Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware help : google redirect problem


  • This topic is locked This topic is locked
23 replies to this topic

#1 kyro2002

kyro2002

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 31 December 2009 - 09:25 PM

each time i open a tab from google i get hxxp://searching4all.com/search.php


malawarebytes report

Malwarebytes' Anti-Malware 1.43
Database version: 3465
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/01/2010 12:18:40 PM
mbam-log-2010-01-01 (12-18-40).txt

Scan type: Quick Scan
Objects scanned: 102410
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DDS Report

DDS (Ver_09-12-01.01) - NTFSx86
Run by Hermann Family at 12:20:12.33 on Fri 01/01/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3580.2407 [GMT 10:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\BUFFALO\clientmgrv\bin\BWH32S.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BUFFALO\clientmgrv\bin\cmvMain.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Hermann Family\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Presario&pf=cnnb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\client~1.lnk - c:\program files\buffalo\clientmgrv\bin\cmvMain.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office14\officesas\officeSASscheduler.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\d3d10warp32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\herman~1\appdata\roaming\mozilla\firefox\profiles\23xhydsx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-12-5 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-12-5 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-12-5 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091217.002\IDSvix86.sys [2009-12-19 343088]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2009-10-11 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-3 176128]
R2 BWH32S;BWH32S;c:\program files\buffalo\clientmgrv\bin\BWH32S.exe [2009-12-3 57648]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-12-5 117640]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-17 228408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-6 102448]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-30 38224]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-10-11 167936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1007020.00b\symndisv.sys [2009-12-5 48688]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-10-11 28344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 Bufeap;BUFFALO EAP Driver;c:\windows\system32\drivers\bufeap.sys [2009-12-3 14848]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-11 167424]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

=============== Created Last 30 ================

2009-12-30 20:01:45 0 d-----w- c:\program files\Microsoft Synchronization Services
2009-12-30 19:57:38 0 d-----w- c:\program files\Microsoft Analysis Services
2009-12-30 17:00:34 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-30 10:27:18 0 d-----w- c:\programdata\IncrediMail
2009-12-30 10:27:18 0 d-----w- c:\programdata\IM
2009-12-30 08:31:20 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-30 08:31:08 0 d-----w- c:\users\herman~1\appdata\roaming\SUPERAntiSpyware.com
2009-12-30 08:31:08 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-30 08:30:32 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-30 08:19:44 0 d-----w- c:\users\herman~1\appdata\roaming\Malwarebytes
2009-12-30 08:19:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 08:19:36 0 d-----w- c:\programdata\Malwarebytes
2009-12-30 08:19:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 08:19:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-29 11:09:36 0 d-----w- c:\users\herman~1\appdata\roaming\Qualcomm
2009-12-29 11:08:39 48640 ----a-w- c:\windows\system32\INETWH32.DLL
2009-12-29 11:08:39 317952 ----a-w- c:\windows\system32\Roboex32.dll
2009-12-29 11:08:39 1712128 ----a-w- c:\windows\system32\gdiplus.dll
2009-12-29 11:08:39 0 d-----w- c:\program files\Qualcomm
2009-12-29 09:49:33 1372 ----a-w- c:\users\herman~1\appdata\roaming\qpb7LzcbbYuwXeT.vbs
2009-12-29 09:49:20 1372 ----a-w- c:\users\herman~1\appdata\roaming\WuGmj.vbs
2009-12-29 09:44:39 1372 ----a-w- c:\users\herman~1\appdata\roaming\GiE6ytY.vbs
2009-12-29 09:43:02 1372 ----a-w- c:\users\herman~1\appdata\roaming\9sInje4gQ5wSQ.vbs
2009-12-29 09:39:13 1372 ----a-w- c:\users\herman~1\appdata\roaming\DtmO7RQ.vbs
2009-12-29 09:37:41 0 d-sh--w- c:\users\herman~1\appdata\roaming\SystemProc
2009-12-29 09:37:35 1372 ----a-w- c:\users\herman~1\appdata\roaming\9SGsfpMwDp2kb.vbs
2009-12-27 09:03:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-27 08:52:43 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2009-12-27 08:52:19 0 d-----w- c:\programdata\Research In Motion
2009-12-27 08:21:32 0 d-----w- c:\users\herman~1\appdata\roaming\Research In Motion
2009-12-27 02:24:51 0 d-----w- c:\programdata\InstallShield
2009-12-27 02:24:43 0 d-----w- c:\programdata\Sonic
2009-12-27 02:23:15 0 d-----w- c:\program files\common files\PX Storage Engine
2009-12-27 02:22:47 0 d-----w- c:\programdata\Roxio
2009-12-27 02:22:47 0 d-----w- c:\program files\Roxio
2009-12-27 02:22:47 0 d-----w- c:\program files\common files\Sonic Shared
2009-12-27 02:17:39 0 d-----w- c:\program files\common files\Research In Motion
2009-12-27 02:17:31 0 d-----w- c:\program files\Research In Motion
2009-12-12 05:14:54 292269342 ----a-w- c:\windows\MEMORY.DMP
2009-12-11 08:23:23 0 d-----w- c:\users\herman~1\appdata\roaming\HP Support Assistant
2009-12-11 08:23:21 0 d-----w- c:\users\herman~1\appdata\roaming\HpUpdate
2009-12-09 03:27:04 0 d-----w- c:\programdata\Gogii
2009-12-08 20:16:54 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-08 20:14:15 0 d-----r- c:\program files\Skype
2009-12-08 20:14:10 0 d-----w- c:\programdata\Skype
2009-12-07 20:33:53 0 d-----w- c:\program files\AviSynth 2.5
2009-12-07 20:16:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-06 04:43:35 0 d-----w- c:\users\herman~1\appdata\roaming\PDF Writer
2009-12-06 04:43:35 0 d-----w- c:\programdata\PDF Writer
2009-12-05 17:16:03 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-05 17:08:08 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-05 17:02:04 0 d-----w- c:\program files\MSXML 4.0
2009-12-05 09:54:25 1712 ----a-w- c:\windows\system32\BioPdf.PdfWriter.Lib.tlb
2009-12-05 09:54:22 6144 ----a-w- c:\windows\system32\BioPdf.PdfWriter.Lib.dll
2009-12-05 09:54:21 227840 ----a-w- c:\windows\system32\bzFlRdr.dll
2009-12-05 09:54:21 131072 ----a-w- c:\windows\system32\bzpdfc.dll
2009-12-05 09:54:21 103424 ----a-w- c:\windows\system32\bzDCT.dll
2009-12-05 09:54:21 0 d-----w- c:\program files\common files\Bullzip
2009-12-05 09:54:19 194560 ----a-w- c:\windows\system32\bzpdf.dll
2009-12-05 09:54:18 140288 ----a-w- c:\windows\system32\comdlg32.OCX
2009-12-05 09:54:17 0 d-----w- c:\program files\Bullzip
2009-12-05 09:49:09 0 d-----w- c:\programdata\FlashFXP
2009-12-05 08:58:11 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-12-05 08:58:08 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-12-05 08:58:08 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-12-05 08:58:07 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-12-05 08:58:07 507568 ----a-w- c:\windows\system32\winload.exe
2009-12-05 08:58:07 442920 ----a-w- c:\windows\system32\winresume.exe
2009-12-05 08:58:07 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-12-05 08:58:07 2613248 ----a-w- c:\windows\explorer.exe
2009-12-05 08:58:07 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-12-05 08:58:07 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-12-05 08:15:21 0 d-----w- c:\users\hermann family\Tracing
2009-12-05 08:10:55 0 d-----w- c:\program files\Microsoft
2009-12-05 07:47:13 0 d-----w- c:\program files\uTorrent
2009-12-05 07:46:14 0 d-----w- c:\users\herman~1\appdata\roaming\uTorrent
2009-12-04 00:41:46 0 d-----w- c:\programdata\Sony Online Entertainment
2009-12-03 09:10:17 14848 ----a-w- c:\windows\system32\drivers\bufeap.sys
2009-12-03 09:10:04 0 d-----w- c:\program files\BUFFALO
2009-12-02 20:21:56 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-12-02 20:21:49 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-02 20:21:49 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-02 20:21:49 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-02 20:21:46 0 d-----w- c:\program files\common files\Symantec Shared
2009-12-02 09:47:14 0 d-----w- c:\users\herman~1\appdata\roaming\WildTangent
2009-12-02 08:48:54 0 d-----w- c:\users\herman~1\appdata\roaming\hpqlog
2009-12-02 08:41:22 0 d-----w- c:\users\herman~1\appdata\roaming\HP TCS
2009-12-02 08:39:39 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Presario CQ61 Notebook PC_Y5335KV_0U_QCNF9413NFQ_E575236-371_4A_I3652_SQuanta_V42.14_F.07_T091010_WU3-0_L409_M3581_J320_7AMD_8F62_92.10_#091202_N10EC8136;168C002B_(VX306PA#ABG)_XMOBILE_CN10_Z.MRK

