Yet another Windows Vista Restore attack

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Yet another Windows Vista Restore attack Need help removing Windows Vista Restore attack

#1 Franico

Member

Group: Members
Posts: 15
Joined: 14-June 11

Posted 16 June 2011 - 04:32 PM

I, too, have been bitten by the Windows System Restore malware. Several days ago, I noticed the same "virus scanner" running on my computer. I did *not* click the link, just because it was so obviously a fishy "scam". But I did try to reboot -- which I probalby shouldn't have. Immediately I saw the same symptoms as everyone else -- the system booted to what appeared to be a blank (black) screen with no desktop icons at all. The Start Menu had no programs on it. My Favorites were completely gone. Same story as I'm hearing everywhere.

I did read through many of the other answers, and I believe this to be the best forum to help me out. I'm basically trying to decide whether to completely re-image my system, or try to recover the (hundreds of) programs and other files that I hope are still here.

I did do some "manual" investigation, and tried some intermediate "fixes". For example, I did make several Registry changes noted in another forum, and I can now bring up the Task Manager. I selected my Desktop, and looked at Properties, and discovered that basically everything on my C: drive was set to Hidden. So I "unhid" everything (I thought); but only a small portion came back. I now have about half (or a little more) of my desktop icons showing. (Needless to say, they are the icons in my personal Desktop folder, not the "All Users" Desktop folder.) After making the folders visible again, I navigated to my Start Menu folder -- and found ALL of my Start Menu subfolders -- except that every one of them shows as empty! (Are they there, but still Hidden? Or did Windows Vista Restore wipe them out?) I also deleted every form of "Windows Vista Restore.exe" that I could find, as well as every one of the "4587346.exe" kinds of files that I found in C:\ProgramData. (There were about half a dozen of these -- all created within minutes of each other, at the time of the 'attack'.)

Most of the other things I've discovered are exactly the same as everyone else. What I do not yet know is how much is simply hidden, and how much is destroyed. The more that it leans toward the latter, the more likely I will just re-image -- and lose a lot of information, and re-building time. So I'd prefer to fix the system.

In keeping with that, I've downloaded and run RTUnooker LE and the OTL tool, and generated reports as explained on this forum. I am hoping that you excellent folks will be able to tell me what to do now, and how to find out if my system is salvageable or not. Here are the reports I have so far.

Thank you in advance for any help you can provide! One additional question: at the moment, I am trying NOT to log into my computer. When I *have* to do something, I go into Safe Mode (or Safe Mode with Networking, to pick up E-mail). I did log in fully to run RTUnhooker and OTL; but I got out as quickly as possible. Is this OK? Or should I stay completely out?

======================================================================
RTUnhooker LE report

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8FC01000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9768960 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 186.21 )
0x82211000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82211000 PnpManager 3907584 bytes
0x82211000 RAW 3907584 bytes
0x82211000 WMIxWDM 3907584 bytes
0x90807000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2289664 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0xA64E0000 Win32k 2113536 bytes
0xA64E0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8AE04000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8AC02000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8A684000 PCI_PNP5465 1052672 bytes
0x8A684000 sptd 1052672 bytes
0x8A684000 C:\Windows\System32\Drivers\spup.sys 1052672 bytes
0x8AAFC000 C:\Windows\System32\drivers\tcpip.sys 970752 bytes (Microsoft Corporation, TCP/IP Driver)
0x806D9000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xB500E000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8A934000 C:\Windows\system32\drivers\iastor.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB10F3000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8A893000 C:\Windows\system32\drivers\iastorv.sys 659456 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base))
0x90554000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x90604000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8AA8B000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8A605000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8060F000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x99903000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9A00D000 C:\Windows\system32\drivers\stwrt.sys 348160 bytes (IDT, Inc., NDHF)
0x90AAE000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xB1082000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x8A81D000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x9C00E000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8A7B4000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9C196000 C:\Windows\system32\DRIVERS\OA002Vid.sys 270336 bytes (Creative Technology Ltd., Video Capture Device Driver)
0x80698000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x90691000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8AD8E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9C139000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8AD38000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9C0F7000 C:\Windows\system32\DRIVERS\OEM02Dev.sys 237568 bytes (Creative Technology Ltd., Video Capture Device Driver)
0xB1009000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8AF14000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x90795000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x825CB000 ACPI_HAL 208896 bytes
0x825CB000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8AA1F000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9C06D000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x9A144000 C:\Windows\system32\DRIVERS\ext2fs.sys 200704 bytes (Stephan Schreiber, Ext2 File System Driver)
0xB513F000 C:\Windows\system32\DRIVERS\b57nd60x.sys 192512 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver.)
0x90BB2000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x90B12000 C:\Windows\system32\DRIVERS\SynTP.sys 188416 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x9A062000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8AD0D000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x90754000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x998BC000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9980E000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB105A000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8AF6B000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x9A0C5000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x807CA000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8A78E000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x9A08F000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x9C1D8000 C:\Windows\system32\DRIVERS\OA002Ufd.sys 147456 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
0x906E9000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x99848000 C:\Windows\system32\Drivers\OA002Afx.sys 143360 bytes (Creative Technology Ltd., Advanced Audio FX Driver)
0x8AFA3000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x999BB000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9C0D6000 F:\Utilities\System\SUPERAntiSpyware\SASKUTIL.SYS 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8AA6A000 C:\Windows\system32\DRIVERS\symsnap.sys 135168 bytes (StorageCraft, StorageCraft Volume Snap-Shot)
0x90B84000 C:\Windows\system32\DRIVERS\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x999DC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8AA01000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x90A36000 C:\Windows\system32\DRIVERS\physX32.sys 118784 bytes (AGEIA Technologies, Inc., AGEIA PhysX Processor WDM Driver)
0x99970000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8AD73000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x99891000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x90A71000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x9998D000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x90B58000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB1042000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9C17F000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x906D2000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9C056000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB5129000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x9C09F000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9A1B0000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x999A6000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x9072F000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x9A12F000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB5102000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x9071B000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x90A9A000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x9A1C6000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x90AFF000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x998F0000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9C0C3000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x99836000 C:\Windows\system32\drivers\usbaudio.sys 73728 bytes (Microsoft Corporation, USB Audio Class Driver)
0xB5117000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8AF92000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x9A0B4000 C:\Windows\system32\DRIVERS\ifsmount.sys 69632 bytes (Stephan Schreiber, IFS Mount Manager)
0x907CA000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8067F000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8AA51000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9A17E000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x998AC000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8A883000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x90A53000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x90744000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8AFEE000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x99882000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8AF5C000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x807F1000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x9070C000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x90A8B000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x8ADCC000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8A80E000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x90A63000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xA6720000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x9C0B5000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9A199000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8A86E000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8A676000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x90BA5000 C:\Windows\system32\DRIVERS\GenericMount.sys 53248 bytes (Symantec Corporation, Symantec Corporation Generic Mount)
0x90788000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xB5177000 C:\Windows\system32\DRIVERS\NisDrvWFP.sys 49152 bytes (Microsoft Corporation, Microsoft Network Inspection System Driver)
0xB50F6000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x9A113000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x905F4000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x90B4D000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x90B42000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x9A18E000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x90BEC000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x90BE1000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8AFDA000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8AFCD000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8A804000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x99878000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0xB11A5000 C:\Windows\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0xB10E9000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
0x9077E000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x998E6000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x9C175000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xB50EC000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x807B9000 C:\Windows\System32\Drivers\BlackBox.sys 36864 bytes (-, -)
0x8AFC4000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x9A0EC000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9A175000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8AA61000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x9A1A7000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB516E000 C:\Windows\System32\Drivers\RKULE.SYS 36864 bytes (RKU Driver)
0xA6700000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8AFE5000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90B7A000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8A785000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8A9F2000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80690000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x807C2000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x9A11F000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x9A127000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8AF4D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9A0FC000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x9A10C000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8A867000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80608000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x9A0F5000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8A87C000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8AF55000 C:\Windows\System32\Drivers\SmartDefragDriver.sys 28672 bytes
0x90B70000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x9C131000 F:\Utilities\System\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x90B76000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8A7FA000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x90552000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 186.21 )
0x9C137000 C:\Windows\system32\DRIVERS\OEM02Vfx.sys 8192 bytes (EyePower Games Pte. Ltd., Advanced Video FX Filter
Driver (Win2K based))
0xB11A3000 F:\Utilities\Programs\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0x90BF7000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x90B40000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x90B83000 C:\Windows\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
0x8597F1F8 unknown_irp_handler 3592 bytes
0x8597C1F8 unknown_irp_handler 3592 bytes
0x8597E1F8 unknown_irp_handler 3592 bytes
0x8597A1F8 unknown_irp_handler 3592 bytes
0xA47731F8 unknown_irp_handler 3592 bytes
0x895A0500 unknown_irp_handler 2816 bytes
0x866F8500 unknown_irp_handler 2816 bytes
0x897CA500 unknown_irp_handler 2816 bytes
0x866DD500 unknown_irp_handler 2816 bytes
0x89762500 unknown_irp_handler 2816 bytes
0x89507500 unknown_irp_handler 2816 bytes
0x866CA500 unknown_irp_handler 2816 bytes
0x86693500 unknown_irp_handler 2816 bytes
0x89C59500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]

===========================================================================
OTL report (OTL.txt)

OTL logfile created on: 6/16/2011 5:10:24 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Frank\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 53.90% Memory free
4.90 Gb Paging File | 3.21 Gb Available in Paging File | 65.45% Paging File free
Paging file location(s): w:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30.22 Gb Total Space | 6.73 Gb Free Space | 22.26% Space Free | Partition Type: NTFS
Drive D: | 24.00 Gb Total Space | 3.48 Gb Free Space | 14.52% Space Free | Partition Type: NTFS
Drive E: | 9.83 Gb Total Space | 3.17 Gb Free Space | 32.21% Space Free | Partition Type: NTFS
Drive F: | 7.81 Gb Total Space | 5.12 Gb Free Space | 65.57% Space Free | Partition Type: NTFS
Drive G: | 15.55 Gb Total Space | 2.35 Gb Free Space | 15.12% Space Free | Partition Type: NTFS
Drive H: | 20.51 Gb Total Space | 2.53 Gb Free Space | 12.34% Space Free | Partition Type: NTFS
Drive I: | 10.00 Gb Total Space | 4.85 Gb Free Space | 48.43% Space Free | Partition Type: NTFS
Drive L: | 167.59 Gb Total Space | 2.15 Gb Free Space | 1.28% Space Free | Partition Type: NTFS
Drive O: | 29.81 Gb Total Space | 18.76 Gb Free Space | 62.95% Space Free | Partition Type: FAT32
Drive R: | 40.49 Gb Total Space | 19.86 Gb Free Space | 49.05% Space Free | Partition Type: NTFS
Drive S: | 20.05 Gb Total Space | 13.44 Gb Free Space | 67.06% Space Free | Partition Type: NTFS
Drive T: | 15.11 Gb Total Space | 12.71 Gb Free Space | 84.12% Space Free | Partition Type: NTFS
Drive U: | 264.54 Gb Total Space | 87.42 Gb Free Space | 33.05% Space Free | Partition Type: NTFS
Drive V: | 30.04 Gb Total Space | 11.60 Gb Free Space | 38.60% Space Free | Partition Type: NTFS
Drive W: | 225.93 Gb Total Space | 144.74 Gb Free Space | 64.06% Space Free | Partition Type: NTFS
Drive Z: | 10.00 Gb Total Space | 5.75 Gb Free Space | 57.50% Space Free | Partition Type: NTFS

Computer Name: FRANK-XPS | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/14 09:55:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
PRC - [2011/04/10 17:29:14 | 001,646,936 | ---- | M] (IObit) -- F:\Utilities\System\Smart Defrag 2\SmartDefrag.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- F:\Utilities\Programs\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- F:\Utilities\Programs\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- F:\Utilities\Programs\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/08 10:01:14 | 000,086,184 | -H-- | M] (Absolute Software) -- C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
PRC - [2010/10/08 10:01:14 | 000,010,408 | -H-- | M] (Microsoft) -- C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
PRC - [2010/09/08 11:45:10 | 001,034,752 | -H-- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/09/08 11:44:50 | 000,484,352 | -H-- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/09/08 11:41:36 | 000,237,056 | -H-- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | -H-- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/22 21:23:53 | 000,160,592 | ---- | M] (Siber Systems) -- F:\Utilities\Programs\AI Roboform\robotaskbaricon.exe
PRC - [2010/08/21 19:50:34 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- F:\Utilities\System\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/29 08:29:04 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- F:\Utilities\System\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/03/03 19:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- F:\Utilities\System\Norton Ghost\Agent\VProTray.exe
PRC - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- F:\Utilities\System\Norton Ghost\Agent\VProSvc.exe
PRC - [2010/01/27 12:22:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- F:\Utilities\Programs\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- F:\Applications\Internet\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 12:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- F:\Applications\Internet\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/09/21 20:19:20 | 001,964,528 | ---- | M] (Symantec) -- F:\Utilities\System\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/20 15:11:30 | 000,364,544 | -H-- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\ELAN\USB\ETDUSBCtrl.exe
PRC - [2008/01/01 23:44:38 | 000,405,504 | -H-- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/01 23:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008/01/01 23:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/12/21 11:58:06 | 000,184,320 | -H-- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/12/03 01:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/07/20 19:11:12 | 000,390,424 | -H-- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/07/18 09:26:42 | 000,775,952 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
PRC - [2007/07/18 09:26:26 | 000,374,032 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
PRC - [2007/07/18 09:26:26 | 000,320,784 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
PRC - [2007/07/18 09:26:24 | 000,387,856 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
PRC - [2007/07/18 09:26:24 | 000,203,024 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
PRC - [2007/02/12 14:38:04 | 000,355,096 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 14:37:58 | 000,174,872 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

