2011/04/22 17:50:16 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Steev\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 12:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Steev\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 12:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Steev\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06 12:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Steev\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/06 12:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/08 10:51:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/08 10:51:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/08 10:51:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/08 10:51:59 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/04/08 10:51:59 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2011/05/01 14:03:07 | 000,000,005 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2011/05/01 14:03:06 | 000,006,587 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Local State
[2011/05/01 13:49:19 | 006,481,540 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2011/05/01 13:49:22 | 002,282,856 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[3 C:\Users\Steev\AppData\Local\Google\Chrome\User Data\*.tmp files -> C:\Users\Steev\AppData\Local\Google\Chrome\User Data\*.tmp -> ]
[2011/05/01 14:03:06 | 000,643,072 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2010/12/03 16:18:57 | 000,010,852 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2010/12/03 16:18:57 | 000,010,852 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2011/05/01 13:49:42 | 000,241,664 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2011/05/01 14:03:07 | 000,002,689 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2011/05/01 14:03:06 | 000,001,350 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2010/08/19 19:00:03 | 000,006,144 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2011/05/01 14:03:06 | 000,034,816 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2011/05/01 14:03:06 | 002,592,768 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\History
[2010/12/03 16:12:37 | 002,614,272 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-08
[2011/02/19 11:06:50 | 004,657,152 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-09
[2011/02/19 11:06:50 | 000,059,392 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-10
[2011/03/09 09:23:30 | 000,319,488 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-11
[2011/03/09 09:25:28 | 000,673,792 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-12
[2011/05/01 14:03:07 | 002,048,000 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-01
[2011/05/01 14:03:07 | 000,585,728 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-02
[2011/04/30 20:59:15 | 000,557,056 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-03
[2011/05/01 13:46:37 | 000,065,536 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-05
[2011/04/30 20:59:36 | 000,065,280 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2011/04/30 20:59:35 | 000,023,972 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2011/03/28 08:19:42 | 000,018,432 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2011/05/01 14:03:07 | 000,021,508 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2011/04/30 20:59:22 | 000,057,344 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2011/05/01 14:03:07 | 000,131,072 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2011/05/01 13:46:20 | 000,106,496 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2010/08/24 20:00:20 | 000,009,216 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2010/08/24 20:00:20 | 000,003,072 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\databases\http_www.airportwifi.com_0\1
[2011/02/19 10:56:08 | 000,020,386 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\icon-128.png
[2011/02/19 10:56:08 | 000,000,740 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\manifest.json
[2011/02/19 10:56:08 | 000,014,514 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\icon_poppit.png
[2011/02/19 10:56:08 | 000,000,767 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\manifest.json
[6 C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[3 C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[2010/09/12 13:41:10 | 000,003,072 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage
[2011/03/09 09:27:24 | 000,003,072 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_api.socialmedia.com_0.localstorage
[2011/02/19 11:24:42 | 000,003,072 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bing.com_0.localstorage
[2010/09/14 11:30:24 | 000,003,072 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.epropertysites.com_0.localstorage
[2010/09/12 13:01:48 | 000,003,072 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.google.com_0.localstorage
[2011/03/19 09:40:41 | 000,003,072 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.weather.com_0.localstorage
[2010/09/10 05:12:28 | 000,045,056 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_0
[2010/09/10 05:12:28 | 000,270,336 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_1
[2010/09/10 05:12:28 | 001,056,768 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_2
[2010/08/24 20:00:20 | 000,008,192 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_3
[2010/08/24 20:00:35 | 001,048,576 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000001
[2010/08/24 20:00:38 | 000,136,600 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000002
[2010/08/24 20:00:36 | 001,048,576 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000003
[2010/08/24 20:00:37 | 001,048,576 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000004
[2010/08/24 20:00:38 | 001,048,576 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000005
[2010/09/10 05:11:30 | 001,048,576 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000006
[2010/09/10 05:11:37 | 001,048,576 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000007
[2010/09/10 05:11:44 | 001,048,576 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000008
[2010/09/10 05:11:50 | 001,048,576 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000009
[2010/09/10 05:12:28 | 000,484,595 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000a
[2010/08/24 20:00:20 | 000,524,656 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Media Cache\index
[2010/08/20 00:50:48 | 000,017,408 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db
[2010/08/20 00:50:48 | 000,019,456 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db
[2010/09/13 22:37:18 | 000,000,000 | ---- | M] () -- C:\Users\Steev\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-08 16:19:38

< >

< End of report >

#22 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 11 May 2011 - 03:35 PM

Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
[ClearAllRestorePoints]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.



NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates


  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.


  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#23 User is offline   nyclad 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 44
  • Joined: 06-September 10

Posted 11 May 2011 - 04:59 PM

Hi ST,


I ran the cleanup stuff, here's the OTL log.

Everything seems to be going well. I'll see what happens to this netbook for the next 2-3 days. Thanks a lot!



========== COMMANDS ==========


OTL by OldTimer - Version 3.2.22.3 log created on 05112011_143354

#24 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 11 May 2011 - 05:11 PM

Okay, I'll keep the thread open for a couple of days then, and if I don't hear back from you I'll assume all is well, and we can consider the thread resolved.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#25 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 14 May 2011 - 10:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users