==================== Find3M ====================

2009-10-10 18:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-24 16:10:31 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:20:40.89 ===============



hope you can help

Edited by Orange Blossom, 31 December 2009 - 09:31 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:56 PM

Posted 10 January 2010 - 08:10 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 kyro2002

kyro2002
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 13 January 2010 - 05:19 AM

OTL


OTL logfile created on: 1/13/2010 8:13:06 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Hermann Family\Documents\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.85 Gb Total Space | 218.64 Gb Free Space | 76.49% Space Free | Partition Type: NTFS
Drive D: | 11.95 Gb Total Space | 1.99 Gb Free Space | 16.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HERMANNFAMILY
Current User Name: Hermann Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/07 05:57:00 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/01 11:34:21 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Hermann Family\My Documents\Downloads\OTL.exe
PRC - [2009/12/16 16:26:56 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/12/05 17:47:15 | 00,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/11/19 22:29:16 | 00,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/11/18 12:47:14 | 01,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/11/04 11:35:26 | 15,765,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/09/30 19:58:42 | 00,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/09/26 05:00:52 | 00,429,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
PRC - [2009/09/26 05:00:52 | 00,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2009/09/26 04:28:22 | 04,639,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009/08/22 17:25:16 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/03 20:05:02 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
PRC - [2009/08/03 15:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/24 04:04:42 | 00,498,744 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2009/07/22 11:33:32 | 00,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/07/22 11:33:32 | 00,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
PRC - [2009/07/16 10:51:42 | 01,668,664 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2009/07/15 09:14:34 | 00,103,720 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2009/07/15 09:14:32 | 01,541,416 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/07/14 11:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/10 08:00:30 | 00,124,928 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2009/07/03 04:16:24 | 00,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/03 04:15:54 | 00,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/02 08:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/06/25 07:57:28 | 00,320,056 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2009/06/24 15:34:22 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hp\QuickPlay\QPService.exe
PRC - [2009/06/18 05:21:20 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/05/06 03:11:50 | 00,228,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2009/05/01 08:58:44 | 00,229,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2009/04/23 10:38:50 | 00,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/23 10:37:16 | 00,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/03/28 12:10:56 | 00,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/03 07:43:08 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
PRC - [2009/01/22 04:47:38 | 00,247,152 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2008/12/09 07:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
PRC - [2008/08/26 12:23:20 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2008/08/26 12:23:14 | 00,236,016 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2008/08/26 12:23:02 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
PRC - [2008/08/26 12:21:36 | 00,018,416 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2007/12/26 15:41:00 | 00,138,544 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\clientmgrv\bin\cmvMain.exe
PRC - [2007/12/26 15:41:00 | 00,057,648 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\clientmgrv\bin\BWH32S.exe
PRC - [2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010/01/01 11:34:21 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Hermann Family\My Documents\Downloads\OTL.exe
MOD - [2009/07/14 11:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 11:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 11:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 11:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 11:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 11:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 11:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 11:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 11:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 11:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 11:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/09 20:13:23 | 00,194,032 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/12/24 17:04:51 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/11/14 06:13:04 | 00,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/26 04:28:22 | 04,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/26 03:31:58 | 00,149,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/08/22 17:25:16 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/07/22 11:33:32 | 00,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe -- (STacSV)
SRV - [2009/07/14 11:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 11:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 11:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 11:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 11:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 11:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 11:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 11:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 11:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 11:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 11:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 11:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 11:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 11:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 11:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 11:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 11:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 11:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 11:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/10 08:00:30 | 00,124,928 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2009/07/03 04:15:54 | 00,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/06/18 05:21:20 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/05/06 03:11:50 | 00,228,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2009/05/01 08:58:44 | 00,229,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2009/03/28 12:10:56 | 00,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/03 07:43:08 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/22 04:47:38 | 00,247,152 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/08/26 12:23:24 | 00,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2008/08/26 12:23:20 | 00,170,480 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2008/08/26 12:23:02 | 01,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/12/26 15:41:00 | 00,057,648 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\clientmgrv\bin\BWH32S.exe -- (BWH32S)
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/12/16 16:27:00 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 16:26:58 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 16:26:56 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/05 18:53:24 | 00,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1007020.00B\ccHPx86.sys -- (ccHP)
DRV - [2009/12/04 14:57:12 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/12/04 14:57:12 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/04 14:57:12 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/04 14:57:12 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.025\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/03 06:21:46 | 00,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/29 08:37:22 | 00,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/09/22 02:45:12 | 01,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/22 17:25:17 | 00,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1007020.00B\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 17:25:17 | 00,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1007020.00B\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 17:25:17 | 00,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 17:25:17 | 00,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 17:25:17 | 00,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1007020.00B\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 17:25:17 | 00,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 17:25:17 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1007020.00B\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/17 07:38:34 | 00,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/07/22 11:33:32 | 00,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/15 09:16:34 | 00,212,656 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/14 11:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 11:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 11:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 11:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 11:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 11:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 11:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 11:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 11:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 11:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 11:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 11:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 11:20:44 | 00,044,624 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 11:20:37 | 00,089,168 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 11:20:36 | 00,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 11:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 11:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 11:20:36 | 00,096,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 11:20:36 | 00,095,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 11:20:36 | 00,054,864 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 11:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 11:20:36 | 00,030,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 11:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 11:20:28 | 00,453,712 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 11:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 11:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 11:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 11:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 11:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 11:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 11:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 11:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 11:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 11:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 11:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 11:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 11:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 11:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 11:19:04 | 00,021,072 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 11:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 10:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 10:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 10:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 09:55:21 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2009/07/14 09:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 09:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 09:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 09:52:10 | 00,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 09:52:04 | 00,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 09:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 09:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 09:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 09:51:11 | 00,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 09:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 09:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 09:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 09:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 09:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 09:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 09:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 09:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 09:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 08:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 08:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 08:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 08:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 08:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 08:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 08:13:46 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/14 08:13:45 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/14 08:13:45 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/14 08:02:52 | 00,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/14 08:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 08:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 08:02:48 | 01,131,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/07/14 08:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/14 06:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/07/03 04:50:48 | 04,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/06/25 04:59:10 | 00,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/06/05 23:28:12 | 00,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/05/23 16:52:04 | 00,167,936 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/05/05 15:30:28 | 00,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/04/30 01:46:54 | 00,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/07 11:12:44 | 01,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/03/09 23:49:08 | 00,028,344 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/01/09 16:18:02 | 00,027,136 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2008/05/20 19:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/02/21 12:34:00 | 00,014,848 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bufeap.sys -- (Bufeap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 99 5D F3 17 B9 F2 55 40 83 53 7E 6B 2D 79 E2 CB [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 99 5D F3 17 B9 F2 55 40 83 53 7E 6B 2D 79 E2 CB [binary data]