========== Modules (SafeList) ==========

MOD - [2011/06/14 09:55:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/07/04 17:32:36 | 000,004,608 | ---- | M] () -- F:\Utilities\System\Unlocker\UnlockerHook.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- F:\Utilities\Programs\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- F:\Utilities\Programs\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/11 13:26:42 | 000,206,360 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- F:\Utilities\Programs\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/08 10:01:14 | 000,010,408 | -H-- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe -- (AbsoluteNotifier)
SRV - [2010/09/08 11:45:10 | 001,034,752 | -H-- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 11:44:50 | 000,484,352 | -H-- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/09/08 11:41:36 | 000,237,056 | -H-- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | -H-- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/21 19:50:34 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/03/25 10:25:22 | 030,969,208 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- F:\Utilities\System\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010/02/12 07:09:06 | 001,574,408 | ---- | M] (Symantec) [On_Demand | Stopped] -- F:\Utilities\System\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- F:\Applications\Internet\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/09/21 20:19:20 | 001,964,528 | ---- | M] (Symantec) [On_Demand | Running] -- F:\Utilities\System\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2009/08/10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- F:\Utilities\Programs\SiSoftware Sandra Professional Business 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/01 23:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/01 23:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/12 18:27:24 | 002,999,664 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/07/20 19:11:12 | 000,390,424 | -H-- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
SRV - [2007/02/12 14:38:04 | 000,355,096 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/06/16 17:01:22 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15E3CAEA-2FDB-478F-A3B0-DC6BA1740FEA}\MpKsl36776afd.sys -- (MpKsl36776afd)
DRV - [2011/06/16 16:58:18 | 000,035,712 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BlackBox.sys -- (BlackBox)
DRV - [2011/06/13 20:11:06 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15E3CAEA-2FDB-478F-A3B0-DC6BA1740FEA}\MpKsldbc16fdb.sys -- (MpKsldbc16fdb)
DRV - [2011/06/13 19:56:42 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15E3CAEA-2FDB-478F-A3B0-DC6BA1740FEA}\MpKsl037b702b.sys -- (MpKsl037b702b)
DRV - [2011/05/06 14:30:00 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2011/05/06 14:29:50 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/26 15:28:49 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/29 01:25:22 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/07/15 09:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:\Utilities\System\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:\Utilities\System\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- F:\Utilities\System\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/12 07:10:12 | 000,057,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- F:\Utilities\Programs\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/10/01 22:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/09/21 20:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009/09/21 20:20:42 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- F:\Utilities\Programs\SiSoftware Sandra Professional Business 2010.SP2\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/06/16 15:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/06 15:46:50 | 000,025,088 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ETDUSB.sys -- (hidflt)
DRV - [2008/09/25 17:37:38 | 000,189,888 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\Windows\System32\drivers\ext2fs.sys -- (Ext2fs)
DRV - [2008/08/28 22:48:16 | 000,060,352 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\Windows\System32\drivers\ifsmount.sys -- (IfsMount)
DRV - [2008/07/31 17:01:00 | 000,268,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA002Vid.sys -- (OA002Vid)
DRV - [2008/06/03 09:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA002Ufd.sys -- (OA002Ufd)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/01 23:44:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/03 01:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/03 01:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/07/17 20:11:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/17 20:11:14 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/17 20:11:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/06/26 15:15:22 | 000,117,888 | ---- | M] (AGEIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\physX32.sys -- (physX32)
DRV - [2007/06/07 17:00:02 | 000,148,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA002Afx.sys -- (OA002Afx)
DRV - [2007/04/24 09:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/24 09:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 09:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 09:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 09:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 2E 16 18 5E 42 CB 01 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 2E 16 18 5E 42 CB 01 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080606
IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080606
IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51374

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - F:\Utilities\Programs\AI Roboform\roboform.dll (Siber Systems)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Utilities\Programs\AI Roboform\roboform.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-470704285-634350156-1256116804-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - F:\Utilities\Programs\AI Roboform\roboform.dll (Siber Systems)
O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] F:\Applications\Internet\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [BCSSync] E:\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [ETDUSBWare] C:\Program Files\ELAN\USB\ETDUSBCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] F:\Utilities\Programs\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Norton Ghost 15.0] F:\Utilities\System\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] F:\Applications\Miscellaneous\Sony PC Suite\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] F:\Utilities\System\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-470704285-634350156-1256116804-1000..\Run: [lKMwrmNWsXvp norun] File not found
O4 - HKU\S-1-5-21-470704285-634350156-1256116804-1000..\Run: [RoboForm] F:\Utilities\Programs\AI Roboform\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-470704285-634350156-1256116804-1000..\Run: [SUPERAntiSpyware] F:\Utilities\System\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-470704285-634350156-1256116804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O8 - Extra context menu item: &Subscribe with ArchosLink - F:\Applications\Multimedia\Archoslink\script.js ()
O8 - Extra context menu item: Customize Menu - F:\Utilities\Programs\AI Roboform\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - F:\Utilities\Programs\AI Roboform\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - F:\Utilities\Programs\AI Roboform\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - F:\Utilities\Programs\AI Roboform\RoboFormComSavePass.html ()
O8 - Extra context menu item: Se&nd to OneNote - E:\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Utilities\Programs\AI Roboform\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Utilities\Programs\AI Roboform\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Utilities\Programs\AI Roboform\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Utilities\Programs\AI Roboform\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Utilities\Programs\AI Roboform\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Utilities\Programs\AI Roboform\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-470704285-634350156-1256116804-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - F:\Utilities\System\SUPERAntiSpyware\SASWINLO.dll - F:\Utilities\System\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS-gaming-wallpaper_blue1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS-gaming-wallpaper_blue1.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Utilities\System\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/11/19 14:48:00 | 000,000,073 | -H-- | M] () - O:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{d41654d8-ad8c-11df-9cc4-001d093838bc}\Shell - "" = AutoRun
O33 - MountPoints2\{d41654d8-ad8c-11df-9cc4-001d093838bc}\Shell\AutoRun\command - "" = "Q:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 17:11:18 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Frank\Desktop\MalwareBytes AntiMalware setup-1.51.0.1200.exe
[2011/06/16 17:09:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2011/06/13 22:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/13 22:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/06/13 22:16:39 | 000,509,440 | ---- | C] (iS3, Inc.) -- C:\Users\Frank\Desktop\STOPZilla SetupAV.exe
[2011/06/13 19:49:29 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lKMwrmNWsXvp new name.exe
[2011/06/08 21:30:47 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2011/05/29 16:30:17 | 000,000,000 | -H-D | C] -- C:\Users\Frank\AppData\Roaming\HandBrake
[2011/05/29 16:30:17 | 000,000,000 | -H-D | C] -- C:\Users\Frank\AppData\Local\HandBrake
[2011/05/29 14:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/29 14:38:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Skype
[2011/05/28 22:41:25 | 000,000,000 | -H-D | C] -- C:\Users\Frank\AppData\Roaming\Symantec
[2011/05/28 21:32:38 | 000,000,000 | -H-D | C] -- C:\Users\Frank\AppData\Local\Symantec_Corporation
[2011/05/28 21:15:43 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll
[2011/05/28 21:15:43 | 000,000,000 | -H-D | C] -- C:\Program Files\Symantec
[2011/05/28 21:15:01 | 000,131,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WimFltr.sys
[2011/05/28 21:14:15 | 000,138,592 | ---- | C] (StorageCraft) -- C:\Windows\System32\drivers\symsnap.sys
[2011/05/28 21:14:08 | 000,015,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\vproeventmonitor.sys
[2011/05/28 21:13:43 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011/05/28 21:12:51 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/05/28 21:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/05/28 21:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2011/05/22 20:47:18 | 000,000,000 | -H-D | C] -- C:\Users\Frank\AppData\Roaming\Roxio
[2011/05/22 20:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2011/05/22 18:39:09 | 000,000,000 | -H-D | C] -- C:\Users\Frank\.dvdcss
[2011/05/22 18:35:45 | 000,000,000 | -H-D | C] -- G:\Documents\Any Video Converter
[2011/05/22 18:35:34 | 000,000,000 | -H-D | C] -- C:\Users\Frank\AppData\Roaming\AnvSoft
[2011/05/20 20:46:36 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/20 17:51:46 | 000,297,472 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/16 17:09:23 | 000,035,712 | ---- | M] () -- C:\Windows\System32\drivers\RKULE.sys
[2011/06/16 17:08:28 | 000,609,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/16 17:08:28 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/16 17:04:27 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/16 17:02:54 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/16 17:02:54 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/16 17:02:07 | 000,169,176 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/16 17:02:02 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2011/06/16 17:02:02 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2011/06/16 17:01:20 | 000,169,176 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/06/16 17:01:18 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/16 17:01:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/16 16:58:18 | 000,035,712 | ---- | M] () -- C:\Windows\System32\drivers\BlackBox.sys
[2011/06/16 16:35:18 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2011/06/14 17:36:32 | 000,001,356 | ---- | M] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat
[2011/06/14 10:12:14 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Frank\Desktop\MalwareBytes AntiMalware setup-1.51.0.1200.exe
[2011/06/14 09:55:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2011/06/14 09:53:42 | 000,139,264 | ---- | M] () -- C:\Users\Frank\Desktop\RKULE.EXE
[2011/06/13 22:18:52 | 000,512,992 | ---- | M] () -- C:\Users\Frank\Desktop\Spyware Doctor installer.exe
[2011/06/13 22:10:50 | 000,509,440 | ---- | M] (iS3, Inc.) -- C:\Users\Frank\Desktop\STOPZilla SetupAV.exe
[2011/06/13 20:11:17 | 000,420,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/13 19:49:29 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lKMwrmNWsXvp new name.exe
[2011/06/13 19:27:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-470704285-634350156-1256116804-1000UA.job
[2011/06/13 18:27:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-470704285-634350156-1256116804-1000Core.job
[2011/06/11 17:57:11 | 000,062,976 | -H-- | M] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 20:02:48 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/09 21:56:18 | 000,048,903 | ---- | M] () -- C:\Users\Frank\Desktop\NTCA 401K.jpg
[2011/06/09 21:54:35 | 000,029,021 | ---- | M] () -- C:\Users\Frank\Desktop\Roth IRA.jpg
[2011/06/09 21:53:18 | 000,090,584 | ---- | M] () -- C:\Users\Frank\Desktop\Traditional IRA.jpg
[2011/06/09 21:51:52 | 000,078,015 | ---- | M] () -- C:\Users\Frank\Desktop\Individual Brokerage.jpg
[2011/06/08 22:04:12 | 000,002,297 | ---- | M] () -- C:\Users\Frank\Desktop\SyncToy 2.1.lnk
[2011/06/07 22:11:34 | 000,051,999 | ---- | M] () -- C:\Users\Frank\Desktop\FMHS graduation 2.jpg
[2011/06/07 22:09:24 | 000,050,609 | ---- | M] () -- C:\Users\Frank\Desktop\FMHS graduation 1.jpg
[2011/06/03 19:58:01 | 000,366,678 | -H-- | M] () -- G:\Documents\Michael.bmp
[2011/06/03 19:54:40 | 000,366,678 | -H-- | M] () -- G:\Documents\Screen Snaper Image 8.bmp
[2011/06/03 19:54:04 | 000,366,678 | -H-- | M] () -- G:\Documents\Screen Snaper Image 7.bmp
[2011/06/03 19:43:36 | 000,366,678 | -H-- | M] () -- G:\Documents\Screen Snaper Image 6.bmp
[2011/06/03 19:27:23 | 000,366,678 | -H-- | M] () -- G:\Documents\Screen Snaper Image 5.bmp
[2011/06/03 19:19:09 | 000,366,678 | -H-- | M] () -- G:\Documents\Screen Snaper Image 4.bmp
[2011/06/03 19:15:50 | 000,366,678 | -H-- | M] () -- G:\Documents\Screen Snaper Image 3.bmp
[2011/06/03 19:14:35 | 001,970,830 | -H-- | M] () -- G:\Documents\Screen Snaper Image 2.bmp
[2011/06/03 19:13:35 | 002,437,238 | -H-- | M] () -- G:\Documents\Screen Snaper Image 1.bmp
[2011/05/28 21:14:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011/05/28 21:14:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/05/28 20:36:31 | 000,907,254 | ---- | M] () -- C:\Users\Frank\Desktop\NC DOR Check image.bmp
[2011/05/22 18:35:35 | 000,000,828 | ---- | M] () -- C:\Users\Frank\Desktop\Any Video Converter.lnk
[2011/05/20 20:47:32 | 000,000,779 | ---- | M] () -- C:\Users\Frank\Desktop\Revo Uninstaller.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/16 17:03:20 | 000,035,712 | ---- | C] () -- C:\Windows\System32\drivers\RKULE.sys
[2011/06/16 17:03:07 | 000,139,264 | ---- | C] () -- C:\Users\Frank\Desktop\RKULE.EXE
[2011/06/16 16:58:18 | 000,035,712 | ---- | C] () -- C:\Windows\System32\drivers\BlackBox.sys
[2011/06/13 22:21:10 | 000,512,992 | ---- | C] () -- C:\Users\Frank\Desktop\Spyware Doctor installer.exe
[2011/06/09 21:55:34 | 000,048,903 | ---- | C] () -- C:\Users\Frank\Desktop\NTCA 401K.jpg
[2011/06/09 21:53:59 | 000,029,021 | ---- | C] () -- C:\Users\Frank\Desktop\Roth IRA.jpg
[2011/06/09 21:52:38 | 000,090,584 | ---- | C] () -- C:\Users\Frank\Desktop\Traditional IRA.jpg
[2011/06/09 21:50:58 | 000,078,015 | ---- | C] () -- C:\Users\Frank\Desktop\Individual Brokerage.jpg
[2011/06/07 22:11:34 | 000,051,999 | ---- | C] () -- C:\Users\Frank\Desktop\FMHS graduation 2.jpg
[2011/06/07 22:09:24 | 000,050,609 | ---- | C] () -- C:\Users\Frank\Desktop\FMHS graduation 1.jpg
[2011/06/03 19:58:01 | 000,366,678 | -H-- | C] () -- G:\Documents\Michael.bmp
[2011/06/03 19:54:40 | 000,366,678 | -H-- | C] () -- G:\Documents\Screen Snaper Image 8.bmp
[2011/06/03 19:54:04 | 000,366,678 | -H-- | C] () -- G:\Documents\Screen Snaper Image 7.bmp
[2011/06/03 19:43:36 | 000,366,678 | -H-- | C] () -- G:\Documents\Screen Snaper Image 6.bmp
[2011/06/03 19:27:22 | 000,366,678 | -H-- | C] () -- G:\Documents\Screen Snaper Image 5.bmp
[2011/06/03 19:19:09 | 000,366,678 | -H-- | C] () -- G:\Documents\Screen Snaper Image 4.bmp
[2011/06/03 19:15:50 | 000,366,678 | -H-- | C] () -- G:\Documents\Screen Snaper Image 3.bmp
[2011/06/03 19:14:35 | 001,970,830 | -H-- | C] () -- G:\Documents\Screen Snaper Image 2.bmp
[2011/06/03 19:13:35 | 002,437,238 | -H-- | C] () -- G:\Documents\Screen Snaper Image 1.bmp
[2011/05/28 21:14:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011/05/28 21:14:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/05/28 21:13:45 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/05/28 20:36:31 | 000,907,254 | ---- | C] () -- C:\Users\Frank\Desktop\NC DOR Check image.bmp
[2011/05/22 18:35:35 | 000,000,828 | ---- | C] () -- C:\Users\Frank\Desktop\Any Video Converter.lnk
[2011/05/08 18:56:24 | 000,000,000 | ---- | C] () -- C:\Windows\Curses.INI
[2011/04/30 22:46:38 | 000,003,528 | -H-- | C] () -- C:\Users\Frank\AppData\Roaming\12E4.654
[2011/03/31 15:11:07 | 000,077,308 | ---- | C] () -- C:\Windows\hpqins05.dat
[2011/03/31 15:06:53 | 000,116,785 | ---- | C] () -- C:\Windows\hpqins00.dat
[2011/03/24 09:22:06 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/03/24 09:22:06 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/02/10 21:58:35 | 000,001,356 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat
[2011/01/08 16:15:45 | 002,217,088 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/01/08 16:15:45 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/01/08 16:15:45 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/01/08 16:15:45 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/01/08 16:15:45 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/11/14 23:00:50 | 000,000,130 | ---- | C] () -- C:\Windows\System32\ftpreica.bin
[2010/09/24 21:38:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/09/23 20:54:34 | 013,176,832 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/09/19 13:05:20 | 000,169,176 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/09/19 13:05:20 | 000,169,176 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/09/04 16:37:34 | 000,012,998 | R--- | C] () -- C:\Windows\hpwscr14.dat
[2010/09/04 16:33:18 | 000,180,032 | ---- | C] () -- C:\Windows\hpwins14.dat
[2010/08/26 03:02:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/26 00:00:54 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010/08/26 00:00:54 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2010/08/25 21:57:01 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/24 20:18:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/24 20:18:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/22 21:44:51 | 000,000,608 | ---- | C] () -- C:\ProgramData\T2
[2010/08/22 21:44:51 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2010/08/22 17:13:44 | 000,062,976 | -H-- | C] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/22 17:07:53 | 000,000,658 | ---- | C] () -- C:\Windows\unins000.dat
[2010/08/21 20:46:15 | 000,087,379 | -H-- | C] () -- C:\Users\Frank\AppData\Roaming\nvModes.001
[2010/08/21 20:45:21 | 000,087,379 | -H-- | C] () -- C:\Users\Frank\AppData\Roaming\nvModes.dat
[2010/08/21 20:33:22 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2010/08/21 20:31:17 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010/08/21 19:37:41 | 000,001,844 | -H-- | C] () -- C:\Users\Frank\AppData\Roaming\install.dat
[2010/07/26 10:13:40 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/06/23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/03/03 18:48:14 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2010/03/03 18:48:14 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/06/06 13:45:12 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/06/06 13:45:02 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/06/06 11:03:31 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/02/03 19:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2007/11/16 12:12:18 | 000,001,108 | R--- | C] () -- C:\Windows\hpwmdl14.dat
[2007/07/25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/06/19 09:59:36 | 000,070,400 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007/04/20 08:57:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,420,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,609,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 749 bytes -> G:\Documents\Facts about Islam.eml:OECustomProperty
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