IE - HKU\S-1-5-21-2490328804-526683994-3736760034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
IE - HKU\S-1-5-21-2490328804-526683994-3736760034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-2490328804-526683994-3736760034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-2490328804-526683994-3736760034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 D6 8B 3C 82 79 CA 01 [binary data]
IE - HKU\S-1-5-21-2490328804-526683994-3736760034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 99 5D F3 17 B9 F2 55 40 83 53 7E 6B 2D 79 E2 CB [binary data]
IE - HKU\S-1-5-21-2490328804-526683994-3736760034-1000\S-1-5-21-2490328804-526683994-3736760034-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {af79f858-4b25-4ca4-822b-b5db1be628fc}:0.2.5.6
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {858f7b0f-4005-403c-ad70-3d26187eb5ad}:1.0
FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 05:57:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 05:57:01 | 00,000,000 | ---D | M]

[2009/12/29 20:54:52 | 00,000,000 | ---D | M] -- C:\Users\Hermann Family\AppData\Roaming\Mozilla\Extensions
[2009/12/29 20:54:52 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Hermann Family\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/12/29 19:13:01 | 00,000,000 | ---D | M] -- C:\Users\Hermann Family\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/13 14:47:38 | 00,000,000 | ---D | M] -- C:\Users\Hermann Family\AppData\Roaming\Mozilla\Firefox\Profiles\23xhydsx.default\extensions
[2009/12/29 19:55:30 | 00,000,000 | ---D | M] (XUL Cache) -- C:\Users\Hermann Family\AppData\Roaming\Mozilla\Firefox\Profiles\23xhydsx.default\extensions\{858f7b0f-4005-403c-ad70-3d26187eb5ad}
[2009/12/21 17:59:40 | 00,000,000 | ---D | M] (BBCodeXtra) -- C:\Users\Hermann Family\AppData\Roaming\Mozilla\Firefox\Profiles\23xhydsx.default\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}
[2009/12/06 07:23:49 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Hermann Family\AppData\Roaming\Mozilla\Firefox\Profiles\23xhydsx.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/05 18:15:16 | 00,000,000 | ---D | M] -- C:\Users\Hermann Family\AppData\Roaming\Mozilla\Firefox\Profiles\23xhydsx.default\extensions\ChoiceGuard@Microsoft
[2009/12/05 19:25:42 | 00,002,171 | ---- | M] () -- C:\Users\Hermann Family\AppData\Roaming\Mozilla\Firefox\Profiles\23xhydsx.default\searchplugins\bing.xml
[2009/12/30 20:25:30 | 00,002,149 | ---- | M] () -- C:\Users\Hermann Family\AppData\Roaming\Mozilla\Firefox\Profiles\23xhydsx.default\searchplugins\MyStart Search.xml
[2010/01/07 18:51:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2490328804-526683994-3736760034-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-2490328804-526683994-3736760034-1000..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-2490328804-526683994-3736760034-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2490328804-526683994-3736760034-1000..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-2490328804-526683994-3736760034-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-2490328804-526683994-3736760034-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2490328804-526683994-3736760034-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2490328804-526683994-3736760034-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-2490328804-526683994-3736760034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\d3d10warp32.dll) - C:\Windows\System32\d3d10warp32.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/13 19:01:31 | 00,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/01/09 20:24:04 | 00,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/01/09 20:24:04 | 00,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/01/09 20:23:55 | 00,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/01/09 20:23:54 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/01/09 20:23:29 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/01/09 20:23:06 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/09 20:23:06 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\AppData\Roaming\PC Tools
[2010/01/09 20:23:06 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/01/09 20:23:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/09 20:13:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2009/12/31 06:01:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/12/31 05:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2009/12/31 05:57:05 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\AppData\Local\Microsoft Help
[2009/12/31 03:00:34 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/12/30 20:27:40 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\AppData\Local\IM
[2009/12/30 20:27:18 | 00,000,000 | ---D | C] -- C:\ProgramData\IncrediMail
[2009/12/30 20:27:18 | 00,000,000 | ---D | C] -- C:\ProgramData\IM
[2009/12/30 19:00:14 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\Documents\Youcam
[2009/12/30 18:31:20 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/12/30 18:31:08 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\AppData\Roaming\SUPERAntiSpyware.com
[2009/12/30 18:31:08 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/30 18:30:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/12/30 18:19:44 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\AppData\Roaming\Malwarebytes
[2009/12/30 18:19:37 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 18:19:36 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/30 18:19:35 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/30 18:19:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/29 21:09:36 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\AppData\Roaming\Qualcomm
[2009/12/29 21:08:39 | 01,712,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2009/12/29 21:08:39 | 00,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\Roboex32.dll
[2009/12/29 21:08:39 | 00,048,640 | ---- | C] (Blue Sky Software) -- C:\Windows\System32\INETWH32.DLL
[2009/12/29 21:08:39 | 00,000,000 | ---D | C] -- C:\Program Files\Qualcomm
[2009/12/29 20:54:44 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\AppData\Roaming\Thunderbird
[2009/12/29 20:54:44 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\AppData\Local\Thunderbird
[2009/12/29 20:20:57 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\AppData\Roaming\InstallShield
[2009/12/29 19:37:41 | 00,000,000 | -HSD | C] -- C:\Users\Hermann Family\AppData\Roaming\SystemProc
[2009/12/29 19:18:33 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\Documents\Incomplete
[2009/12/29 19:13:11 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\Documents\LimeWire
[2009/12/27 19:36:44 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\AppData\Roaming\Roxio
[2009/12/27 18:52:43 | 00,027,136 | ---- | C] (Research in Motion Ltd) -- C:\Windows\System32\drivers\RimSerial.sys
[2009/12/27 18:52:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2009/12/27 18:21:32 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\AppData\Roaming\Research In Motion
[2009/12/27 12:24:51 | 00,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2009/12/27 12:24:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2009/12/27 12:24:13 | 00,000,000 | R--D | C] -- C:\Users\Hermann Family\Downloads
[2009/12/27 12:24:13 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\AppData\Local\Programs
[2009/12/27 12:23:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/12/27 12:22:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2009/12/27 12:22:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2009/12/27 12:22:47 | 00,000,000 | ---D | C] -- C:\Program Files\Roxio
[2009/12/27 12:22:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2009/12/27 12:17:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2009/12/27 12:17:31 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2009/12/24 17:04:54 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/12/14 22:15:16 | 00,000,000 | ---D | C] -- C:\Users\Hermann Family\Documents\My Received Files

========== Files - Modified Within 30 Days ==========

[2010/01/13 20:15:32 | 02,621,440 | -HS- | M] () -- C:\Users\Hermann Family\NTUSER.DAT
[2010/01/13 20:11:57 | 00,003,017 | ---- | M] () -- C:\Users\Hermann Family\Desktop\OTL - Shortcut.lnk
[2010/01/13 20:09:01 | 00,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/13 17:09:00 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/13 13:02:10 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/13 09:58:42 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/09 20:41:59 | 00,023,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/09 20:41:59 | 00,023,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/09 20:39:13 | 00,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/09 20:39:13 | 00,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/09 20:39:13 | 00,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/09 20:35:06 | 00,000,276 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/01/09 20:33:53 | 00,000,358 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHermann Family.job
[2010/01/09 20:33:53 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/09 20:33:41 | 28,155,86304 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/07 16:47:39 | 02,163,959 | -H-- | M] () -- C:\Users\Hermann Family\AppData\Local\IconCache.db
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/31 06:11:12 | 00,129,360 | ---- | M] () -- C:\Users\Hermann Family\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/31 06:11:02 | 00,465,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/31 06:08:47 | 00,001,136 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
[2009/12/31 06:07:26 | 00,000,478 | ---- | M] () -- C:\Windows\win.ini
[2009/12/30 18:31:10 | 00,000,991 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/30 18:19:41 | 00,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/30 15:59:45 | 00,002,099 | -HS- | M] () -- C:\Users\Hermann Family\AppData\Roaming\02000000edd3e5a6724P.manifest
[2009/12/30 15:59:45 | 00,000,344 | -HS- | M] () -- C:\Users\Hermann Family\AppData\Roaming\02000000edd3e5a6724C.manifest
[2009/12/29 23:07:41 | 00,000,448 | -HS- | M] () -- C:\Users\Hermann Family\AppData\Roaming\02000000edd3e5a6724O.manifest
[2009/12/29 22:53:12 | 00,000,019 | ---- | M] () -- C:\Users\Hermann Family\AppData\Roaming\9a583d
[2009/12/29 19:56:44 | 00,000,011 | -HS- | M] () -- C:\Users\Hermann Family\AppData\Roaming\02000000edd3e5a6724S.manifest
[2009/12/29 19:49:33 | 00,001,372 | ---- | M] () -- C:\Users\Hermann Family\AppData\Roaming\qpb7LzcbbYuwXeT.vbs
[2009/12/29 19:49:20 | 00,001,372 | ---- | M] () -- C:\Users\Hermann Family\AppData\Roaming\WuGmj.vbs
[2009/12/29 19:44:39 | 00,001,372 | ---- | M] () -- C:\Users\Hermann Family\AppData\Roaming\GiE6ytY.vbs
[2009/12/29 19:43:02 | 00,001,372 | ---- | M] () -- C:\Users\Hermann Family\AppData\Roaming\9sInje4gQ5wSQ.vbs
[2009/12/29 19:39:13 | 00,001,372 | ---- | M] () -- C:\Users\Hermann Family\AppData\Roaming\DtmO7RQ.vbs
[2009/12/29 19:37:35 | 00,001,372 | ---- | M] () -- C:\Users\Hermann Family\AppData\Roaming\9SGsfpMwDp2kb.vbs
[2009/12/27 19:03:12 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/12/27 18:52:22 | 00,001,980 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
[2009/12/27 18:52:22 | 00,001,962 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2009/12/27 16:08:18 | 00,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010/01/13 20:11:57 | 00,003,017 | ---- | C] () -- C:\Users\Hermann Family\Desktop\OTL - Shortcut.lnk
[2010/01/09 20:24:04 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/01/09 20:23:55 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/01/09 20:23:55 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/01/09 20:23:29 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/01/09 20:13:24 | 00,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/08 17:23:56 | 00,000,358 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForHermann Family.job
[2009/12/31 06:08:47 | 00,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
[2009/12/30 18:31:10 | 00,000,991 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/30 18:19:41 | 00,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/29 22:53:12 | 00,000,019 | ---- | C] () -- C:\Users\Hermann Family\AppData\Roaming\9a583d
[2009/12/29 19:49:33 | 00,001,372 | ---- | C] () -- C:\Users\Hermann Family\AppData\Roaming\qpb7LzcbbYuwXeT.vbs
[2009/12/29 19:49:20 | 00,001,372 | ---- | C] () -- C:\Users\Hermann Family\AppData\Roaming\WuGmj.vbs
[2009/12/29 19:44:39 | 00,001,372 | ---- | C] () -- C:\Users\Hermann Family\AppData\Roaming\GiE6ytY.vbs
[2009/12/29 19:43:02 | 00,001,372 | ---- | C] () -- C:\Users\Hermann Family\AppData\Roaming\9sInje4gQ5wSQ.vbs
[2009/12/29 19:39:13 | 00,001,372 | ---- | C] () -- C:\Users\Hermann Family\AppData\Roaming\DtmO7RQ.vbs
[2009/12/29 19:37:36 | 00,002,099 | -HS- | C] () -- C:\Users\Hermann Family\AppData\Roaming\02000000edd3e5a6724P.manifest
[2009/12/29 19:37:36 | 00,000,448 | -HS- | C] () -- C:\Users\Hermann Family\AppData\Roaming\02000000edd3e5a6724O.manifest
[2009/12/29 19:37:36 | 00,000,344 | -HS- | C] () -- C:\Users\Hermann Family\AppData\Roaming\02000000edd3e5a6724C.manifest
[2009/12/29 19:37:36 | 00,000,011 | -HS- | C] () -- C:\Users\Hermann Family\AppData\Roaming\02000000edd3e5a6724S.manifest
[2009/12/29 19:37:35 | 00,001,372 | ---- | C] () -- C:\Users\Hermann Family\AppData\Roaming\9SGsfpMwDp2kb.vbs
[2009/12/27 19:03:12 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/12/27 18:52:21 | 00,001,980 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
[2009/12/27 18:52:21 | 00,001,962 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2009/12/27 16:08:18 | 00,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/12/24 17:04:59 | 00,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/24 17:04:58 | 00,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/09 06:16:54 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/06 16:33:58 | 00,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/12/05 19:54:22 | 00,006,144 | ---- | C] () -- C:\Windows\System32\BioPdf.PdfWriter.Lib.dll
[2009/12/02 18:49:33 | 00,000,000 | ---- | C] () -- C:\Users\Hermann Family\AppData\Local\QSwitch.txt
[2009/12/02 18:49:33 | 00,000,000 | ---- | C] () -- C:\Users\Hermann Family\AppData\Local\DSwitch.txt
[2009/12/02 18:49:33 | 00,000,000 | ---- | C] () -- C:\Users\Hermann Family\AppData\Local\AtStart.txt
[2009/12/02 18:49:31 | 00,000,188 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/10/11 21:38:28 | 00,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/10/11 21:38:19 | 00,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/10/11 21:38:01 | 00,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/10/11 21:37:33 | 00,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/10/11 21:37:09 | 00,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/10/11 21:36:33 | 00,000,276 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/10/11 21:16:26 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/17 09:15:40 | 00,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/17 09:11:52 | 00,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/17 09:10:09 | 00,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/17 09:09:17 | 00,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/16 10:50:42 | 00,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 09:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/06/17 18:46:00 | 00,016,169 | ---- | C] () -- C:\Windows\UN900119.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >



OTL Extras

OTL Extras logfile created on: 1/13/2010 8:13:06 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Hermann Family\Documents\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.85 Gb Total Space | 218.64 Gb Free Space | 76.49% Space Free | Partition Type: NTFS
Drive D: | 11.95 Gb Total Space | 1.99 Gb Free Space | 16.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HERMANNFAMILY
Current User Name: Hermann Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2490328804-526683994-3736760034-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
"{2C219A65-8AAC-E10B-363E-4F8362D4399E}" = ATI Catalyst Install Manager
"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{422A10BE-68F1-E8B7-E4B8-6EDFE8EA0675}" = ccc-utility
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
"{54A90A9E-E537-11DE-811A-005056806466}" = Google Earth Plug-in
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76D0B7D8-6683-4D54-A108-046A5E542F0B}" = SoftStylus
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AC93F461-132C-4A10-983D-7DAFE2917D67}" = Roxio Media Manager
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeā„¢ 4.1
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AviSynth" = AviSynth 2.5
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1078
"Google Updater" = Google Updater
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NIS" = Norton Internet Security
"Office14.SingleImage" = Microsoft Office Professional 2010
"PROHYBRIDR" = 2007 Microsoft Office system
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UN900119" = BUFFALO Client Manager V
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Thanks for the help

Edited by kyro2002, 13 January 2010 - 05:21 AM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:56 PM

Posted 13 January 2010 - 07:46 AM

Hi,

please run a rootkit scan:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 kyro2002

kyro2002
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 14 January 2010 - 04:21 AM

thanks heaps

here it is


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-14 19:17:49
Windows 6.1.7600
Running: 1i6rpvyc.exe; Driver: C:\Users\HERMAN~1\AppData\Local\Temp\pxdcqpob.sys


---- System - GMER 1.0.15 ----

SSDT 87E3A9E8 ZwAlertResumeThread
SSDT 87DF8538 ZwAlertThread
SSDT 87E52A90 ZwAllocateVirtualMemory
SSDT 870F0330 ZwAlpcConnectPort
SSDT 87E36048 ZwAssignProcessToJobObject
SSDT 87E5E430 ZwCreateMutant
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8D143CDE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8D143ED0]
SSDT 87E69EB8 ZwCreateSymbolicLinkObject
SSDT 87E484F0 ZwCreateThread
SSDT 87E68250 ZwCreateThreadEx
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8D1440D8]
SSDT 87E35048 ZwDebugActiveProcess
SSDT 87E52CA8 ZwDuplicateObject
SSDT 87E52470 ZwFreeVirtualMemory
SSDT 8726D8E0 ZwImpersonateAnonymousToken
SSDT 87DF8AD0 ZwImpersonateThread
SSDT 86E64AC0 ZwLoadDriver
SSDT 87E52310 ZwMapViewOfSection
SSDT 8726D590 ZwOpenEvent
SSDT 87E51058 ZwOpenProcess
SSDT 87DF0430 ZwOpenProcessToken
SSDT 87E31048 ZwOpenSection
SSDT 87E52DB8 ZwOpenThread
SSDT 87E68A30 ZwProtectVirtualMemory
SSDT 87DE9568 ZwResumeThread
SSDT 87DF0700 ZwSetContextThread
SSDT 87E52100 ZwSetInformationProcess
SSDT 87356048 ZwSetSystemInformation
SSDT 87E34970 ZwSuspendProcess
SSDT 87DEEEC8 ZwSuspendThread
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8D143984]
SSDT 87DE9C20 ZwTerminateThread
SSDT 8726E140 ZwUnmapViewOfSection
SSDT 87E52780 ZwWriteVirtualMemory

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1FAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1F104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1F3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C082D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C07898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1F1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1F958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1F6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1FF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C201A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C7F579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CA3F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 224 82CAB724 8 Bytes CALL BB529AD2
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82CAB73C 4 Bytes [90, 2A, E5, 87]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82CAB748 4 Bytes [30, 03, 0F, 87]
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 82CAB79C 2 Bytes [48, 60] {DEC EAX; PUSHA }
.text ntkrnlpa.exe!RtlSidHashLookup + 29F 82CAB79F 1 Byte [87]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x94A37000, 0x2D5046, 0xE8000020]
.text peauth.sys 9CF57C9D 28 Bytes [15, 5D, C4, 81, 42, 86, A9, ...]
.text peauth.sys 9CF57CC1 28 Bytes [15, 5D, C4, 81, 42, 86, A9, ...]
PAGE peauth.sys 9CF5DB9B 72 Bytes [8E, 04, 0E, 46, D0, 63, 9E, ...]
PAGE peauth.sys 9CF5DBEC 111 Bytes [E7, 6C, 64, 91, D4, 8F, EC, ...]
PAGE peauth.sys 9CF5DE20 101 Bytes [CB, 27, 68, F3, EB, E4, E1, ...]
PAGE ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E7250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E72494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E55624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E556E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E68573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E64D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E650CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E651A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73E666D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E682CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E68819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E6907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E6E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E64C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0044BB58] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2640] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BD5C] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044BB58] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BD5C] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0044B82C] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2712] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BA30] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044B82C] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BA30] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\ACPI_HAL \Device\0000007f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b2af2e9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b2af2e9 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:56 PM