======================================================================================

OTL report (Extras.txt)

OTL Extras logfile created on: 6/16/2011 5:10:24 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Frank\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 53.90% Memory free
4.90 Gb Paging File | 3.21 Gb Available in Paging File | 65.45% Paging File free
Paging file location(s): w:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30.22 Gb Total Space | 6.73 Gb Free Space | 22.26% Space Free | Partition Type: NTFS
Drive D: | 24.00 Gb Total Space | 3.48 Gb Free Space | 14.52% Space Free | Partition Type: NTFS
Drive E: | 9.83 Gb Total Space | 3.17 Gb Free Space | 32.21% Space Free | Partition Type: NTFS
Drive F: | 7.81 Gb Total Space | 5.12 Gb Free Space | 65.57% Space Free | Partition Type: NTFS
Drive G: | 15.55 Gb Total Space | 2.35 Gb Free Space | 15.12% Space Free | Partition Type: NTFS
Drive H: | 20.51 Gb Total Space | 2.53 Gb Free Space | 12.34% Space Free | Partition Type: NTFS
Drive I: | 10.00 Gb Total Space | 4.85 Gb Free Space | 48.43% Space Free | Partition Type: NTFS
Drive L: | 167.59 Gb Total Space | 2.15 Gb Free Space | 1.28% Space Free | Partition Type: NTFS
Drive O: | 29.81 Gb Total Space | 18.76 Gb Free Space | 62.95% Space Free | Partition Type: FAT32
Drive R: | 40.49 Gb Total Space | 19.86 Gb Free Space | 49.05% Space Free | Partition Type: NTFS
Drive S: | 20.05 Gb Total Space | 13.44 Gb Free Space | 67.06% Space Free | Partition Type: NTFS
Drive T: | 15.11 Gb Total Space | 12.71 Gb Free Space | 84.12% Space Free | Partition Type: NTFS
Drive U: | 264.54 Gb Total Space | 87.42 Gb Free Space | 33.05% Space Free | Partition Type: NTFS
Drive V: | 30.04 Gb Total Space | 11.60 Gb Free Space | 38.60% Space Free | Partition Type: NTFS
Drive W: | 225.93 Gb Total Space | 144.74 Gb Free Space | 64.06% Space Free | Partition Type: NTFS
Drive Z: | 10.00 Gb Total Space | 5.75 Gb Free Space | 57.50% Space Free | Partition Type: NTFS

Computer Name: FRANK-XPS | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "E:\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Microsoft Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [DiskInfoByPplus] -- C:\Windows\system32\Shellext\ppshlext.exe "%1" /dinfo ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0326CFAE-79F2-4F4A-874D-B7A0C7EEE937}" = lport=rpc | protocol=6 | dir=in | app=f:\utilities\programs\sisoftware sandra professional business 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{079BFF0C-13AD-4DC4-873A-0D6E816E6CA4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{11DF478C-5A40-460E-B6B6-066A1AC1D817}" = rport=10243 | protocol=6 | dir=out | app=system |
"{22178426-291F-463D-9EBE-E244E77C640A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{240EE9E2-01D8-47BD-B415-C6E8480B0D94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{250F3726-B061-4A55-94DA-D0051FC4E43B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{32ED0D0F-6E3C-415B-959C-A8E5EBC740EB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{343226CA-4EAF-4FC6-B674-1B591F0F8D28}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{377C4745-500F-4390-8871-4CBC660C5676}" = lport=rpc | protocol=6 | dir=in | app=f:\utilities\programs\sisoftware sandra professional business 2010.sp2\rpcagentsrv.exe |
"{3D3DD016-FBC6-4C23-AAFA-E66A6F4C77B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43FB0A57-83D3-4572-AF42-E9CDD5765079}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{534F82D5-3125-411C-B74E-D7728011094E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{574DCF86-DCE9-434E-A6B7-E038EE354F4D}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{6B258145-5C27-46F6-B87C-627536EE7364}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E1CA5AF-25B7-4AE3-8AE1-3DA94203B25D}" = lport=139 | protocol=6 | dir=in | app=system |
"{761FFC98-98E2-4824-B557-9CF0538A287B}" = lport=rpc | protocol=6 | dir=in | app=f:\utilities\programs\sisoftware sandra professional business 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{7E2A0DDA-5027-4E03-BDF3-B937F288CB24}" = lport=137 | protocol=17 | dir=in | app=system |
"{81EF491D-1643-4AE1-8DF8-E0080C6D7F92}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8397D6D8-643B-43F6-B3B3-3B9BBB8004A8}" = lport=138 | protocol=17 | dir=in | app=system |
"{96F31131-AF8E-4318-98E9-1325BB5F1F06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9BCA0EB4-1D3F-4AD0-805D-92995A89C1B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F73CA14-7C49-4DD6-963B-91A23E1CFD55}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A259CEAD-E3B6-49EA-9754-B59769219FD4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A5795000-C049-4D25-8E41-D82F92760126}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABCD877D-C6CA-4590-8AEE-E7F6A087CDFB}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{B0AD85EE-3EE9-4CE9-B2A7-289EC1FE5F85}" = rport=445 | protocol=6 | dir=out | app=system |
"{C543B9AE-7342-42D6-97AD-C5012B1B39A3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CCB8CB67-3B7C-4D99-9CC4-1DEDA1597258}" = rport=138 | protocol=17 | dir=out | app=system |
"{D104563C-C7C6-4153-B170-31E42A85028D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D5DF0AE4-DAD7-4B77-BF54-8FABCE3C1539}" = rport=137 | protocol=17 | dir=out | app=system |
"{E89F2A05-732F-4AEF-BE2E-2BB733FEEAF9}" = lport=6004 | protocol=17 | dir=in | app=e:\microsoft office 2010\office14\outlook.exe |
"{EE2B38F0-BD31-4648-988B-9DB5CC0609A8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EF2834A7-891D-437A-A279-1C83B7F3A104}" = rport=139 | protocol=6 | dir=out | app=system |
"{F9D204B0-70E2-447C-A194-63D30DFF20DD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FFB3E938-C34A-4952-AFAD-8A32CB06F09D}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0014D0D7-D976-4894-A358-613002670427}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{06B1D531-1946-43D7-A98A-93F15B849C18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{07854CD5-5F63-4AE7-83EE-41BE5B3535C2}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{09E0D83A-2464-460B-88B5-66D2A62135D9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0A6A15A7-FCD8-435C-8F06-6663CB2DDA08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D377A1F-8E29-4AE6-91EA-8970E7B56BC0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0D759775-32B6-4736-9FB1-433ACBF38E82}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D9D54BD-4358-4733-A844-DB3DFFE52BC4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E2DFAB9-A35C-49CE-A275-487D1FB57B47}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E6A9398-D86A-403B-92B9-3C2FC06CFA4D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F2510D3-E69D-4490-BF95-E3F76834F5CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F5E5F2E-0993-4462-A9BB-4A458D898678}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0FC64DBE-9040-45BE-8C43-EAB39C6A004B}" = protocol=6 | dir=in | app=e:\microsoft office 2010\office14\groove.exe |
"{11D8D4D4-1CE0-4DFB-BA2B-1D2ED0D96F22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1261ECBD-F3C1-4031-96CD-24D6F8E0AA73}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14607808-6ED5-4453-A291-6B6C8AC74B84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15026D2E-4279-42D4-8606-0F0C4DC481CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15194A3F-E5C3-4692-8F8E-0B8438AC49FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{169E9A72-E348-48E0-8DB1-F297F81B83D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BB82286-77E3-4630-8DBA-71F76A73C077}" = protocol=6 | dir=in | app=f:\applications\internet\utorrent\utorrent.exe |
"{1EC01A53-491B-4B6E-A914-70AC33174983}" = protocol=6 | dir=in | app=e:\microsoft office 2010\office14\onenote.exe |
"{226A8530-D308-427D-BFF7-476F94ECB8B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C908504-06A0-46AA-B899-F865B9783222}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CD0E372-FBBD-4FD2-86B5-68FEF6429149}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3584C4A2-66A7-4C32-9448-FE0AB96568EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B84B995-F33D-4708-B7F7-A1943F9E9507}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FB0C878-8E03-46BD-B6A8-576B9C94FD8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FFEA27D-925C-4804-ABE5-2A1C73290E14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43488A1B-FC77-40A9-AD00-ED70B7E6226D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43AD1BA9-5CAE-46EF-95B4-AC852745C751}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{457CF65F-DD94-4582-A7DE-65581D70D722}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{45FECB04-20AC-41EA-AB8A-7C0988142C0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47CEDCD8-192E-44AF-9671-2F0AD5228584}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{488C69E7-5C64-4553-AA2A-953563033C0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{492E7687-7A27-4078-8674-B89D1D3AD0CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4DEA95CF-D330-46A6-8EE7-50BB382BB21D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E7AF1CE-F3F8-4B11-BAFB-153B7D18BE45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4EB0E220-79B0-4C9B-870C-E2BBE61D1BB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51F6B389-BF82-4FF4-8118-887A314D03C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{54917A0A-E0EA-4CA1-825A-B5437074934A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{569E174B-7039-4151-A6A0-63CBC643B8C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D2A9806-7FB4-4D10-9E51-84189D32C78C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D7E4F3D-38DF-403B-8D66-C50A519DA48A}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{5D917F70-2AE0-4214-927D-E4975C808D0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F10AA4D-9B51-45AC-B0BA-DEA26439FFE6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{63988222-8EEA-43C4-939B-0CFAD28D930F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{662E312C-1051-470D-8187-386B393AF0E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{666F4704-8C78-4AC4-A999-339DC499744C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{680D063F-1C6A-4A0D-9613-BCC6623A2BF4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C0E2842-AFBA-44CD-AE2A-3B2475E07E0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6CD6083F-88E3-499F-AC90-1270B8F1833C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{716D8010-6A3A-40AD-8CF7-D19C16944796}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73AFE21C-31F8-4C4B-A83F-49100138EB82}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73B5DAA2-4FB9-4705-BE83-1419CD91272C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{74A058D3-B5F5-4EAD-BC73-97A7C3373820}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7615E90D-A0C6-4AC1-9DBE-81225413F03B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{762B2D68-B01D-4C5E-8EB6-6C01CC236C74}" = protocol=6 | dir=out | app=system |
"{7FAB56B5-306A-4754-808A-FE3A55734917}" = protocol=17 | dir=in | app=e:\microsoft office 2010\office14\groove.exe |
"{824E308E-9D37-43B3-8E0E-FCBB12D4635B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83CFD0DD-091B-4E36-A096-02DA7D8FC835}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{873A14BD-DD51-4813-AE12-12E601CE5FDF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89FA07CA-6BA2-4DBD-9E26-4A39F6F5157F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A28BA25-F462-4E19-9CB0-900EA4AC8F89}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8B1E3E23-F9E9-4EFE-A2F6-CF9BB1C29E4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8C902BC9-4F36-440B-B2AD-B2CDEC316838}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D60EB0D-2A2B-46BA-9670-230AB117302B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91A903D4-FAF4-48DC-B68D-AFEB5FF7E06B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9353331F-7298-44F5-AB57-39197CDDA0C7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{971BDB15-D904-4295-A43E-7A44D66362E1}" = dir=in | app=f:\applications\music\itunes\itunes.exe |
"{99EE8DAF-75D3-4F08-A3B8-5C930F02459E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9BC17599-CE74-4C8C-BCD9-A7973813A8D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D9A94EF-88FE-49C8-B4DE-E1066CC3EB21}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E155A34-8FE2-4FED-B801-6DF8DB40042E}" = protocol=1 | dir=in | app=f:\utilities\programs\sisoftware sandra professional business 2010.sp2\rpcagentsrv.exe |
"{9FDCED6F-DA6B-4944-95AF-931BEB5F0C8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A03EA6B8-50C0-4EB2-9E9D-D1BC6E3F7213}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{A18987D8-6A58-46FD-8F9C-AE5DA1CECA37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3236DD3-565F-4B71-A150-8878D0D7B3BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A438210E-8AC0-4DDB-A7EB-05E32CB2DA63}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A675A0DE-5DA1-431A-A7F2-566522255B8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB00F7E6-35A8-4B0B-956C-551E21598FCE}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{ABAA71C7-23C8-48E5-A878-EE8934EE6B5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0511FE3-342E-4D43-A9F7-F5B97226F77B}" = protocol=17 | dir=in | app=e:\microsoft office 2010\office14\onenote.exe |
"{B0F48835-8A94-4934-9F8F-E775FAC0BB00}" = protocol=17 | dir=in | app=f:\applications\internet\utorrent\utorrent.exe |
"{B68D18A8-B709-4812-A526-B66F8B64B809}" = protocol=1 | dir=in | app=f:\utilities\programs\sisoftware sandra professional business 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{BA0C04AA-99F0-4735-93C0-428E3848C501}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB2FDA64-FDA1-41FA-9AE0-166DE0FA2A53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BBC6F07D-18BF-4E5C-9B25-33265AA294B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BEDB84E2-9D99-4BEE-ACBD-98835747DAAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C038C327-6331-4983-96B6-AC67A207D24D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C33A61D8-C882-429D-8851-03DDE2020842}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C592372B-A243-4E4F-A57D-C8C84EF00440}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C73DC1EC-9FCA-4EA8-9033-B1E963F8D0F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C89BFCE1-0BBD-4ECC-80FF-F097B15D414A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C943115C-7EF3-4655-B4C7-DFE4778FC3BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE1899E5-096E-485C-8C81-F74093D009DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE9EBA9D-79C3-4409-8BA8-B3627C53FF96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFE7B067-17CE-4954-A82B-56893BBD6D17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3DECFA0-F9D7-465B-B88F-71F412EAAFE0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3E21705-973F-4646-8BDF-238995F27A62}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D4733701-26B6-429E-8E56-6A49D164569A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D606D867-227D-4684-994B-CA9A5957A077}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D85E7755-386F-4D9F-8737-2754048637A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DAA04BFD-EB8D-4F5B-A9A7-0D27B11C8894}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD985E6B-5005-45C4-8AE8-216C73F1C420}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3D70D59-D08F-43EF-A283-A788B4640640}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E89B9697-B493-41E3-8A80-68B2DAD27EF5}" = protocol=1 | dir=in | app=f:\utilities\programs\sisoftware sandra professional business 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{E8B3E2D4-D253-48EE-9604-F14C4227068D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E97A65F3-3460-4D4C-A3E4-90F6FDB98517}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED437C48-4AB2-4C39-8A7C-2D1C956A78B1}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{ED993620-A475-4FB2-B38A-B1AF9F913DEC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EEBB0AF0-6353-4711-BD59-649C81B9B12F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2A377A3-6143-4C84-9B74-AD07B744256D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F34DF6F3-1739-41A0-955D-977E787D977B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3EB2D1E-65CF-4C95-B481-A00E799368AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F49DE269-9538-4C60-B8FA-59900C8279DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5B045A0-9DC7-488D-B7F5-FFEFCF40755D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5D8D370-9BAF-4358-9EC2-5F1FAF808306}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7F3F5D7-12D9-4E16-9564-C8D926E6AB4D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F85016CF-D61F-46C9-82B0-361D482AA3B3}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{FA7F3885-770D-456C-BA58-1E172E636ACD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{135F8DF6-A8DD-4271-BA5C-550A7CFE7E55}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6583E6A2-4759-4D36-AE60-105BF8632270}F:\utilities\programs\sony update service\update service.exe" = protocol=6 | dir=in | app=f:\utilities\programs\sony update service\update service.exe |
"TCP Query User{C13E2740-9A9F-4D4A-8377-BDA62564D127}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{2ECFDC8B-CA82-4856-99B0-997C4F05165B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{32B8BC11-85E2-4821-83A6-6DDAC2D8A462}F:\utilities\programs\sony update service\update service.exe" = protocol=17 | dir=in | app=f:\utilities\programs\sony update service\update service.exe |
"UDP Query User{CC8AB8D0-9710-4BAC-A7EB-882A6459CB57}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{067B277E-F94B-4F04-B380-BA967C00377C}_is1" = MiniTool Partition Wizard Home Edition 6.0
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{27FBE6D3-F96E-44AA-A07B-2A51EE626635}" = TurboTax 2010 wsciper
"{28DFA10C-2588-4CF2-9275-E0EFF1E9BB0C}" = Complete Care Consumer Service Agreement
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AD89908-0987-4B9E-8AB4-905899E4D754}_is1" = Next Video Converter 3.51
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E0BDBA0-0BD1-4749-A624-8AD3BC787198}" = Nancy Drew Dossier: Lights, Camera, Curses!
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A163531-5D37-4FEE-9491-BBC1BC73E212}" = SmartPad Software 1.0
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67880EA3-63C2-4143-88F4-51A21B516CBE}" = e-Sword
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7DCF7BBA-39A9-4e27-9154-F57BCED90CBF}" = HP Officejet J6400 Series
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98D451C4-4ACA-4273-BB47-57CFE46B048E}" = WD SmartWare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC434EC8-B3CC-4003-92C1-0AE751CCFEB5}" = AGEIA PhysX v7.06.26
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Professional Business 2010.SP2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C67C1DAA-E807-43A2-81DE-CC7495F6C95E}" = ArchosLink
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Plus VX
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e4975741-a8a0-48b4-8b50-592b5e7856c2}" = Nero 9 Lite
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier
"{EC6B304A-044A-46AE-B761-D1202720D93A}" = VOB2MPG v3
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F7511FE7-BA89-4939-B2EF-A3F287B0F298}" = Logitech Gaming LCD Software 1.04
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"AC BOL Combo1.0" = AC BOL Combo
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AI RoboForm" = AI RoboForm (All Users)
"Airport Mania_is1" = Airport Mania
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Any Video Converter_is1" = Any Video Converter 3.2.3
"Ashampoo Music Studio 3_is1" = Ashampoo Music Studio 3 3.51
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"BCDP7_is1" = Business Card Designer Plus 7.1.1.0
"BCDP9_is1" = Business Card Designer Plus 9.5.0.1
"BDDecrypter_is1" = Version 6.0 (Build 20090918)
"Big Kahuna Reef_is1" = Big Kahuna Reef
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Crazy Machines" = Crazy Machines
"Creative OA002" = Monitor Webcam Driver (1.01.02.0804)
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"Ext2Ifs_for_NT6" = Ext2 IFS 1.11a for Windows Vista/2008
"Flac2CD_is1" = Flac2CD 3.6.3
"FormatFactory" = FormatFactory 2.60
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Ghost Pirates_is1" = Ghost Pirates
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Hyperlink Checker for Microsoft Word_is1" = Hyperlink Checker for Microsoft Word 1.3
"Icon Restore_is1" = Icon Restore 1.0
"InstallShield_{4A163531-5D37-4FEE-9491-BBC1BC73E212}" = SmartPad Software 1.0
"InstallShield_{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"LameACM" = Lame ACM MP3 Codec
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MrSID Viewer" = MrSID Viewer
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"OpenAL" = OpenAL
"PC Wizard 2010_is1" = PC Wizard 2010.1.94
"PerformanceTest 7_is1" = PerformanceTest v7.0
"PhotoFiltre" = PhotoFiltre
"ProInst" = Intel® PROSet/Wireless Software
"PropertiesPlus" = PropertiesPlus (Remove Only)
"Revo Uninstaller" = Revo Uninstaller 1.92
"Ricochet Xtreme_is1" = Ricochet Xtreme
"RUNAWAY: A TWIST OF FATE (en)" = RUNAWAY: A TWIST OF FATE (English)
"Sibelius 6_is1" = Sibelius 6.2.0.88
"Smart Defrag 2_is1" = Smart Defrag 2
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"Swiff Player_is1" = Swiff Player 1.7
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Dell Touchpad
"TreeSize Professional_is1" = TreeSize Professional 5.3.4
"Trim Spaces for Excel_is1" = Trim Spaces for Excel 1.3
"TurboTax 2010" = TurboTax 2010
"TweakUAC_is1" = TweakUAC
"UHS Reader (Version 6.10)" = UHS Reader (Version 6.10)
"Unlocker" = Unlocker 1.9.0
"Update Service" = Update Service
"uTorrent" = µTorrent
"VideoConverterFactoryPro" = Video Converter Factory Pro
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-470704285-634350156-1256116804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ArchosLink" = ArchosLink
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/12/2011 8:02:51 PM | Computer Name = Frank-XPS | Source = System Restore | ID = 8193
Description =

Error - 6/13/2011 5:40:02 PM | Computer Name = Frank-XPS | Source = WinMgmt | ID = 10
Description =

Error - 6/13/2011 6:15:50 PM | Computer Name = Frank-XPS | Source = System Restore | ID = 8193
Description =

Error - 6/13/2011 7:57:16 PM | Computer Name = Frank-XPS | Source = WinMgmt | ID = 10
Description =

Error - 6/13/2011 8:02:42 PM | Computer Name = Frank-XPS | Source = WinMgmt | ID = 10
Description =

Error - 6/13/2011 8:06:10 PM | Computer Name = Frank-XPS | Source = EventSystem | ID = 4609
Description =

Error - 6/13/2011 8:07:00 PM | Computer Name = Frank-XPS | Source = WinMgmt | ID = 10
Description =

Error - 6/13/2011 8:11:50 PM | Computer Name = Frank-XPS | Source = WinMgmt | ID = 10
Description =

Error - 6/13/2011 8:37:31 PM | Computer Name = Frank-XPS | Source = EventSystem | ID = 4609
Description =

Error - 6/13/2011 8:38:30 PM | Computer Name = Frank-XPS | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 12/27/2010 11:49:56 PM | Computer Name = Frank-XPS | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 5/21/2011 6:28:00 PM | Computer Name = Frank-XPS | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 6/16/2011 7:33:02 AM | Computer Name = Frank-XPS | Source = DCOM | ID = 10005
Description =

Error - 6/16/2011 7:33:02 AM | Computer Name = Frank-XPS | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.1822.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 6/16/2011 4:35:58 PM | Computer Name = Frank-XPS | Source = DCOM | ID = 10005
Description =

Error - 6/16/2011 4:36:06 PM | Computer Name = Frank-XPS | Source = DCOM | ID = 10005
Description =

Error - 6/16/2011 4:36:06 PM | Computer Name = Frank-XPS | Source = DCOM | ID = 10005
Description =

Error - 6/16/2011 4:36:07 PM | Computer Name = Frank-XPS | Source = DCOM | ID = 10005
Description =

Error - 6/16/2011 4:36:06 PM | Computer Name = Frank-XPS | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 6/16/2011 4:37:00 PM | Computer Name = Frank-XPS | Source = Service Control Manager | ID = 7001
Description =

Error - 6/16/2011 4:37:00 PM | Computer Name = Frank-XPS | Source = Service Control Manager | ID = 7026
Description =

Error - 6/16/2011 5:03:45 PM | Computer Name = Frank-XPS | Source = Service Control Manager | ID = 7022
Description =

< End of report >

This post has been edited by hamluis: 16 June 2011 - 04:38 PM
Reason for edit: Moved from Vista to Malware Removal Logs.

#2 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 22 June 2011 - 08:11 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
Please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in

%TEMP%\smtmp\*.* /s
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened and the that I need posted back here
- Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
Please post the contents of OTListIt.txt in your next reply.

information and logs:

In your next post I need the following

.logs from OTL
let me know of any problems you may have had

Gringo

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#3 Franico

Member

Group: Members
Posts: 15
Joined: 14-June 11

Posted 22 June 2011 - 10:43 PM

Thank you for your reply. I have run the Unhide program (and it ran very quietly). It seems that many folders (and files?) that were "gone" before are appearing again. However, you also asked for other symptoms. And the primary one is that there is still a lot that is "gone". My Start Menu was entirely gone; unhiding seems to have returned the *folders* -- but they're all empty. So I can see my Start Menu "hierarchy", but there's nothing to click on.

My Control Panel also seems to be missing several icons. My Contacts and Favorite did come back. Some of the desktop icons are still missing. (It seems that ones that were under my User name are back; but ones that were created for All Users are still gone.) So while a lot reappeared as a result of the Unhide, some of the critical folders seem to actually have been wiped, not just set to Hidden.

You also asked for the OTL output. Here it is. And thank you again for your help.

=========================================================================

OTL logfile created on: 6/22/2011 11:23:47 PM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Frank\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 44.87% Memory free
4.90 Gb Paging File | 2.85 Gb Available in Paging File | 58.04% Paging File free
Paging file location(s): w:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30.22 Gb Total Space | 5.72 Gb Free Space | 18.91% Space Free | Partition Type: NTFS
Drive D: | 24.00 Gb Total Space | 3.48 Gb Free Space | 14.52% Space Free | Partition Type: NTFS
Drive E: | 9.83 Gb Total Space | 3.17 Gb Free Space | 32.20% Space Free | Partition Type: NTFS
Drive F: | 7.81 Gb Total Space | 5.11 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
Drive G: | 15.55 Gb Total Space | 2.35 Gb Free Space | 15.10% Space Free | Partition Type: NTFS
Drive H: | 20.51 Gb Total Space | 2.53 Gb Free Space | 12.34% Space Free | Partition Type: NTFS
Drive I: | 10.00 Gb Total Space | 4.85 Gb Free Space | 48.47% Space Free | Partition Type: NTFS
Drive L: | 167.59 Gb Total Space | 2.15 Gb Free Space | 1.28% Space Free | Partition Type: NTFS
Drive O: | 29.81 Gb Total Space | 18.71 Gb Free Space | 62.77% Space Free | Partition Type: FAT32
Drive R: | 40.49 Gb Total Space | 19.86 Gb Free Space | 49.05% Space Free | Partition Type: NTFS
Drive S: | 20.05 Gb Total Space | 13.44 Gb Free Space | 67.06% Space Free | Partition Type: NTFS
Drive T: | 15.11 Gb Total Space | 12.71 Gb Free Space | 84.12% Space Free | Partition Type: NTFS
Drive U: | 264.54 Gb Total Space | 87.42 Gb Free Space | 33.05% Space Free | Partition Type: NTFS
Drive V: | 30.04 Gb Total Space | 11.60 Gb Free Space | 38.60% Space Free | Partition Type: NTFS
Drive W: | 225.93 Gb Total Space | 144.74 Gb Free Space | 64.06% Space Free | Partition Type: NTFS
Drive Z: | 10.00 Gb Total Space | 5.75 Gb Free Space | 57.50% Space Free | Partition Type: NTFS

Computer Name: FRANK-XPS | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Frank\Desktop\OTL.exe (OldTimer Tools)
PRC - O:\Anti-malware\Unhide.exe ()
PRC - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - F:\Utilities\System\Smart Defrag 2\SmartDefrag.exe (IObit)
PRC - F:\Utilities\Programs\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - F:\Utilities\Programs\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - F:\Utilities\Programs\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
PRC - C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe (Microsoft)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - F:\Utilities\Programs\AI Roboform\robotaskbaricon.exe (Siber Systems)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - F:\Utilities\System\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - F:\Utilities\Programs\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - F:\Applications\Internet\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
PRC - F:\Utilities\System\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ELAN\USB\ETDUSBCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Frank\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\guard32.dll (COMODO)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Users\Frank\AppData\Local\Microsoft\Windows Sidebar\Gadgets\ScreenSnaperV2.7[1].Gadget\Library\Helper.dll (DCUtility)