Posted 14 January 2010 - 07:34 AM

Hi,

please run ComboFix:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 kyro2002

kyro2002
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 15 January 2010 - 03:55 AM

i download iy from that link but i get this in a window

---WARNING--

this is a beta version combofix meant for compatiblty testing

---WARNING---

under no cicumstances should this be run on a live machine

click NO to exit

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:56 PM

Posted 15 January 2010 - 04:07 PM

Hi,

sorry I should have told you about the warning. The application should be safe to run, the tests have been successfully concluded.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 kyro2002

kyro2002
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 15 January 2010 - 11:03 PM

ComboFix 10-01-15.01 - Hermann Family 16/01/2010 13:47:56.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3580.1984 [GMT 10:00]
Running from: c:\users\Hermann Family\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1512132004-1228647517-3645099243-500
c:\$recycle.bin\S-1-5-21-2490328804-526683994-3736760034-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
c:\users\Hermann Family\AppData\Roaming\02000000edd3e5a6724C.manifest
c:\users\Hermann Family\AppData\Roaming\02000000edd3e5a6724O.manifest
c:\users\Hermann Family\AppData\Roaming\02000000edd3e5a6724P.manifest
c:\users\Hermann Family\AppData\Roaming\02000000edd3e5a6724S.manifest
c:\users\Hermann Family\AppData\Roaming\Mozilla\Firefox\Profiles\23xhydsx.default\extensions\{858f7b0f-4005-403c-ad70-3d26187eb5ad}
c:\users\Hermann Family\AppData\Roaming\Mozilla\Firefox\Profiles\23xhydsx.default\extensions\{858f7b0f-4005-403c-ad70-3d26187eb5ad}\chrome.manifest
c:\users\Hermann Family\AppData\Roaming\Mozilla\Firefox\Profiles\23xhydsx.default\extensions\{858f7b0f-4005-403c-ad70-3d26187eb5ad}\chrome\xulcache.jar
c:\users\Hermann Family\AppData\Roaming\Mozilla\Firefox\Profiles\23xhydsx.default\extensions\{858f7b0f-4005-403c-ad70-3d26187eb5ad}\defaults\preferences\xulcache.js
c:\users\Hermann Family\AppData\Roaming\Mozilla\Firefox\Profiles\23xhydsx.default\extensions\{858f7b0f-4005-403c-ad70-3d26187eb5ad}\install.rdf
c:\users\Hermann Family\AppData\Roaming\SystemProc

.
((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.