========== Win32 Services (SafeList) ==========

SRV - (CLPSLS) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (LMIMaint) -- F:\Utilities\Programs\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- F:\Utilities\Programs\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (LogMeIn) -- F:\Utilities\Programs\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (AbsoluteNotifier) -- C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe (Microsoft)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- E:\Microsoft Office 2010\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Norton Ghost) -- F:\Utilities\System\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (GenericMount Helper Service) -- F:\Utilities\System\Norton Ghost\Shared\Drivers\GenericMountHelper.exe (Symantec)
SRV - (Amazon Download Agent) -- F:\Applications\Internet\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (SymSnapService) -- F:\Utilities\System\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
SRV - (SandraAgentSrv) -- F:\Utilities\Programs\SiSoftware Sandra Professional Business 2010.SP2\RpcAgentSrv.exe (SiSoftware)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (nicconfigsvc) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (MpKslb05a9e7b) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6AE7DF1-9CD1-427B-ABE8-8725A2E5E556}\MpKslb05a9e7b.sys (Microsoft Corporation)
DRV - (RKULE) -- C:\Windows\System32\drivers\RKULE.sys ()
DRV - (BlackBox) -- C:\Windows\System32\drivers\BlackBox.sys ()
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (cmderd) -- C:\Windows\System32\drivers\cmderd.sys (COMODO)
DRV - (SmartDefragDriver) -- C:\Windows\System32\Drivers\SmartDefragDriver.sys ()
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (SASDIFSV) -- F:\Utilities\System\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- F:\Utilities\System\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- F:\Utilities\System\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (GenericMount) -- C:\Windows\System32\drivers\GenericMount.sys (Symantec Corporation)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- F:\Utilities\Programs\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (VProEventMonitor) -- C:\Windows\System32\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV - (symsnap) -- C:\Windows\system32\DRIVERS\symsnap.sys (StorageCraft)
DRV - (SANDRA) -- F:\Utilities\Programs\SiSoftware Sandra Professional Business 2010.SP2\WNt500x86\sandra.sys (SiSoftware)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hidflt) -- C:\Windows\System32\drivers\ETDUSB.sys (ELAN Microelectronics Corp.)
DRV - (Ext2fs) -- C:\Windows\System32\drivers\ext2fs.sys (Stephan Schreiber)
DRV - (IfsMount) -- C:\Windows\System32\drivers\ifsmount.sys (Stephan Schreiber)
DRV - (OA002Vid) -- C:\Windows\System32\drivers\OA002Vid.sys (Creative Technology Ltd.)
DRV - (OA002Ufd) -- C:\Windows\System32\drivers\OA002Ufd.sys (Creative Technology Ltd.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (physX32) -- C:\Windows\System32\drivers\physX32.sys (AGEIA Technologies, Inc.)
DRV - (OA002Afx) -- C:\Windows\System32\drivers\OA002Afx.sys (Creative Technology Ltd.)
DRV - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation)
DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation)
DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation)
DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 2E 16 18 5E 42 CB 01 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 2E 16 18 5E 42 CB 01 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080606
IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080606
IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-470704285-634350156-1256116804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51374

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - F:\Utilities\Programs\AI Roboform\roboform.dll (Siber Systems)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Utilities\Programs\AI Roboform\roboform.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-470704285-634350156-1256116804-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - F:\Utilities\Programs\AI Roboform\roboform.dll (Siber Systems)
O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] F:\Applications\Internet\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [BCSSync] E:\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [ETDUSBWare] C:\Program Files\ELAN\USB\ETDUSBCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] F:\Utilities\Programs\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Norton Ghost 15.0] F:\Utilities\System\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] F:\Applications\Miscellaneous\Sony PC Suite\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] F:\Utilities\System\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-470704285-634350156-1256116804-1000..\Run: [lKMwrmNWsXvp norun] File not found
O4 - HKU\S-1-5-21-470704285-634350156-1256116804-1000..\Run: [RoboForm] F:\Utilities\Programs\AI Roboform\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-470704285-634350156-1256116804-1000..\Run: [SUPERAntiSpyware] F:\Utilities\System\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-470704285-634350156-1256116804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O8 - Extra context menu item: &Subscribe with ArchosLink - F:\Applications\Multimedia\Archoslink\script.js ()
O8 - Extra context menu item: Customize Menu - F:\Utilities\Programs\AI Roboform\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - F:\Utilities\Programs\AI Roboform\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - F:\Utilities\Programs\AI Roboform\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - F:\Utilities\Programs\AI Roboform\RoboFormComSavePass.html ()
O8 - Extra context menu item: Se&nd to OneNote - E:\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Utilities\Programs\AI Roboform\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Utilities\Programs\AI Roboform\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Utilities\Programs\AI Roboform\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Utilities\Programs\AI Roboform\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Utilities\Programs\AI Roboform\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Utilities\Programs\AI Roboform\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-470704285-634350156-1256116804-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - F:\Utilities\System\SUPERAntiSpyware\SASWINLO.dll - F:\Utilities\System\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS-gaming-wallpaper_blue1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS-gaming-wallpaper_blue1.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Utilities\System\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/11/19 14:48:00 | 000,000,073 | -H-- | M] () - O:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{d41654d8-ad8c-11df-9cc4-001d093838bc}\Shell - "" = AutoRun
O33 - MountPoints2\{d41654d8-ad8c-11df-9cc4-001d093838bc}\Shell\AutoRun\command - "" = "Q:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 21:34:12 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\QuickScan
[2011/06/22 20:30:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/22 20:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2011/06/22 20:16:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2011/06/22 20:16:29 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2011/06/22 20:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/06/22 20:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/06/22 20:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/06/22 19:39:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2011/06/22 19:39:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2011/06/22 19:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2011/06/22 19:39:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0301010.006
[2011/06/22 19:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/06/22 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/06/22 19:17:29 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\NPE
[2011/06/22 19:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/06/21 23:03:33 | 000,000,000 | ---D | C] -- C:\Windows\PIF
[2011/06/21 22:33:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\log
[2011/06/21 21:49:50 | 007,388,480 | ---- | C] (McAfee Inc.) -- C:\Users\Frank\Desktop\McAfee stinger10.2.0.122.exe
[2011/06/21 21:13:40 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\f-secure
[2011/06/21 21:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011/06/21 21:09:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/21 21:09:20 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/06/21 21:09:20 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/21 21:09:20 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/21 21:09:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/21 21:09:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/21 21:09:19 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/21 21:09:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/21 21:09:19 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/21 21:09:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/21 21:09:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/21 21:09:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/21 21:09:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/21 21:09:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/21 21:09:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/21 21:09:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/21 21:09:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/21 21:02:42 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Frank\Desktop\F-Secure BlackLight Rootkit Eliminator setup.exe
[2011/06/21 19:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/06/18 20:53:13 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Malwarebytes
[2011/06/18 20:52:58 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/18 20:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2011/06/18 20:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/18 20:52:52 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/16 17:11:18 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Frank\Desktop\MalwareBytes AntiMalware setup-1.51.0.1200.exe
[2011/06/16 17:09:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2011/06/16 15:28:52 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Frank\Desktop\TDSSKiller.exe
[2011/06/13 22:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/13 22:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/06/13 22:16:39 | 000,509,440 | ---- | C] (iS3, Inc.) -- C:\Users\Frank\Desktop\STOPZilla SetupAV.exe
[2011/06/08 21:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/29 16:30:17 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\HandBrake
[2011/05/29 16:30:17 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\HandBrake
[2011/05/29 14:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/29 14:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/28 22:41:25 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Symantec
[2011/05/28 21:32:38 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Symantec_Corporation
[2011/05/28 21:15:43 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll
[2011/05/28 21:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/05/28 21:15:01 | 000,131,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WimFltr.sys
[2011/05/28 21:14:15 | 000,138,592 | ---- | C] (StorageCraft) -- C:\Windows\System32\drivers\symsnap.sys
[2011/05/28 21:14:08 | 000,015,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\vproeventmonitor.sys
[2011/05/28 21:13:43 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011/05/28 21:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/05/28 21:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/05/28 21:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/22 23:27:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-470704285-634350156-1256116804-1000UA.job
[2011/06/22 23:20:11 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 23:20:11 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 23:19:19 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2011/06/22 23:04:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/22 22:59:09 | 000,609,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/22 22:59:09 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/22 21:23:22 | 000,169,176 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/22 21:22:51 | 000,169,176 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/06/22 21:22:49 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/22 21:20:37 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2011/06/22 21:20:34 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2011/06/22 21:19:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/22 20:16:07 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Frank.job
[2011/06/22 20:12:01 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2011/06/22 20:11:34 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2011/06/22 19:53:18 | 000,000,036 | ---- | M] () -- C:\Users\Frank\AppData\Local\housecall.guid.cache
[2011/06/22 19:40:02 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2011/06/22 19:11:09 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2011/06/21 23:35:42 | 000,000,017 | ---- | M] () -- C:\Users\Frank\Desktop\McAfee stinger10.2.0.122.opt
[2011/06/21 22:32:10 | 000,302,592 | ---- | M] () -- C:\Users\Frank\Desktop\GMER kp4l5y5l.exe
[2011/06/21 22:17:42 | 000,021,774 | ---- | M] () -- C:\Users\Frank\Desktop\explorer advanced.reg
[2011/06/21 21:49:56 | 007,388,480 | ---- | M] (McAfee Inc.) -- C:\Users\Frank\Desktop\McAfee stinger10.2.0.122.exe
[2011/06/21 21:48:52 | 001,113,789 | ---- | M] () -- C:\Users\Frank\Desktop\Trend Micro RootkitBuster_3.60.1016.zip
[2011/06/21 21:45:30 | 000,000,893 | ---- | M] () -- C:\Users\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.lnk
[2011/06/21 21:20:43 | 001,309,375 | ---- | M] () -- C:\Users\Frank\Desktop\Kaspersky tdsskiller.zip
[2011/06/21 21:02:46 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Frank\Desktop\F-Secure BlackLight Rootkit Eliminator setup.exe
[2011/06/21 20:26:31 | 000,001,827 | ---- | M] () -- C:\Users\Frank\Desktop\Command Prompt.lnk
[2011/06/18 20:52:58 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/18 20:49:45 | 000,062,976 | ---- | M] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/18 20:33:19 | 000,165,781 | ---- | M] () -- C:\Users\Frank\Desktop\Rainy day.jpg
[2011/06/17 21:19:39 | 000,000,766 | ---- | M] () -- C:\Users\Frank\Desktop\robotaskbaricon.lnk
[2011/06/16 17:09:23 | 000,035,712 | ---- | M] () -- C:\Windows\System32\drivers\RKULE.sys
[2011/06/16 16:58:18 | 000,035,712 | ---- | M] () -- C:\Windows\System32\drivers\BlackBox.sys
[2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Frank\Desktop\TDSSKiller.exe
[2011/06/14 17:36:32 | 000,001,356 | ---- | M] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat
[2011/06/14 10:12:14 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Frank\Desktop\MalwareBytes AntiMalware setup-1.51.0.1200.exe
[2011/06/14 10:08:46 | 001,007,120 | ---- | M] () -- C:\Users\Frank\Desktop\rkill.exe
[2011/06/14 09:55:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2011/06/14 09:53:42 | 000,139,264 | ---- | M] () -- C:\Users\Frank\Desktop\RKULE.EXE
[2011/06/13 22:18:52 | 000,512,992 | ---- | M] () -- C:\Users\Frank\Desktop\Spyware Doctor installer.exe
[2011/06/13 22:10:50 | 000,509,440 | ---- | M] (iS3, Inc.) -- C:\Users\Frank\Desktop\STOPZilla SetupAV.exe
[2011/06/13 20:11:17 | 000,420,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/13 18:27:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-470704285-634350156-1256116804-1000Core.job
[2011/06/10 20:02:48 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/09 21:56:18 | 000,048,903 | ---- | M] () -- C:\Users\Frank\Desktop\NTCA 401K.jpg
[2011/06/09 21:54:35 | 000,029,021 | ---- | M] () -- C:\Users\Frank\Desktop\Roth IRA.jpg
[2011/06/09 21:53:18 | 000,090,584 | ---- | M] () -- C:\Users\Frank\Desktop\Traditional IRA.jpg
[2011/06/09 21:51:52 | 000,078,015 | ---- | M] () -- C:\Users\Frank\Desktop\Individual Brokerage.jpg
[2011/06/08 22:04:12 | 000,002,297 | ---- | M] () -- C:\Users\Frank\Desktop\SyncToy 2.1.lnk
[2011/06/07 22:11:34 | 000,051,999 | ---- | M] () -- C:\Users\Frank\Desktop\FMHS graduation 2.jpg
[2011/06/07 22:09:24 | 000,050,609 | ---- | M] () -- C:\Users\Frank\Desktop\FMHS graduation 1.jpg
[2011/06/03 19:58:01 | 000,366,678 | ---- | M] () -- G:\Documents\Michael.bmp
[2011/06/03 19:54:40 | 000,366,678 | ---- | M] () -- G:\Documents\Screen Snaper Image 8.bmp
[2011/06/03 19:54:04 | 000,366,678 | ---- | M] () -- G:\Documents\Screen Snaper Image 7.bmp
[2011/06/03 19:43:36 | 000,366,678 | ---- | M] () -- G:\Documents\Screen Snaper Image 6.bmp
[2011/06/03 19:27:23 | 000,366,678 | ---- | M] () -- G:\Documents\Screen Snaper Image 5.bmp
[2011/06/03 19:19:09 | 000,366,678 | ---- | M] () -- G:\Documents\Screen Snaper Image 4.bmp
[2011/06/03 19:15:50 | 000,366,678 | ---- | M] () -- G:\Documents\Screen Snaper Image 3.bmp
[2011/06/03 19:14:35 | 001,970,830 | ---- | M] () -- G:\Documents\Screen Snaper Image 2.bmp
[2011/06/03 19:13:35 | 002,437,238 | ---- | M] () -- G:\Documents\Screen Snaper Image 1.bmp
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 21:14:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011/05/28 21:14:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/05/28 20:36:31 | 000,907,254 | ---- | M] () -- C:\Users\Frank\Desktop\NC DOR Check image.bmp
[2011/05/28 02:05:27 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/05/28 02:04:56 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/28 02:04:56 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/28 02:04:30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/28 02:04:22 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/28 02:04:17 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/28 02:04:03 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/28 02:04:03 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/28 02:04:03 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/28 02:04:02 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/28 02:04:02 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/28 02:03:58 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/28 01:10:26 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/28 00:33:03 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/28 00:32:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/28 00:31:44 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/22 20:14:55 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2011/06/22 20:12:01 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2011/06/22 20:11:34 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2011/06/22 19:53:18 | 000,000,036 | ---- | C] () -- C:\Users\Frank\AppData\Local\housecall.guid.cache
[2011/06/22 19:40:02 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2011/06/22 19:40:02 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\Norton Security Scan for Frank.job
[2011/06/22 19:39:59 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0301010.006\isolate.ini
[2011/06/21 23:35:42 | 000,000,017 | ---- | C] () -- C:\Users\Frank\Desktop\McAfee stinger10.2.0.122.opt
[2011/06/21 22:32:06 | 000,302,592 | ---- | C] () -- C:\Users\Frank\Desktop\GMER kp4l5y5l.exe
[2011/06/21 22:17:42 | 000,021,774 | ---- | C] () -- C:\Users\Frank\Desktop\explorer advanced.reg
[2011/06/21 21:48:51 | 001,113,789 | ---- | C] () -- C:\Users\Frank\Desktop\Trend Micro RootkitBuster_3.60.1016.zip
[2011/06/21 21:45:30 | 000,000,893 | ---- | C] () -- C:\Users\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.lnk
[2011/06/21 21:44:09 | 000,002,058 | ---- | C] () -- C:\Users\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/21 21:42:19 | 000,000,104 | ---- | C] () -- C:\Users\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail.lnk
[2011/06/21 21:41:56 | 000,000,258 | ---- | C] () -- C:\Users\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/21 21:41:48 | 000,000,240 | ---- | C] () -- C:\Users\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/21 21:20:33 | 001,309,375 | ---- | C] () -- C:\Users\Frank\Desktop\Kaspersky tdsskiller.zip
[2011/06/21 20:24:53 | 000,001,827 | ---- | C] () -- C:\Users\Frank\Desktop\Command Prompt.lnk
[2011/06/18 21:05:08 | 001,007,120 | ---- | C] () -- C:\Users\Frank\Desktop\rkill.exe
[2011/06/18 20:52:58 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/18 20:33:17 | 000,165,781 | ---- | C] () -- C:\Users\Frank\Desktop\Rainy day.jpg
[2011/06/17 21:19:39 | 000,000,766 | ---- | C] () -- C:\Users\Frank\Desktop\robotaskbaricon.lnk
[2011/06/16 17:03:20 | 000,035,712 | ---- | C] () -- C:\Windows\System32\drivers\RKULE.sys
[2011/06/16 17:03:07 | 000,139,264 | ---- | C] () -- C:\Users\Frank\Desktop\RKULE.EXE
[2011/06/16 16:58:18 | 000,035,712 | ---- | C] () -- C:\Windows\System32\drivers\BlackBox.sys
[2011/06/13 22:21:10 | 000,512,992 | ---- | C] () -- C:\Users\Frank\Desktop\Spyware Doctor installer.exe
[2011/06/09 21:55:34 | 000,048,903 | ---- | C] () -- C:\Users\Frank\Desktop\NTCA 401K.jpg
[2011/06/09 21:53:59 | 000,029,021 | ---- | C] () -- C:\Users\Frank\Desktop\Roth IRA.jpg
[2011/06/09 21:52:38 | 000,090,584 | ---- | C] () -- C:\Users\Frank\Desktop\Traditional IRA.jpg
[2011/06/09 21:50:58 | 000,078,015 | ---- | C] () -- C:\Users\Frank\Desktop\Individual Brokerage.jpg
[2011/06/07 22:11:34 | 000,051,999 | ---- | C] () -- C:\Users\Frank\Desktop\FMHS graduation 2.jpg
[2011/06/07 22:09:24 | 000,050,609 | ---- | C] () -- C:\Users\Frank\Desktop\FMHS graduation 1.jpg
[2011/06/03 19:58:01 | 000,366,678 | ---- | C] () -- G:\Documents\Michael.bmp
[2011/06/03 19:54:40 | 000,366,678 | ---- | C] () -- G:\Documents\Screen Snaper Image 8.bmp
[2011/06/03 19:54:04 | 000,366,678 | ---- | C] () -- G:\Documents\Screen Snaper Image 7.bmp
[2011/06/03 19:43:36 | 000,366,678 | ---- | C] () -- G:\Documents\Screen Snaper Image 6.bmp
[2011/06/03 19:27:22 | 000,366,678 | ---- | C] () -- G:\Documents\Screen Snaper Image 5.bmp
[2011/06/03 19:19:09 | 000,366,678 | ---- | C] () -- G:\Documents\Screen Snaper Image 4.bmp
[2011/06/03 19:15:50 | 000,366,678 | ---- | C] () -- G:\Documents\Screen Snaper Image 3.bmp
[2011/06/03 19:14:35 | 001,970,830 | ---- | C] () -- G:\Documents\Screen Snaper Image 2.bmp
[2011/06/03 19:13:35 | 002,437,238 | ---- | C] () -- G:\Documents\Screen Snaper Image 1.bmp
[2011/05/28 21:14:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011/05/28 21:14:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/05/28 21:13:45 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/05/28 20:36:31 | 000,907,254 | ---- | C] () -- C:\Users\Frank\Desktop\NC DOR Check image.bmp
[2011/05/08 18:56:24 | 000,000,000 | ---- | C] () -- C:\Windows\Curses.INI
[2011/04/30 22:46:38 | 000,003,528 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\12E4.654
[2011/03/31 15:11:07 | 000,077,308 | ---- | C] () -- C:\Windows\hpqins05.dat
[2011/03/31 15:06:53 | 000,116,785 | ---- | C] () -- C:\Windows\hpqins00.dat
[2011/03/24 09:22:06 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/03/24 09:22:06 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/02/10 21:58:35 | 000,001,356 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat
[2011/01/08 16:15:45 | 002,217,088 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/01/08 16:15:45 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/01/08 16:15:45 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/01/08 16:15:45 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/01/08 16:15:45 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/11/14 23:00:50 | 000,000,130 | ---- | C] () -- C:\Windows\System32\ftpreica.bin
[2010/09/24 21:38:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/09/23 20:54:34 | 013,176,832 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/09/19 13:05:20 | 000,169,176 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/09/19 13:05:20 | 000,169,176 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/09/04 16:37:34 | 000,012,998 | R--- | C] () -- C:\Windows\hpwscr14.dat
[2010/09/04 16:33:18 | 000,180,032 | ---- | C] () -- C:\Windows\hpwins14.dat
[2010/08/26 03:02:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/26 00:00:54 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010/08/26 00:00:54 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2010/08/25 21:57:01 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/24 20:18:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/24 20:18:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/22 21:44:51 | 000,000,608 | ---- | C] () -- C:\ProgramData\T2
[2010/08/22 21:44:51 | 000,000,604 | ---- | C] () -- C:\Program Files\STLL Notifier
[2010/08/22 17:13:44 | 000,062,976 | ---- | C] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/22 17:07:53 | 000,000,658 | ---- | C] () -- C:\Windows\unins000.dat
[2010/08/21 20:46:15 | 000,087,379 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\nvModes.001
[2010/08/21 20:45:21 | 000,087,379 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\nvModes.dat
[2010/08/21 20:33:22 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2010/08/21 20:31:17 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010/08/21 19:37:41 | 000,001,844 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\install.dat
[2010/07/26 10:13:40 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/06/23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/03/03 18:48:14 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2010/03/03 18:48:14 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/06/06 13:45:12 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/06/06 13:45:02 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/06/06 11:03:31 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/02/03 19:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2007/11/16 12:12:18 | 000,001,108 | R--- | C] () -- C:\Windows\hpwmdl14.dat
[2007/07/25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/06/19 09:59:36 | 000,070,400 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007/04/20 08:57:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,420,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,609,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 749 bytes -> G:\Documents\Facts about Islam.eml:OECustomProperty
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#4 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 22 June 2011 - 10:58 PM

Hello

Have you run any type of temp cleaner?

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1

Link 2

Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

<-- Don't worry every little bit helps.

#5 Franico

Member

Group: Members
Posts: 15
Joined: 14-June 11

Posted 23 June 2011 - 09:54 PM

OK, let me take this in order. First, you asked if I'd used any kind of cleaner. While I was waiting for a reply to my post here, I did spend a day or so trying every "reputible" scanner and cleaner that I could lay my hands on. I have run:

CCleaner
RK Unhooker
MS Malicious Software Removal Tool
Microsoft Security Essentials
Norton Power Eraser
Norton Security Scan
BitDefender Free Scanner
F-Secure Blacklight Rootkit Eliminator
Trend Micro Housecall
Trend Micro Rootkit Buster
McAfee Stinger
Comodo Internet Security
Kaspersky TDSSKiller
MalwareBytes Anti-Malware
Sophos Anti-Rootkit
SuperAntiSpyware
GMER
Unhide

And probably one or two others. I do not run them ignorantly; I research each one, and only use those that I trust. However, almost without exception, every single one ran without finding a single infection -- with the occasional exception of something like a harmless tracking cookie. Nothing!

So, you then asked me to run ComboFix. (And I'm embarrassed that I didn't think of that before; because I have had occasion to use ComboFix in the past.) I downloaded the latest version from the BC site here, saved it on my desktop as you asked, disabled all security software (using MSCONFIG), and rebooted. When I double-clicked on the ComboFix.exe file, though, it didn't work.

The ComboFix window opened, and green text showed me that it was extracting file after file after file... until it got to two lines that said:

"Output folder C:\32788R22FWJFW\N_"
and
"Output folder C:\32788R22FWJFW"

And then it just stayed there. I was not doing anything else; and I specifically recalled your instruction not to interrupt the ComboFix window or it might hang. The first time, I waited 5 or 10 minutes, and didn't see anything happening. I killed the program, and went to look for those folders. They did not exist. There *was* a FILE in the C: root directory called "32788R22FWJFW", and the size was 11,219,422 bytes. However, it did not have an extension; and when I tried to Open it, it simply opened another Explorer window at the "Computer" level.

So I shut eveyrthing down, rebooted, and tried again. This time, I let it run for about an hour -- even though I could see it appeared to "hang" at those same lines.

It almost seems as thought it's having trouble creating either a folder or a file on the C: drive. (I don't know if it's related, but every time I boot, Adobe Reader says it has an udpate to install. I click to install it, it seems to do so, but at the very end, I get an error that it couldn't do the update -- maybe for a similar reason??)

Therefore, I cannot supply a ComboFix log file at this time. If you can give me an idea of how to get it to run correctly, I can do that.

In the mean time, you ended by asking how is it doing now. Yesterday was the first time since the infection that I have actually booted to full Windows (i.e., not Safe Mode), while networked. And the system stayed up for 8 hours or so before I shut it off. So on the one hand, I'm wondering if maybe I've managed to eliminate the malware. However, there are still severe problems left, as I suspect that even Unhide didn't "find" everything. There are still things I can't do (such as, in some cases, create folders on the C: drive). There are some programs that won't run (maybe because files have been locked?) Is there a generic file unlocker, similar to Unhide?

Could the malware have reset some policies, or permissions, or something that is inhibiting me from doing "normal" things?

I'm sorry that I couldn't provide more information. But if you have other suggestions, I will certainly try them. I am still uneasy about using the system for anything serious, for any length of time.

Thank you again for your help.

#6 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 23 June 2011 - 10:10 PM

Hello

this infection takes everything that is in the start menu folder and moves them to a new folder in the temp directory we use unhide and sometimes a bat file to move everything back into place - now the bad news CCleaner is a temp file cleaner so guess what happened when you ran that program - yep got cleaned. so what you need to do now is go into the programs folder find the programs that you want to use and make a new short cut for them

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo

<-- Don't worry every little bit helps.

#7 Franico

Member

Group: Members
Posts: 15
Joined: 14-June 11

Posted 24 June 2011 - 08:46 PM

Thanks for the information about the hidden Start Menu items. Yes, it's a shame that they're gone. I can re-create shortcuts for many of my programs; but there are two problems. The first is that not all shortcuts simply call an .exe file; sometimes they have additional parameters on them, which I cannot re-create. Second, I am missing all of the system folders and shortcuts, as well -- e.g., Accessories, System Tools, Microsoft Office, etc. And I have no clue how to re-create all of those. So they may be lost for good.

Now, as to the ComboFix log... I did get it to run -- although it gave me an error message saying that some Comodo files and some Microsoft Security Essentials files were still running. I checked Processes and Services in Task Manager, and they didn't show up. I also checked MSCONFIG, and they were *unchecked*. So I have no idea why they showed as still running, but I continued with ComboFix anyway. Here is the log file. Thanks again for the help.

=============================================================================================