2010-01-16 03:55 . 2010-01-16 03:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-15 23:56 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.019\CCERASER.DLL
2010-01-15 23:56 . 2009-12-04 04:57 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.019\NAVENG.SYS
2010-01-15 23:56 . 2009-12-04 04:57 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.019\EECTRL.SYS
2010-01-15 23:56 . 2009-12-04 04:57 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.019\ECMSVR32.DLL
2010-01-15 23:56 . 2009-12-04 04:57 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.019\NAVENG32.DLL
2010-01-15 23:56 . 2009-12-04 04:57 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.019\NAVEX32A.DLL
2010-01-15 23:56 . 2009-12-04 04:57 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.019\NAVEX15.SYS
2010-01-15 23:56 . 2009-12-04 04:57 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.019\ERASER.SYS
2010-01-14 22:57 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSXpx86.sys
2010-01-14 22:57 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\Scxpx86.dll
2010-01-14 22:57 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSvix86.sys
2010-01-14 22:57 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSxpx86.dll
2010-01-14 22:57 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSviA64.sys
2010-01-13 20:39 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 20:39 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 09:01 . 2010-01-13 09:01 -------- d-----w- c:\programdata\LightScribe
2010-01-09 10:24 . 2009-10-30 01:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-09 10:24 . 2009-10-30 01:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-01-09 10:23 . 2009-11-09 01:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-09 10:23 . 2009-10-06 06:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-09 10:23 . 2009-09-02 23:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-09 10:23 . 2010-01-15 08:44 -------- d-----w- c:\program files\Spyware Doctor
2010-01-09 10:23 . 2010-01-09 10:24 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-09 10:23 . 2010-01-09 10:23 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\PC Tools
2010-01-09 10:23 . 2010-01-09 10:23 -------- d-----w- c:\programdata\PC Tools
2010-01-09 10:13 . 2010-01-09 10:13 -------- d-----w- c:\programdata\Google Updater
2010-01-08 19:28 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\Scxpx86.dll
2010-01-08 19:28 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys
2010-01-08 19:28 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSXpx86.sys
2010-01-08 19:28 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSxpx86.dll
2010-01-08 19:28 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSviA64.sys
2010-01-01 01:56 . 2010-01-09 09:34 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-30 20:01 . 2009-12-30 20:01 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-12-30 19:57 . 2009-12-30 19:57 -------- d-----w- c:\program files\Microsoft Analysis Services
2009-12-30 19:57 . 2009-12-30 19:57 -------- d-----w- c:\users\Hermann Family\AppData\Local\Microsoft Help
2009-12-30 17:00 . 2009-12-30 17:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-30 10:27 . 2009-12-30 10:32 -------- d-----w- c:\users\Hermann Family\AppData\Local\IM
2009-12-30 10:27 . 2009-12-30 10:28 -------- d-----w- c:\programdata\IM
2009-12-30 10:27 . 2009-12-30 10:27 -------- d-----w- c:\programdata\IncrediMail
2009-12-30 08:32 . 2010-01-13 09:20 52224 ----a-w- c:\users\Hermann Family\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-30 08:32 . 2010-01-15 20:15 117760 ----a-w- c:\users\Hermann Family\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-30 08:31 . 2009-12-30 08:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-30 08:31 . 2009-12-30 08:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-30 08:31 . 2009-12-30 08:31 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\SUPERAntiSpyware.com
2009-12-30 08:30 . 2009-12-30 08:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-30 08:19 . 2009-12-30 08:19 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\Malwarebytes
2009-12-30 08:19 . 2010-01-07 06:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 08:19 . 2009-12-30 08:19 -------- d-----w- c:\programdata\Malwarebytes
2009-12-30 08:19 . 2010-01-09 09:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 08:19 . 2010-01-07 06:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 11:09 . 2009-12-29 11:09 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\Qualcomm
2009-12-29 11:08 . 2009-12-29 11:08 -------- d-----w- c:\program files\Qualcomm
2009-12-29 11:08 . 2005-10-04 06:33 1712128 ----a-w- c:\windows\system32\gdiplus.dll
2009-12-29 11:08 . 2005-08-09 06:09 48640 ----a-w- c:\windows\system32\INETWH32.DLL
2009-12-29 11:08 . 2005-08-09 06:09 317952 ----a-w- c:\windows\system32\Roboex32.dll
2009-12-29 10:54 . 2009-12-29 11:37 -------- d-----w- c:\users\Hermann Family\AppData\Local\Thunderbird
2009-12-29 10:54 . 2009-12-29 10:54 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\Thunderbird
2009-12-29 10:20 . 2009-12-29 10:20 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\InstallShield
2009-12-27 09:36 . 2009-12-27 09:36 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\Roxio
2009-12-27 08:52 . 2009-01-09 06:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2009-12-27 08:52 . 2009-12-27 08:52 -------- d-----w- c:\programdata\Research In Motion
2009-12-27 08:21 . 2009-12-27 08:21 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\Research In Motion
2009-12-27 02:24 . 2009-12-29 09:55 -------- d-----w- c:\programdata\InstallShield
2009-12-27 02:24 . 2009-12-27 02:24 -------- d-----w- c:\programdata\Sonic
2009-12-27 02:24 . 2009-12-27 02:24 -------- d-----w- c:\users\Hermann Family\AppData\Local\Programs
2009-12-27 02:23 . 2009-12-29 09:55 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-12-27 02:22 . 2009-12-29 09:55 -------- d-----w- c:\program files\Roxio
2009-12-27 02:22 . 2009-12-27 09:37 -------- d-----w- c:\programdata\Roxio
2009-12-27 02:22 . 2009-12-27 02:22 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-12-27 02:22 . 2009-12-29 09:55 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-12-27 02:17 . 2009-12-29 09:55 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-12-27 02:17 . 2009-12-27 02:17 -------- d-----w- c:\program files\Research In Motion
2009-12-25 09:56 . 2009-12-25 09:56 1760960 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en\Installers\SetupGamesClient.exe
2009-12-24 07:04 . 2010-01-09 10:13 -------- d-----w- c:\program files\Google
2009-12-18 21:07 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys
2009-12-18 21:07 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\Scxpx86.dll
2009-12-18 21:07 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSxpx86.dll
2009-12-18 21:07 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSvix86.sys
2009-12-18 21:07 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 03:55 . 2009-12-08 20:15 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\Skype
2010-01-15 22:02 . 2009-12-08 20:16 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\skypePM
2010-01-15 08:43 . 2009-12-05 07:46 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\uTorrent
2010-01-15 07:32 . 2009-12-11 08:23 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\HpUpdate
2010-01-14 17:01 . 2009-08-16 22:22 -------- d-----w- c:\programdata\Microsoft Help
2010-01-03 10:42 . 2009-08-16 22:03 -------- d-----w- c:\program files\HP Games
2009-12-30 20:11 . 2009-12-02 08:47 129360 ----a-w- c:\users\Hermann Family\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-30 20:01 . 2009-10-11 11:42 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-29 11:08 . 2009-08-16 21:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-29 09:55 . 2009-08-16 22:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-29 09:55 . 2009-12-05 07:47 -------- d-----w- c:\program files\uTorrent
2009-12-29 09:49 . 2009-12-29 09:49 1372 ----a-w- c:\users\Hermann Family\AppData\Roaming\qpb7LzcbbYuwXeT.vbs
2009-12-29 09:49 . 2009-12-29 09:49 1372 ----a-w- c:\users\Hermann Family\AppData\Roaming\WuGmj.vbs
2009-12-29 09:44 . 2009-12-29 09:44 1372 ----a-w- c:\users\Hermann Family\AppData\Roaming\GiE6ytY.vbs
2009-12-29 09:43 . 2009-12-29 09:43 1372 ----a-w- c:\users\Hermann Family\AppData\Roaming\9sInje4gQ5wSQ.vbs
2009-12-29 09:39 . 2009-12-29 09:39 1372 ----a-w- c:\users\Hermann Family\AppData\Roaming\DtmO7RQ.vbs
2009-12-29 09:37 . 2009-12-29 09:37 1372 ----a-w- c:\users\Hermann Family\AppData\Roaming\9SGsfpMwDp2kb.vbs
2009-12-27 09:03 . 2009-12-27 09:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-27 02:22 . 2009-08-16 21:24 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-25 09:58 . 2009-08-16 22:03 -------- d-----w- c:\programdata\WildTangent
2009-12-11 08:23 . 2009-12-11 08:23 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\HP Support Assistant
2009-12-09 07:18 . 2009-12-06 06:27 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-12-09 03:27 . 2009-12-09 03:27 -------- d-----w- c:\programdata\Gogii
2009-12-08 20:17 . 2009-08-16 23:09 -------- d-----w- c:\programdata\CyberLink
2009-12-08 20:17 . 2009-12-06 06:34 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\CyberLink
2009-12-08 20:16 . 2009-12-08 20:16 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-08 20:14 . 2009-12-08 20:14 -------- d-----r- c:\program files\Skype
2009-12-08 20:14 . 2009-12-08 20:14 -------- d-----w- c:\program files\Common Files\Skype
2009-12-08 20:14 . 2009-12-08 20:14 -------- d-----w- c:\programdata\Skype
2009-12-08 08:34 . 2009-12-08 08:34 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2009-12-08 08:34 . 2009-12-08 08:34 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2009-12-07 20:33 . 2009-12-07 20:33 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-07 20:16 . 2009-12-07 20:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-06 17:07 . 2009-08-16 22:24 -------- d-----w- c:\program files\Microsoft Works
2009-12-06 06:27 . 2009-12-06 06:27 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-06 04:43 . 2009-12-06 04:43 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\PDF Writer
2009-12-06 04:43 . 2009-12-06 04:43 -------- d-----w- c:\programdata\PDF Writer
2009-12-05 21:19 . 2009-08-16 23:38 -------- d-----w- c:\program files\Java
2009-12-05 17:32 . 2009-08-16 21:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-05 17:02 . 2009-12-05 17:02 -------- d-----w- c:\program files\MSXML 4.0
2009-12-05 09:54 . 2009-12-05 09:54 -------- d-----w- c:\program files\Common Files\Bullzip
2009-12-05 09:54 . 2009-12-05 09:54 -------- d-----w- c:\program files\Bullzip
2009-12-05 09:49 . 2009-12-05 09:49 -------- d-----w- c:\programdata\FlashFXP
2009-12-05 08:53 . 2009-12-05 07:17 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-12-05 08:13 . 2009-08-16 21:26 -------- d-----w- c:\program files\Windows Live
2009-12-05 08:10 . 2009-12-05 08:10 -------- d-----w- c:\program files\Microsoft
2009-12-04 07:50 . 2009-12-02 08:49 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\Hewlett-Packard
2009-12-04 00:41 . 2009-12-04 00:41 -------- d-----w- c:\programdata\Sony Online Entertainment
2009-12-03 10:53 . 2009-08-16 22:11 -------- d-----w- c:\programdata\Symantec
2009-12-03 10:53 . 2009-08-16 21:24 -------- d-----w- c:\programdata\Hewlett-Packard
2009-12-03 10:53 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2009-12-03 09:10 . 2009-12-03 09:10 -------- d-----w- c:\program files\BUFFALO
2009-12-03 08:08 . 2009-12-02 20:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-02 20:22 . 2009-08-16 21:38 -------- d-----w- c:\programdata\Norton
2009-12-02 20:21 . 2009-08-16 22:11 -------- d-----w- c:\program files\Symantec
2009-12-02 20:21 . 2009-12-02 20:21 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-02 20:21 . 2009-12-02 20:21 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-02 20:21 . 2009-12-02 20:21 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-02 09:47 . 2009-12-02 09:47 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\WildTangent
2009-12-02 08:49 . 2009-12-02 08:49 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\ATI
2009-12-02 08:48 . 2009-12-02 08:48 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\hpqlog
2009-12-02 08:41 . 2009-12-02 08:41 -------- d-----w- c:\users\Hermann Family\AppData\Roaming\HP TCS
2009-12-02 08:39 . 2009-12-02 08:39 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Presario CQ61 Notebook PC_Y5335KV_0U_QCNF9413NFQ_E575236-371_4A_I3652_SQuanta_V42.14_F.07_T091010_WU3-0_L409_M3581_J320_7AMD_8F62_92.10_#091202_N10EC8136;168C002B_(VX306PA#ABG)_XMOBILE_CN10_Z.MRK
2009-11-28 04:37 . 2009-12-05 09:54 6144 ----a-w- c:\windows\system32\BioPdf.PdfWriter.Lib.dll
2009-11-06 00:59 . 2009-12-11 08:28 382216 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpgrade.exe
2009-10-29 07:22 . 2009-12-05 17:08 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-29 05:03 . 2009-12-11 08:28 58632 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpdaterObj.exe
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 11:12 556432 ----a-w- c:\progra~1\MICROS~4\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-05 289584]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-08-26 236016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2010-01-09 160752]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ClientManagerV.lnk - c:\program files\BUFFALO\clientmgrv\bin\cmvMain.exe [2009-12-3 138544]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-11-19 1807704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 04:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [9/01/2010 8:23 PM 207792]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1007020.00B\SymEFA.sys [5/12/2009 6:53 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1007020.00B\BHDrvx86.sys [5/12/2009 6:53 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1007020.00B\cchpx86.sys [5/12/2009 6:53 PM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSvix86.sys [15/01/2010 8:57 AM 343088]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 4:26 PM 74480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14/07/2009 9:52 AM 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [11/10/2009 9:17 PM 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [3/07/2009 4:15 AM 176128]
R2 BWH32S;BWH32S;c:\program files\BUFFALO\clientmgrv\bin\BWH32S.exe [3/12/2009 7:10 PM 57648]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [5/12/2009 6:53 PM 117640]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [17/08/2009 7:50 AM 228408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/12/2009 2:34 AM 102448]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 4:28 AM 4639136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [11/10/2009 9:16 PM 167936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1007020.00B\symndisv.sys [5/12/2009 6:53 PM 48688]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [11/10/2009 9:16 PM 28344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/12/2009 5:04 PM 135664]
S3 Bufeap;BUFFALO EAP Driver;c:\windows\System32\drivers\bufeap.sys [3/12/2009 7:10 PM 14848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\drivers\RtsUStor.sys [11/10/2009 9:15 PM 167424]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 4:27 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/01/2010 8:23 PM 359624]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [14/07/2009 8:13 AM 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [14/07/2009 8:13 AM 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [14/07/2009 8:13 AM 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [14/07/2009 9:52 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-09 10:13]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 07:04]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 07:04]