ComboFix 11-06-23.01 - Frank 06/24/2011 21:23:53.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2617 [GMT -4:00]
Running from: c:\users\Frank\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Frank\AppData\Roaming\Install.dat
c:\windows\system32\skinboxer43.dll
.
Infected copy of c:\windows\System32\autochk.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-25 to 2011-06-25 )))))))))))))))))))))))))))))))
.
.
2011-06-25 01:28 . 2011-06-25 01:29 -------- d-----w- c:\users\Frank\AppData\Local\temp
2011-06-25 01:28 . 2011-06-25 01:28 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-06-25 01:28 . 2011-06-25 01:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-23 01:34 . 2011-06-23 01:34 -------- d-----w- c:\users\Frank\AppData\Roaming\QuickScan
2011-06-23 00:22 . 2011-06-23 00:22 -------- d-----w- c:\programdata\Comodo Downloader
2011-06-23 00:16 . 2011-06-23 00:16 -------- d-----w- C:\VritualRoot
2011-06-23 00:14 . 2011-06-25 01:14 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-06-23 00:11 . 2011-06-23 00:22 -------- d-----w- c:\programdata\Comodo
2011-06-23 00:11 . 2011-06-23 00:11 -------- d-----w- c:\program files\COMODO
2011-06-22 23:39 . 2011-06-22 23:39 -------- d-----w- c:\windows\system32\drivers\NSS
2011-06-22 23:39 . 2011-06-22 23:39 -------- d-----w- c:\program files\Norton Security Scan
2011-06-22 23:39 . 2011-06-22 23:39 -------- d-----w- c:\program files\NortonInstaller
2011-06-22 23:17 . 2011-06-22 23:39 -------- d-----w- c:\programdata\Norton
2011-06-22 23:17 . 2011-06-22 23:39 -------- d-----w- c:\users\Frank\AppData\Local\NPE
2011-06-22 03:03 . 2011-06-22 03:03 -------- d-----w- c:\windows\PIF
2011-06-22 02:33 . 2011-06-22 02:33 -------- d-----w- c:\windows\system32\log
2011-06-22 01:13 . 2011-06-22 01:13 -------- d-----w- c:\users\Frank\AppData\Roaming\f-secure
2011-06-22 01:12 . 2011-06-22 01:12 -------- d-----w- c:\programdata\F-Secure
2011-06-21 23:50 . 2010-05-26 14:39 6144 ------w- c:\windows\system32\1028.tmp
2011-06-21 23:49 . 2010-05-26 14:39 6144 ------w- c:\windows\system32\315D.tmp
2011-06-21 23:48 . 2010-05-26 14:39 6144 ------w- c:\windows\system32\2442.tmp
2011-06-19 11:51 . 2010-11-30 15:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AE0B7ED-D61F-4FB3-9845-6BC2E6A364A7}\gapaengine.dll
2011-06-19 00:53 . 2011-06-19 00:53 -------- d-----w- c:\users\Frank\AppData\Roaming\Malwarebytes
2011-06-19 00:52 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-19 00:52 . 2011-06-19 00:52 -------- d-----w- c:\programdata\Malwarebytes
2011-06-19 00:52 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-16 21:03 . 2011-06-16 21:09 35712 ----a-w- c:\windows\system32\drivers\RKULE.sys
2011-06-16 20:58 . 2011-06-16 20:58 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2011-06-14 02:21 . 2011-06-16 20:56 -------- d-----w- c:\programdata\PC Tools
2011-06-09 01:30 . 2011-06-09 01:30 -------- d-----w- c:\program files\iPod
2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-05-29 20:30 . 2011-05-29 20:30 -------- d-----w- c:\users\Frank\AppData\Roaming\HandBrake
2011-05-29 20:30 . 2011-05-29 20:30 -------- d-----w- c:\users\Frank\AppData\Local\HandBrake
2011-05-29 18:38 . 2011-06-22 01:05 -------- d-----w- c:\programdata\Skype Extras
2011-05-29 18:38 . 2011-05-29 18:38 -------- d-----w- c:\program files\Common Files\Skype
2011-05-29 02:41 . 2011-05-29 02:41 -------- d-----w- c:\users\Frank\AppData\Roaming\Symantec
2011-05-29 01:32 . 2011-05-29 01:32 -------- d-----w- c:\users\Frank\AppData\Local\Symantec_Corporation
2011-05-29 01:15 . 2011-05-29 01:15 -------- d-----w- c:\program files\Symantec
2011-05-29 01:15 . 2009-10-02 02:03 131000 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2011-05-29 01:14 . 2009-09-22 00:20 138592 ----a-w- c:\windows\system32\drivers\symsnap.sys
2011-05-29 01:14 . 2009-09-22 00:40 15096 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2011-05-29 01:13 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-05-29 01:13 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-05-29 01:12 . 2011-06-22 23:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-05-29 01:12 . 2011-06-22 23:40 -------- d-----w- c:\programdata\Symantec
2011-05-29 01:12 . 2011-05-29 01:12 -------- d-----w- c:\programdata\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-25 01:20 . 2010-08-22 00:31 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-06-25 01:03 . 2011-05-21 00:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-25 00:53 . 2010-08-21 23:50 57752 ----a-w- c:\windows\system32\rpcnet.dll
2011-06-22 23:11 . 2010-08-22 00:33 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2011-06-07 15:55 . 2010-08-23 22:58 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-07 20:17 . 2011-05-07 20:17 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-05-06 18:30 . 2010-08-26 04:00 16472 ------w- c:\windows\system32\pwdrvio.sys
2011-05-06 18:29 . 2010-08-26 04:00 11104 ------w- c:\windows\system32\pwdspio.sys
2011-05-03 00:36 . 2011-05-03 00:36 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-03 00:36 . 2011-05-03 00:36 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-05-03 00:36 . 2011-05-03 00:36 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-05-03 00:36 . 2011-05-03 00:36 284744 ----a-w- c:\windows\system32\guard32.dll
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-29 00:12 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-06 68856]
"RoboForm"="f:\utilities\Programs\AI Roboform\RoboTaskBarIcon.exe" [2010-08-23 160592]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-27 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-07-18 775952]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"BCSSync"="e:\microsoft office 2010\Office14\BCSSync.exe" [2010-03-13 91520]
"LogMeIn GUI"="f:\utilities\Programs\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"UnlockerAssistant"="f:\utilities\System\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"ETDUSBWare"="c:\program files\Elan\USB\ETDUSBCtrl.exe" [2009-02-20 364544]
"Absolute Notifier"="c:\program files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"Sony Ericsson PC Suite"="f:\applications\Miscellaneous\Sony PC Suite\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"AmazonGSDownloaderTray"="f:\applications\Internet\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\utilities\System\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- f:\utilities\System\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO]
2011-05-26 03:43 208184 ----a-w- c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2011-05-10 03:17 2552648 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPA]
2011-05-26 03:43 182584 ----a-w- c:\program files\COMODO\COMODO GeekBuddy\VALA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- f:\applications\Music\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 18:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 15.0]
2010-03-03 23:39 2598760 ----a-w- f:\utilities\System\Norton Ghost\Agent\VProTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-03-29 12:29 2012912 ----a-w- f:\utilities\System\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-05-03 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-05-03 36568]
R1 MpKsl037b702b;MpKsl037b702b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15E3CAEA-2FDB-478F-A3B0-DC6BA1740FEA}\MpKsl037b702b.sys [x]
R1 MpKsldbc16fdb;MpKsldbc16fdb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15E3CAEA-2FDB-478F-A3B0-DC6BA1740FEA}\MpKsldbc16fdb.sys [x]
R1 SASDIFSV;SASDIFSV;f:\utilities\System\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;f:\utilities\System\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
R2 AbsoluteNotifier;Absolute Notifier;c:\program files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
R2 Amazon Download Agent;Amazon Download Agent;f:\applications\Internet\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 136176]
R2 LMIGuardianSvc;LMIGuardianSvc;f:\utilities\Programs\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;f:\utilities\Programs\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
R2 rpcnetp;rpcnetp;c:\windows\System32\rpcnetp.exe [2011-06-25 17408]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 237056]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-09-08 484352]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 GenericMount Helper Service;GenericMount Helper Service;f:\utilities\System\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2010-02-12 1574408]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2010-02-12 57840]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 136176]
R3 hidflt;Elan HID/USB Mouse Driver;c:\windows\system32\DRIVERS\ETDUSB.sys [2009-02-06 25088]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\B192.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\microsoft office 2010\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-07 148056]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 144672]
R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-07-31 268672]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 physX32;physX32;c:\windows\system32\DRIVERS\physX32.sys [2007-06-26 117888]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-05-06 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-05-06 11104]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\utilities\Programs\SiSoftware Sandra Professional Business 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]
R3 SASENUM;SASENUM;f:\utilities\System\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-11-02 7168]
R3 SymSnapService;SymSnapService;f:\utilities\System\Norton Ghost\Shared\Drivers\SymSnapService.exe [2009-09-22 1964528]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 BlackBox;BlackBox SR2; [x]
S0 RKULE;BlackBox SR2; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-05-03 19088]
S1 Ext2fs;Ext2fs;c:\windows\system32\DRIVERS\ext2fs.sys [2008-09-25 189888]
S1 IfsMount;IfsMount;c:\windows\system32\DRIVERS\ifsmount.sys [2008-08-29 60352]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 154424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 01:43]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 01:43]
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-470704285-634350156-1256116804-1000Core.job
- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 01:43]
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-470704285-634350156-1256116804-1000UA.job
- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 01:43]
.
2011-06-23 c:\windows\Tasks\Norton Security Scan for Frank.job
- c:\progra~1\NORTON~2\Engine\311~1.6\Nss.exe [2011-06-22 10:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080606
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:51374
IE: &Subscribe with ArchosLink - file://f:\applications\Multimedia\Archoslink\\script.js
IE: Customize Menu - file://f:\utilities\Programs\AI Roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - e:\micros~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://f:\utilities\Programs\AI Roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://f:\utilities\Programs\AI Roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://f:\utilities\Programs\AI Roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - e:\micros~2\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-hpqSRMon - (no file)
SafeBoot-87573493.sys
MSConfigStartUp-HP Software Update - e:\hp\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-lKMwrmNWsXvp norun - c:\programdata\lKMwrmNWsXvp.exe
AddRemove-BCDP7_is1 - f:\applications\Graphics\Business Card Designer Plus 7\Uninstall\unins000.exe
AddRemove-{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1 - f:\utilities\System\Partition Wizard Home Edition 5.0\unins000.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\B192.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2011-06-24 21:33:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-25 01:32
.
Pre-Run: 6,828,470,272 bytes free
Post-Run: 6,735,056,896 bytes free
.
- - End Of File - - DEAB0573266235E7ED170912A18812CF

#8 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 24 June 2011 - 09:52 PM

You can restore the defaults for the Start Menu and Administrative Tools as follows:

I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:51374

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

<-- Don't worry every little bit helps.

#9 Franico

Member

Group: Members
Posts: 15
Joined: 14-June 11

Posted 24 June 2011 - 11:35 PM

I'm not sure if it ran correctly. After extracting all the files, I got the message that Microsoft Security Essentials was still running -- although I had killed the process. So I continued anyway. It said it a second time, but I continued. I hope that this is the report that you wanted.

BTW, in the mean time, I have been (slowly) doing what you suggested, and started (re)creating some of my Start Menu entries. Thanks for the references to the articles about re-creating some of the System shortcuts. I'll try those next.

This report is my last for today. It's after midnight here, but I'll be back on in the morning. I must say, I am having a bit more confidence about running in "normal" mode, instead of Safe Mode. BTW, there also still seems to be places that I cannot write to. For example, even though I've checked the box that says to list recently-used (or most-used) programs in the Start Menu, they don't show. And I still have the problem that Adobe Reader continues to try to install its latest update; and it says it's successful. But then the next time, it tries it all over again.

Anyway, here's that latest report. If I didn't do it right, let me know and I'll run it again.

Thanks.

=====================================================================
ComboFix 11-06-24.02 - Frank 06/25/2011 0:20.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1711 [GMT -4:00]
Running from: c:\users\Frank\Desktop\ComboFix.exe
Command switches used :: c:\users\Frank\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Frank\AppData\Local\Temp\ppcrlui_4592_2
c:\windows\system32\skinboxer43.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-25 to 2011-06-25 )))))))))))))))))))))))))))))))
.
.
2011-06-25 04:25 . 2011-06-25 04:25 -------- d-----w- c:\users\Frank\AppData\Local\temp
2011-06-25 04:25 . 2011-06-25 04:25 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-06-25 04:25 . 2011-06-25 04:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-25 03:55 . 2011-06-25 03:55 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB61E8FB-2A7B-49CE-A6D9-BB2E42D5DB0D}\MpKsl3c83a6e7.sys
2011-06-25 03:12 . 2011-03-26 00:04 18048 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-06-25 03:12 . 2011-03-26 00:03 2340992 ----a-w- c:\windows\system32\BootMan.exe
2011-06-25 03:12 . 2011-03-24 14:57 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2011-06-25 03:12 . 2011-03-24 14:57 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-06-25 03:12 . 2011-03-24 14:57 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2011-06-25 03:06 . 2010-08-16 20:31 725064 ----a-w- c:\windows\system32\pwNative.exe
2011-06-25 01:03 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB61E8FB-2A7B-49CE-A6D9-BB2E42D5DB0D}\mpengine.dll
2011-06-24 03:14 . 2011-06-25 04:16 -------- d-----w- c:\users\Frank\AppData\Local\CrashDumps
2011-06-23 01:34 . 2011-06-23 01:34 -------- d-----w- c:\users\Frank\AppData\Roaming\QuickScan
2011-06-23 00:14 . 2011-06-25 01:54 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-06-22 23:17 . 2011-06-25 02:40 -------- d-----w- c:\programdata\Norton
2011-06-22 23:17 . 2011-06-22 23:39 -------- d-----w- c:\users\Frank\AppData\Local\NPE
2011-06-22 03:03 . 2011-06-22 03:03 -------- d-----w- c:\windows\PIF
2011-06-22 02:33 . 2011-06-22 02:33 -------- d-----w- c:\windows\system32\log
2011-06-22 01:13 . 2011-06-22 01:13 -------- d-----w- c:\users\Frank\AppData\Roaming\f-secure
2011-06-22 01:12 . 2011-06-22 01:12 -------- d-----w- c:\programdata\F-Secure
2011-06-21 23:50 . 2010-05-26 14:39 6144 ------w- c:\windows\system32\1028.tmp
2011-06-21 23:49 . 2010-05-26 14:39 6144 ------w- c:\windows\system32\315D.tmp
2011-06-21 23:48 . 2010-05-26 14:39 6144 ------w- c:\windows\system32\2442.tmp
2011-06-19 11:51 . 2010-11-30 15:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AE0B7ED-D61F-4FB3-9845-6BC2E6A364A7}\gapaengine.dll
2011-06-19 00:53 . 2011-06-19 00:53 -------- d-----w- c:\users\Frank\AppData\Roaming\Malwarebytes
2011-06-19 00:52 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-19 00:52 . 2011-06-19 00:52 -------- d-----w- c:\programdata\Malwarebytes
2011-06-19 00:52 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-16 21:03 . 2011-06-16 21:09 35712 ----a-w- c:\windows\system32\drivers\RKULE.sys
2011-06-16 20:58 . 2011-06-16 20:58 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2011-06-14 02:21 . 2011-06-16 20:56 -------- d-----w- c:\programdata\PC Tools
2011-06-09 01:30 . 2011-06-09 01:30 -------- d-----w- c:\program files\iPod
2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-05-29 20:30 . 2011-05-29 20:30 -------- d-----w- c:\users\Frank\AppData\Roaming\HandBrake
2011-05-29 20:30 . 2011-05-29 20:30 -------- d-----w- c:\users\Frank\AppData\Local\HandBrake
2011-05-29 18:38 . 2011-06-25 04:06 -------- d-----w- c:\programdata\Skype Extras
2011-05-29 18:38 . 2011-05-29 18:38 -------- d-----w- c:\program files\Common Files\Skype
2011-05-29 02:41 . 2011-05-29 02:41 -------- d-----w- c:\users\Frank\AppData\Roaming\Symantec
2011-05-29 01:32 . 2011-05-29 01:32 -------- d-----w- c:\users\Frank\AppData\Local\Symantec_Corporation
2011-05-29 01:15 . 2011-05-29 01:15 -------- d-----w- c:\program files\Symantec
2011-05-29 01:15 . 2009-10-02 02:03 131000 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2011-05-29 01:14 . 2009-09-22 00:20 138592 ----a-w- c:\windows\system32\drivers\symsnap.sys
2011-05-29 01:14 . 2009-09-22 00:40 15096 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2011-05-29 01:13 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-05-29 01:13 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-05-29 01:12 . 2011-06-22 23:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-05-29 01:12 . 2011-06-25 02:40 -------- d-----w- c:\programdata\Symantec
2011-05-29 01:12 . 2011-05-29 01:12 -------- d-----w- c:\programdata\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-25 03:55 . 2010-08-22 00:31 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-06-25 03:55 . 2010-08-21 23:50 57752 ----a-w- c:\windows\system32\rpcnet.dll
2011-06-25 01:37 . 2010-08-22 00:33 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2011-06-25 01:03 . 2011-05-21 00:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-07 15:55 . 2010-08-23 22:58 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-29 00:12 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-06 68856]
"RoboForm"="f:\utilities\Programs\AI Roboform\RoboTaskBarIcon.exe" [2010-08-23 160592]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-27 15147400]
"SUPERAntiSpyware"="f:\utilities\System\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-29 2012912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-07-18 775952]
"BCSSync"="e:\microsoft office 2010\Office14\BCSSync.exe" [2010-03-13 91520]
"LogMeIn GUI"="f:\utilities\Programs\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"UnlockerAssistant"="f:\utilities\System\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"ETDUSBWare"="c:\program files\Elan\USB\ETDUSBCtrl.exe" [2009-02-20 364544]
"Absolute Notifier"="c:\program files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"AmazonGSDownloaderTray"="f:\applications\Internet\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\utilities\System\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- f:\utilities\System\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- f:\applications\Music\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 15.0]
2010-03-03 23:39 2598760 ----a-w- f:\utilities\System\Norton Ghost\Agent\VProTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-06-13 12:16 528384 ----a-r- f:\applications\Miscellaneous\Sony PC Suite\Application Launcher\Application Launcher.exe
.
R1 MpKsl037b702b;MpKsl037b702b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15E3CAEA-2FDB-478F-A3B0-DC6BA1740FEA}\MpKsl037b702b.sys [x]
R1 MpKsldbc16fdb;MpKsldbc16fdb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15E3CAEA-2FDB-478F-A3B0-DC6BA1740FEA}\MpKsldbc16fdb.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 136176]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456]
R3 GenericMount Helper Service;GenericMount Helper Service;f:\utilities\System\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2010-02-12 1574408]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 136176]
R3 hidflt;Elan HID/USB Mouse Driver;c:\windows\system32\DRIVERS\ETDUSB.sys [2009-02-06 25088]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\B192.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\microsoft office 2010\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 11104]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\utilities\Programs\SiSoftware Sandra Professional Business 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-11-02 7168]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 BlackBox;BlackBox SR2; [x]
S0 RKULE;BlackBox SR2; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S1 Ext2fs;Ext2fs;c:\windows\system32\DRIVERS\ext2fs.sys [2008-09-25 189888]
S1 IfsMount;IfsMount;c:\windows\system32\DRIVERS\ifsmount.sys [2008-08-29 60352]
S1 MpKsl3c83a6e7;MpKsl3c83a6e7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB61E8FB-2A7B-49CE-A6D9-BB2E42D5DB0D}\MpKsl3c83a6e7.sys [2011-06-25 28752]
S1 SASDIFSV;SASDIFSV;f:\utilities\System\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;f:\utilities\System\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 Amazon Download Agent;Amazon Download Agent;f:\applications\Internet\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
S2 LMIGuardianSvc;LMIGuardianSvc;f:\utilities\Programs\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;f:\utilities\Programs\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 237056]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-09-08 484352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2010-02-12 57840]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-07 148056]
S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 144672]
S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-07-31 268672]
S3 physX32;physX32;c:\windows\system32\DRIVERS\physX32.sys [2007-06-26 117888]
S3 SASENUM;SASENUM;f:\utilities\System\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
S3 SymSnapService;SymSnapService;f:\utilities\System\Norton Ghost\Shared\Drivers\SymSnapService.exe [2009-09-22 1964528]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL3C83A6E7
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 01:43]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 01:43]
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-470704285-634350156-1256116804-1000Core.job
- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 01:43]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-470704285-634350156-1256116804-1000UA.job
- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 01:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080606
uInternet Settings,ProxyOverride = *.local
IE: &Subscribe with ArchosLink - file://f:\applications\Multimedia\Archoslink\\script.js
IE: Customize Menu - file://f:\utilities\Programs\AI Roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - e:\micros~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://f:\utilities\Programs\AI Roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://f:\utilities\Programs\AI Roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://f:\utilities\Programs\AI Roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - e:\micros~2\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-COMODO - c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe
MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
MSConfigStartUp-CPA - c:\program files\COMODO\COMODO GeekBuddy\VALA.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-25 00:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\B192.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-25 00:26:49
ComboFix-quarantined-files.txt 2011-06-25 04:26
ComboFix2.txt 2011-06-25 01:33
.
Pre-Run: 7,565,619,200 bytes free
Post-Run: 7,515,713,536 bytes free
.
- - End Of File - - 362CB2FAEDD990C831EF9634B530596F