2010-01-15 c:\windows\Tasks\HPCeeScheduleForHermann Family.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-08-16 21:38]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Hermann Family\AppData\Roaming\Mozilla\Firefox\Profiles\23xhydsx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1808.5272\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-LSI Soft Modem - c:\windows\agrsmdel



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x82C17000]<< >>UNKNOWN [0x8CBD0000]<< >>UNKNOWN [0x8D7DB000]<< >>UNKNOWN [0x8CFC9000]<< >>UNKNOWN [0x8CD18000]<< >>UNKNOWN [0x83027000]<< >>UNKNOWN [0x8CB50000]<< >>UNKNOWN [0x8CD9A000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
DeleteProcedure -> 0x8e2068c0
SecurityProcedure -> 0x85f78cf8
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-01-16 13:58:01
ComboFix-quarantined-files.txt 2010-01-16 03:58

Pre-Run: 233,907,077,120 bytes free
Post-Run: 234,774,949,888 bytes free

- - End Of File - - F9D993205DDA7862DC2F321EA5291538



thanks for your help

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:56 PM

Posted 16 January 2010 - 06:12 AM

Hi,

please run a scan with mbr:
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 kyro2002

kyro2002
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 16 January 2010 - 06:40 AM

when i try to do that i get this


Microsoft Windows [Version 6.1.7600]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Users\Hermann Family>mbr.exe-t>"C:\mbr.log"
Access is denied.

C:\Users\Hermann Family>mbr.exe -t >"C:\mbr.log"
Access is denied.

C:\Users\Hermann Family>

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:56 PM

Posted 16 January 2010 - 06:41 AM

Hi,

sorry you need to get an elevated command prompt:

Go to start, then all programs followed by Accessories, right-click Command Prompt, and then click Run as administrator.

This will open an elevated command prompt.

Please run the command from there once more, let me know if that will work.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 kyro2002

kyro2002
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 16 January 2010 - 07:09 AM

this time

Microsoft Windows [Version 6.1.7600]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>mbr.exe-t>"C:\mbr.log"
'mbr.exe-t' is not recognized as an internal or external command,
operable program or batch file.

C:\Windows\system32>mbr.exe -t >"C:\mbr.log"

C:\Windows\system32>cmd.exe

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:56 PM

Posted 16 January 2010 - 07:11 AM

Hi,

you should now have a file called mbr.log in C:\. Could you please check? If so, please post the content in your next replay.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 kyro2002

kyro2002
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 16 January 2010 - 07:12 AM

hows this

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x82C4D000]<< >>UNKNOWN [0x8CC0F000]<< >>UNKNOWN [0x8D7D3000]<< >>UNKNOWN [0x8CDBF000]<< >>UNKNOWN [0x8CD20000]<< >>UNKNOWN [0x82C16000]<< >>UNKNOWN [0x8CB5D000]<< >>UNKNOWN [0x8CDA2000]<<
kernel: MBR read successfully
user & kernel MBR OK




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users