#10 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 25 June 2011 - 01:33 AM

Hello

even though I've checked the box that says to list recently-used (or most-used) programs in the Start Menu, they don't show. - http://www.vistax64.com/tutorials/89631-recent-programs-not-being-remembered.html

I would ike to see a report that combofix makes.

extra combofix report

push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
please copy and past the following into the box

C:\Qoobox\Add-Remove Programs.txt

click ok

copy and paste the report into this topic for me to review

Gringo

<-- Don't worry every little bit helps.

#11 Franico

Member

Group: Members
Posts: 15
Joined: 14-June 11

Posted 25 June 2011 - 09:08 AM

Here is the Add-Remove Programs list:

µTorrent
32 Bit HP CIO Components Installer
6400_Help
Absolute Notifier
AC BOL Combo
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Advanced Audio FX Engine
Advanced Video FX Engine
Advertising Center
AGEIA PhysX v7.06.26
AI RoboForm (All Users)
Airport Mania
Amazon Games & Software Downloader
Amazon MP3 Downloader 1.0.10
Any Video Converter 3.2.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArchosLink
Ashampoo Music Studio 3 3.51
Audacity 1.3.9 (Unicode)
Big Kahuna Reef
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Broadcom Management Programs
Browser Address Error Redirector
BufferChm
Bulk Rename Utility 2.7.1.2
Business Card Designer Plus 9.5.0.1
CCleaner
CDisplay 1.8
Compatibility Pack for the 2007 Office system
Complete Care Consumer Service Agreement
Coupon Printer for Windows
COWON Media Center - jetAudio Plus VX
Crazy Machines
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Dell DataSafe Online
Dell Driver Download Manager
Dell Getting Started Guide
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
DVD Decrypter (Remove Only)
e-Sword
EASEUS Partition Master 8.0.1 Home Edition
EDocs
eSupportQFolder
EVEREST Ultimate Edition v5.02
Ext2 IFS 1.11a for Windows Vista/2008
Fax
Flac2CD 3.6.3
FormatFactory 2.60
Free M4a to MP3 Converter 6.2
Ghost Pirates
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 10.0
HP Officejet J6400 Series
HP Photosmart Essential 2.5
HP Solution Center 13.0
HP Update
HP_Network_UserGuide
HPProductAssistant
Hyperlink Checker for Microsoft Word 1.3
Icon Restore 1.0
Intel® Matrix Storage Manager
Intel® PROSet/Wireless Software
iTunes
J6400
Java™ 6 Update 5
Lame ACM MP3 Codec
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
LiveUpdate 3.2 (Symantec Corporation)
Logitech Gaming LCD Software 1.04
LogMeIn
LoJack Factory Installer
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware version 1.51.0.1200
mCore
MediaDirect
Mesh Runtime
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Run Time Lib Setup
Microsoft Works
MiniTool Partition Wizard Home Edition 6.0
mMHouse
Monitor Webcam Driver (1.01.02.0804)
mPfMgr
MrSID Viewer
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
mWMI
Nancy Drew Dossier: Lights, Camera, Curses!
Nero 9 Lite
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
neroxml
Network
Next Video Converter 3.51
Norton Ghost
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
OpenAL
OutlookAddinSetup
PC Wizard 2010.1.94
PerformanceTest v7.0
PhotoFiltre
Product Documentation Launcher
ProductContext
PropertiesPlus (Remove Only)
PSSWCORE
QualXServ Service Agreement
QuickSet
QuickTime
Revo Uninstaller 1.92
Ricochet Xtreme
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
RUNAWAY: A TWIST OF FATE (English)
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Segoe UI
Sibelius 6.2.0.88
SiSoftware Sandra Professional Business 2010.SP2
Skype Toolbars
Skype™ 5.3
Smart Defrag 2
SmartPad Software 1.0
SolutionCenter
SolveigMM AVI Trimmer
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Status
SUPERAntiSpyware Free Edition
Swiff Player 1.7
Switch Sound File Converter
SyncToy 2.1 (x86)
Toolbox
TrayApp
TreeSize Professional 5.3.4
Trim Spaces for Excel 1.3
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2010 wsciper
TweakUAC
UHS Reader (Version 6.10)
Unity Web Player
UnloadSupport
Unlocker 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update Service
Version 6.0 (Build 20090918)
Video Converter Factory Pro
VideoToolkit01
Vista Codec Package
VOB2MPG v3
WD SmartWare
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver

#12 Franico

Member

Group: Members
Posts: 15
Joined: 14-June 11

Posted 25 June 2011 - 09:21 AM

Two other quick comments: I followed the instructions for recovering my Recent Items. Indeed, the Recent Items folder was gone, and had to be re-created. I checked that the Registry was correct, etc. And "Recent Items" was added to the second column of my Start Menu.

However, nothing goes in there! Nothing shows in the left column, either, except the two that are pinned there -- Internet Explorer and E-mail. And if I select the "Recent Items" link in the second column, it just shows "<empty>". Everything looks good; but nothing is showing up. I have *both* boxes checked (to show recently opened files, and recently opened programs), but no results.

Second, I forgot to mention that I have desktop.ini files popping up ALL OVER my system. Many, many of the folders that I open now have desktop.ini files in them, when they didn't before. The most annoying is that when I boot to a clean system, at least one desktop.ini file is opened in Notepad on my desktop -- and sometimes *two*. What is causing this to happen? And how do I get rid of them?

BTW, one other thing that appears to be fixed is that I now seem to have all of my Control Panel icons back again! About half of them were gone; it was a very short list. Now they all seem to be there, so that's progress!

Thanks again for all of your suggestions. Let me know what other information I can provide for you.

#13 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 25 June 2011 - 05:42 PM

Hello

In the first of the web page it says to make sure to check a setting - check that setting again, make sure it is not set at zero

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter

File sharing infects 500,000 computers

USAToday

infoworld

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

start

settings

control panel

add/remove programs

Adobe Reader X (10.1.0)
Java™ 6 Update 5

remove

Update Adobe Reader

http://www.adobe.com/products/acrobat/readstep2.html

Adobe Reader

here

Note:

AskBar

Install Java:

Please go here to install Java

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close

Clear your Java Cache

click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

Please download TFC to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

Go Here to download HijackThis Installer
Save HijackThis Installer to your desktop.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

In your next post I need the following

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Gringo

<-- Don't worry every little bit helps.

#14 Franico

Member

Group: Members
Posts: 15
Joined: 14-June 11

Posted 27 June 2011 - 06:28 AM

OK, you asked for a MalwareBytes log, and a HiJack This log. I include both of those below. But you also asked how the computer is doing, and I wanted to make a few comments at the beginning here, before the log files.

First, I still seem to have at least two annoying problems that I can't get to go away. One is the desktop.ini files that are popping up all over the place -- including in my Start Menu folder. This means that every time I boot, one or two desktop.ini files are opened in Notepad on my desktop every time. This is frustrating, because I don't know how to get rid of them (or all of the ones appearing in other folders, as well).

Second, I have followed all of the instructions, and still cannot get my Recent Programs to show in the Start Menu (left side, under the "pinned" programs). I did get the Recent Items folder re-created successfully; and items do go in there now, and show on my "Recent Items" Start Menu list. But those are the *files* that I have opened recently -- not the programs. Nor can I find the place where I specify *how many* "recent programs" I want to list. Where are those stored? And how do I get them back again?

One other question: How do I *remove* Services? I know how to turn off a Running service. But not how to remove it completely. I think that there are services on my system that I no longer need AT ALL.

Thank you again for all of your help. Following are the two log files. You will note that MalwareBytes did not find any problems at all; so there was nothing to Remove.

================================================================

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6954

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

6/26/2011 1:30:34 PM
mbam-log-2011-06-26 (13-30-34).txt

Scan type: Quick scan
Objects scanned: 177942
Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

=============================================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:38:09 PM, on 6/26/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
F:\Utilities\System\Smart Defrag 2\SmartDefrag.exe
F:\Utilities\Programs\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
F:\Utilities\System\Unlocker\UnlockerAssistant.exe
C:\Program Files\ELAN\USB\ETDUSBCtrl.exe
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
F:\Applications\Internet\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Utilities\Programs\AI Roboform\robotaskbaricon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
F:\Utilities\System\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
F:\Utilities\System\Malwarebytes Anti-Malware\mbam.exe
E:\Microsoft Office 2010\Office14\WINWORD.EXE
C:\Windows\system32\NOTEPAD.EXE
I:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - F:\Utilities\Programs\AI Roboform\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Utilities\Programs\AI Roboform\roboform.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [BCSSync] "E:\Microsoft Office 2010\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [LogMeIn GUI] "F:\Utilities\Programs\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\Utilities\System\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ETDUSBWare] C:\Program Files\Elan\USB\ETDUSBCtrl.exe
O4 - HKLM\..\Run: [Absolute Notifier] "C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] F:\Applications\Internet\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RoboForm] "F:\Utilities\Programs\AI Roboform\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Utilities\System\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Subscribe with ArchosLink - file://F:\Applications\Multimedia\Archoslink\\script.js
O8 - Extra context menu item: Customize Menu - file://F:\Utilities\Programs\AI Roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://F:\Utilities\Programs\AI Roboform\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://F:\Utilities\Programs\AI Roboform\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://F:\Utilities\Programs\AI Roboform\RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res://E:\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office 2010\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office 2010\Office14\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Utilities\Programs\AI Roboform\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Utilities\Programs\AI Roboform\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Utilities\Programs\AI Roboform\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Utilities\Programs\AI Roboform\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Utilities\Programs\AI Roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Utilities\Programs\AI Roboform\RoboFormComShowToolbar.html
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - F:\Utilities\System\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Amazon Download Agent - Amazon.com - F:\Applications\Internet\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GenericMount Helper Service - Symantec - F:\Utilities\System\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - F:\Utilities\Programs\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Utilities\Programs\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Utilities\Programs\LogMeIn\x86\LogMeIn.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - F:\Utilities\System\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - F:\Utilities\Programs\SiSoftware Sandra Professional Business 2010.SP2\RpcAgentSrv.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SymSnapService - Symantec - F:\Utilities\System\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 14549 bytes

#15 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 27 June 2011 - 08:12 AM

Quote

One is the desktop.ini files that are popping up all over the place -- including in my Start Menu folder.

these are normal and normaly are hidden when I give the all clear and you finish the instrustions they should be hidden again
http://www.tech-recipes.com/rx/1521/how_to_view_hidden_and_system_files_and_folders_in_vista/

Quote

still cannot get my Recent Programs to show in the Start Menu

go to step one then do step two and go back to step one to double check the settings
http://www.vistax64.com/tutorials/89631-recent-programs-not-being-remembered.html

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

NOTE**You can research each of those lines >here< and see if you want to keep them or not
just copy the name between the brakets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
- Click Start
When asked, allow the activex control to install
- Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options
Click Scan
Wait for the scan to finish
Click on copy to clipboard and paste the results here in this topic
you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt