Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacktool rootkit removal help requested


  • This topic is locked This topic is locked
24 replies to this topic

#1 OnceBittenY

OnceBittenY

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 09 April 2010 - 09:31 AM

Hi folks,
I come on bended knee for some assistance in removing what I believe to be a Hacktool rootkit infection. Norton 360 identifies it but can't remove what seems to be a key file (uzgmzs.sys in system32/drivers). I'm guessing there's probably other issues in the registry and possibly elsewhere... I've read the guide and append the DDS log below (other DDS output is attached). GMER would not complete (core dumped multiple times in both regular and safe mode - gives me a blue screen in regular mode) but the initial view showed that .sys file as a suspected rootkit infection.

Note that prior to finding bleepingcomputer I did try a couple of tools (malwarebytes and superantispyware) and they certainly helped (the initial problem included browser hijacking and other issues around not being able to run certain software (e.g., malwarebytes, etc.). Let me know if you'd like to see logs for any other tools...

Thanks!



DDS (Ver_10-03-17.01) - NTFSx86
Run by pk at 6:11:17.68 on 09/04/2010
Internet Explorer: 7.0.6000.17037
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.theglobeandmail.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.shoptoshiba.ca/welcome
mDefault_Page_URL = hxxp://www.shoptoshiba.ca/welcome
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Taskman=C:\gnwwy.exe
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.1.0.32\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.1.0.32\IPSBHO.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.1.0.32\coIEPlg.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://vanmappub.vancouver.ca/download/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\pk\appdata\roaming\mozilla\firefox\profiles\fx0qleij.default\
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-04-09 13:08:49 0 ----a-w- c:\users\pk\defogger_reenable
2010-04-09 12:41:19 0 d-----w- c:\users\pk\appdata\roaming\Tific
2010-04-09 12:39:41 65536 --sha-w- c:\users\pk\ntuser.dat{cf7d3b99-43d4-11df-a1b9-001de07b4845}.TM.blf
2010-04-09 12:39:41 524288 --sha-w- c:\users\pk\ntuser.dat{cf7d3b99-43d4-11df-a1b9-001de07b4845}.TMContainer00000000000000000002.regtrans-ms
2010-04-09 12:39:41 524288 --sha-w- c:\users\pk\ntuser.dat{cf7d3b99-43d4-11df-a1b9-001de07b4845}.TMContainer00000000000000000001.regtrans-ms
2010-04-07 13:35:42 0 d-----w- c:\windows\pss
2010-04-07 10:00:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-07 04:23:41 0 d-----w- C:\!KillBox
2010-04-06 05:24:15 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-06 05:24:15 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-04-06 05:24:12 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-06 05:24:12 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-06 05:24:12 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-06 05:24:03 0 d-----w- c:\program files\Symantec
2010-04-06 05:24:03 0 d-----w- c:\program files\common files\Symantec Shared
2010-04-06 05:23:34 0 d-----w- c:\windows\system32\drivers\N360
2010-04-06 05:23:33 0 d-----w- c:\program files\Norton 360
2010-04-06 05:23:24 0 d-----w- c:\programdata\NortonInstaller
2010-04-06 05:23:24 0 d-----w- c:\program files\NortonInstaller
2010-04-05 19:46:08 0 d-----w- c:\programdata\Norton
2010-04-03 05:02:54 238920 ----a-w- c:\windows\system32\2615122.exe
2010-04-03 04:29:27 31061 ----a-w- c:\windows\system32\t1p0_127059271900.b1k
2010-04-03 04:28:50 238920 ----a-w- c:\windows\system32\3564524.exe
2010-04-03 04:26:42 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-03 04:25:48 0 d-----w- c:\users\pk\appdata\roaming\SUPERAntiSpyware.com
2010-04-03 04:25:48 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-03 04:01:59 238920 ----a-w- c:\windows\system32\1464609.exe
2010-04-03 00:30:56 238920 ----a-w- c:\windows\system32\1778483.exe
2010-04-02 13:45:24 238920 ----a-w- c:\windows\system32\8553538.exe
2010-04-02 05:18:53 238920 ----a-w- c:\windows\system32\1029887.exe
2010-04-02 05:17:30 238920 ----a-w- c:\windows\system32\1298594.exe
2010-04-02 05:17:08 238920 ----a-w- c:\windows\system32\7003703.exe
2010-04-02 05:01:55 238920 ----a-w- c:\windows\system32\6762766.exe
2010-04-02 04:42:08 238920 ----a-w- c:\windows\system32\958732.exe
2010-04-02 04:12:25 0 d--h--w- c:\windows\PIF
2010-04-02 03:49:22 238920 ----a-w- c:\windows\system32\6940531.exe
2010-04-02 03:34:56 238920 ----a-w- c:\windows\system32\7602305.exe
2010-04-01 07:23:43 238920 ----a-w- c:\windows\system32\4804453.exe
2010-04-01 07:16:51 238920 ----a-w- c:\windows\system32\4401774.exe
2010-04-01 06:56:54 238920 ----a-w- c:\windows\system32\7652354.exe
2010-04-01 06:51:36 238920 ----a-w- c:\windows\system32\3671336.exe
2010-04-01 06:38:35 0 d-----w- c:\programdata\Windows Genuine Advantage
2010-04-01 06:35:10 238920 ----a-w- c:\windows\system32\1717142.exe
2010-04-01 06:32:40 238920 ----a-w- c:\windows\system32\9165263.exe
2010-04-01 06:31:23 238920 ----a-w- c:\windows\system32\7811503.exe
2010-04-01 06:30:13 238920 ----a-w- c:\windows\system32\1285166.exe
2010-04-01 06:01:06 238920 ----a-w- c:\windows\system32\7286906.exe
2010-04-01 05:36:37 238920 ----a-w- c:\windows\system32\7911753.exe
2010-04-01 05:35:45 266240 --sh--r- c:\windows\system32\winupd01.exe
2010-04-01 05:32:55 4 ----a-w- c:\program files\181444.dat
2010-04-01 05:31:27 238920 ----a-w- c:\windows\system32\383491.exe
2010-04-01 05:13:54 0 d-----w- c:\users\pk\appdata\roaming\Malwarebytes
2010-04-01 05:10:47 238920 ----a-w- c:\windows\system32\4574961.exe
2010-04-01 05:03:29 238920 ----a-w- c:\windows\system32\4105143.exe
2010-04-01 04:34:11 238920 ----a-w- c:\windows\system32\3122687.exe
2010-04-01 04:13:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 04:13:24 0 d-----w- c:\programdata\Malwarebytes
2010-04-01 04:13:23 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 04:13:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 04:09:33 238920 ----a-w- c:\windows\system32\1011576.exe
2010-04-01 04:04:28 0 d-----w- c:\program files\Trend Micro
2010-04-01 03:41:05 238920 ----a-w- c:\windows\system32\8064951.exe
2010-04-01 03:02:48 33291 ----a-w- c:\windows\system32\t1p0_774717612177.b1k
2010-04-01 03:02:36 1178 ----a-w- c:\programdata\_VOIDmfeklnmal.dll
2010-04-01 03:02:23 238920 ----a-w- c:\windows\system32\6487956.exe
2010-04-01 02:55:48 189440 --sha-r- c:\users\pk\appdata\roaming\gnwwy.exe
2010-04-01 02:54:52 823808 ----a-w- c:\windows\system32\drivers\uzgmzs.sys
2010-04-01 02:51:34 0 d-sh--w- c:\users\pk\.COMMgr
2010-03-20 05:26:17 0 d-----w- c:\program files\iPod
2010-03-20 05:25:57 0 d-----w- c:\program files\iTunes
2010-03-15 03:16:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-15 03:09:54 0 d-----r- c:\program files\Skype
2010-03-15 03:09:46 0 d-----w- c:\programdata\Skype
2010-03-13 23:51:17 519083 ----a-w- C:\Gunnar_cra.pdf
2010-03-11 13:30:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 13:29:59 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 13:29:59 31232 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2010-04-07 07:29:56 339968 ----a-w- c:\windows\HideWin.exe
2010-04-07 07:21:06 37888 ----a-w- c:\windows\fveupdate.exe
2010-04-07 07:12:59 76288 ----a-w- c:\windows\system32\takeown.exe
2010-04-07 07:11:59 59392 ----a-w- c:\windows\system32\waitfor.exe
2010-04-07 07:10:59 41472 ----a-w- c:\windows\system32\replace.exe
2010-04-07 07:09:59 64000 ----a-w- c:\windows\system32\lodctr.exe
2010-04-07 07:08:58 149504 ----a-w- c:\windows\system32\gpresult.exe
2010-04-07 07:07:43 83456 ----a-w- c:\windows\system32\dfrgifc.exe
2010-04-07 07:07:40 119808 ----a-w- c:\windows\system32\dfrgfat.exe
2010-04-07 07:07:36 92672 ----a-w- c:\windows\system32\DFDWiz.exe
2010-04-07 07:07:33 50176 ----a-w- c:\windows\system32\DeviceEject.exe
2010-04-07 07:07:32 33280 ----a-w- c:\windows\system32\dcomcnfg.exe
2010-04-07 06:53:59 216576 ----a-w- c:\windows\system32\bitsadmin.exe
2010-04-07 06:52:44 64512 ----a-w- c:\windows\system32\lnkstub.exe
2010-04-07 06:52:43 60416 ----a-w- c:\windows\system32\eventcreate.exe
2010-04-07 06:52:41 230400 ----a-w- c:\windows\system32\eudcedit.exe
2010-04-07 06:52:39 117760 ----a-w- c:\windows\system32\esentutl.exe
2010-04-07 06:37:15 1851392 ----a-w- c:\windows\SkyTel.exe
2010-04-07 06:35:03 4501504 ----a-w- c:\windows\RtHDVCpl.exe
2010-04-07 04:33:31 33280 ----a-w- c:\windows\system32\help.exe
2010-04-07 04:24:25 74752 ----a-w- c:\windows\bfsvc.exe
2010-04-07 04:10:28 36864 ----a-w- c:\windows\system32\3495.exe
2010-04-07 03:46:24 159744 ----a-w- c:\windows\system32\wscript.exe
2010-04-07 03:12:31 106496 ----a-w- c:\windows\system32\SystemPropertiesAdvanced.exe
2010-04-07 02:43:20 167936 ----a-w- c:\windows\system32\WUDFHost.exe
2010-04-06 13:46:16 159232 ----a-w- c:\windows\regedit.exe
2010-04-06 13:45:19 189952 ----a-w- c:\windows\system32\lpksetup.exe
2010-04-06 13:25:47 1216512 ----a-w- c:\windows\RtlUpd.exe
2010-04-06 13:25:24 109568 ----a-w- c:\windows\system32\colorcpl.exe
2010-04-06 06:33:54 48128 ----a-w- c:\windows\system32\lpremove.exe
2010-04-06 06:33:54 45056 ----a-w- c:\windows\system32\RacAgent.exe
2010-04-06 06:31:56 248832 ----a-w- c:\windows\system32\Defrag.exe
2010-04-06 06:28:53 207872 ----a-w- c:\windows\system32\wsqmcons.exe
2010-04-06 06:23:04 39424 ----a-w- c:\windows\hh.exe
2010-04-06 06:23:02 487424 ----a-w- c:\windows\system32\cselect.exe
2010-04-06 06:22:39 485888 ----a-w- c:\windows\system32\msra.exe
2010-04-06 06:22:36 1161728 ----a-w- c:\windows\system32\wercon.exe
2010-04-06 06:21:34 217600 ----a-w- c:\windows\system32\WindowsAnytimeUpgrade.exe
2010-04-06 06:21:13 304128 ----a-w- c:\windows\IsUninst.exe
2010-04-06 06:21:10 9216 ----a-w- c:\windows\system32\write.exe
2010-04-06 06:19:58 206336 ----a-w- c:\windows\system32\fsquirt.exe
2010-04-06 06:19:54 182272 ----a-w- c:\windows\system32\osk.exe
2010-04-06 06:19:51 991232 ----a-w- c:\windows\system32\Narrator.exe
2010-04-06 06:19:44 710144 ----a-w- c:\windows\system32\Magnify.exe
2010-04-06 06:19:34 344576 ----a-w- c:\windows\system32\cmd.exe
2010-04-06 06:17:05 200704 ----a-w- c:\windows\system32\calc.exe
2010-04-06 06:06:31 141312 ----a-w- c:\windows\system32\wbem\WMIADAP.exe
2010-04-06 06:06:17 33792 ----a-w- c:\windows\system32\verclsid.exe
2010-04-06 06:03:52 122880 ----a-w- c:\windows\system32\netsh.exe
2010-04-06 06:02:18 288256 ----a-w- c:\windows\system32\FirewallSettings.exe
2010-04-06 06:02:03 7680 ----a-w- c:\windows\system32\plasrv.exe
2010-04-06 05:58:12 119808 ----a-w- c:\windows\system32\mobsync.exe
2010-04-06 05:56:39 184832 ----a-w- c:\windows\system32\PresentationSettings.exe
2010-04-06 05:50:11 188416 ----a-w- c:\windows\system32\taskmgr.exe
2010-04-06 05:50:01 33792 ----a-w- c:\windows\system32\LogonUI.exe
2010-04-06 05:44:32 175616 ----a-w- c:\windows\notepad.exe
2010-04-06 05:44:28 175616 ----a-w- c:\windows\system32\notepad.exe
2010-04-06 05:40:36 149504 ----a-w- c:\windows\system32\spoolsv.exe
2010-04-06 05:34:42 5739008 ----a-w- c:\windows\system32\logon.scr
2010-04-06 05:33:41 313856 ----a-w- c:\windows\system32\StikyNot.exe
2010-04-06 05:33:40 300544 ----a-w- c:\windows\system32\SnippingTool.exe
2010-04-06 05:33:30 509952 ----a-w- c:\windows\system32\mspaint.exe
2010-04-06 05:33:05 58368 ----a-w- c:\windows\system32\wuapp.exe
2010-04-06 05:32:57 86528 ----a-w- c:\windows\system32\wermgr.exe
2010-04-06 05:32:57 237056 ----a-w- c:\windows\system32\control.exe
2010-04-06 05:31:21 38912 ----a-w- c:\windows\system32\regsvr32.exe
2010-04-06 05:31:13 335872 ----a-w- c:\windows\system32\unregmp2.exe
2010-04-06 05:31:12 70144 ----a-w- c:\windows\system32\mshta.exe
2010-04-06 05:31:12 49152 ----a-w- c:\windows\system32\userinit.exe
2010-04-06 05:31:11 83456 ----a-w- c:\windows\system32\alg.exe
2010-04-06 05:31:11 37376 ----a-w- c:\windows\system32\snmptrap.exe
2010-04-06 05:31:09 96256 ----a-w- c:\windows\system32\msiexec.exe
2010-04-06 05:31:09 60416 ----a-w- c:\windows\system32\UI0Detect.exe
2010-04-06 05:31:09 32256 ----a-w- c:\windows\system32\Locator.exe
2010-04-06 05:31:05 948736 ----a-w- c:\windows\system32\VSSVC.exe
2010-04-06 05:31:05 161792 ----a-w- c:\windows\system32\wbem\WmiApSrv.exe
2010-04-06 05:31:03 2114560 ----a-w- c:\windows\system32\dfsr.exe
2010-04-06 05:30:58 131072 ----a-w- c:\windows\system32\msdtc.exe
2010-04-06 05:30:57 93184 ----a-w- c:\windows\system32\conime.exe
2010-04-06 05:30:36 139264 ----a-w- c:\windows\system32\TODDSrv.exe
2010-04-06 05:30:17 33792 ----a-w- c:\windows\system32\agrsmsvc.exe
2010-04-06 05:30:05 98304 ----a-w- c:\windows\system32\wlanext.exe
2010-04-06 05:30:04 190976 ----a-w- c:\windows\system32\taskeng.exe
2010-04-06 05:30:04 112640 ----a-w- c:\windows\system32\audiodg.exe
2010-04-06 05:27:25 2948096 ----a-w- c:\windows\explorer.exe
2010-04-04 03:22:53 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2010-03-13 02:16:31 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2010-03-09 16:54:49 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:50:34 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-03-09 16:50:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:48:34 72704 ----a-w- c:\windows\system32\admparse.dll
2010-03-09 12:43:52 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 06:33:57 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2010-01-25 12:58:44 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58:44 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58:44 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58:29 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56:33 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-23 08:05:07 2048 ----a-w- c:\windows\system32\tzres.dll

============= FINISH: 6:12:30.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:00 PM

Posted 12 April 2010 - 10:10 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 OnceBittenY

OnceBittenY
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 12 April 2010 - 03:22 PM

Thanks Myrti!
Here are the OTL logs. The problem persists and I have held off trying other methods of fixing it prior to getting support in this forum. I've pasted the two logs below - please let me know if there is additional information you need.

Thanks!
Paul

OTL logfile created on: 12/04/2010 1:03:28 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\pk\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.70 Gb Total Space | 67.70 Gb Free Space | 38.98% Space Free | Partition Type: NTFS
Drive D: | 5.83 Gb Total Space | 5.77 Gb Free Space | 99.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 914.43 Gb Total Space | 522.75 Gb Free Space | 57.17% Space Free | Partition Type: NTFS

Computer Name: MOBILEKK
Current User Name: pk
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/12 13:02:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\pk\Desktop\OTL.exe
PRC - [2010/04/05 22:31:22 | 000,421,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2010/04/05 22:30:37 | 000,073,728 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2010/04/05 22:30:36 | 000,139,264 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2010/04/05 22:30:30 | 000,139,264 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2010/04/05 22:30:28 | 000,352,256 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2010/04/05 22:30:21 | 000,667,648 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2010/04/05 22:30:18 | 000,065,536 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2010/04/05 22:30:17 | 000,033,792 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2010/04/05 22:30:04 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/04/05 22:27:25 | 002,948,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.1.0.32\ccsvchst.exe
PRC - [2008/10/13 12:16:44 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/04/09 00:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2007/03/29 10:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/04/12 13:02:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\pk\Desktop\OTL.exe
MOD - [2010/03/26 16:52:36 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.1.0.32\asoehook.dll
MOD - [2010/02/16 21:27:01 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/02/16 21:27:01 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2007/05/15 12:48:30 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/05 22:30:37 | 000,073,728 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2010/04/05 22:30:36 | 000,139,264 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2010/04/05 22:30:30 | 000,139,264 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2010/04/05 22:30:28 | 000,352,256 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/04/05 22:30:21 | 000,667,648 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/04/05 22:30:18 | 000,065,536 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2010/04/05 22:30:17 | 000,033,792 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe -- (N360)
SRV - [2008/10/13 12:16:44 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/04/09 00:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/03/29 10:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/16 20:02:28 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/04/09 05:45:37 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100411.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/04/09 05:45:37 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100411.019\NAVENG.SYS -- (NAVENG)
DRV - [2010/04/05 22:24:03 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/05 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/04/05 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/24 13:38:08 | 000,536,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/02/26 19:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0401000.020\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/26 19:23:21 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0401000.020\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/26 19:23:21 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0401000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 16:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0401000.020\ccHPx86.sys -- (ccHP)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/25 23:41:48 | 000,172,592 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0401000.020\SYMEFA.SYS -- (SymEFA)
DRV - [2009/11/21 17:43:47 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0401000.020\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2009/11/16 17:51:14 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100402.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/10/14 20:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0401000.020\SYMDS.SYS -- (SymDS)
DRV - [2008/10/21 22:23:26 | 000,971,232 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm147.sys -- (tdrpman147) Acronis Try&Decide and Restore Points filter (build 147)
DRV - [2008/10/21 22:23:17 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/10/21 22:23:17 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/10/21 22:23:11 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/10/20 20:43:59 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/09 00:14:02 | 000,024,888 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/09 00:14:00 | 000,026,424 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2007/05/25 18:18:46 | 001,779,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/27 20:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/04/23 06:13:52 | 001,674,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/04/16 10:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/04/09 01:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2007/03/26 12:25:28 | 000,005,504 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/05 06:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/28 22:27:06 | 000,041,344 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/02/24 15:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/22 19:56:24 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/02/11 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 07:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/26 23:14:22 | 000,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/05 22:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-4001440316-2418032680-598807567-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4001440316-2418032680-598807567-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4001440316-2418032680-598807567-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theglobeandmail.com/
IE - HKU\S-1-5-21-4001440316-2418032680-598807567-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4001440316-2418032680-598807567-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4001440316-2418032680-598807567-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4001440316-2418032680-598807567-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4001440316-2418032680-598807567-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B9006304-3072-4692-9257-E3FDBA54926D}:1.9.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{B9006304-3072-4692-9257-E3FDBA54926D}: C:\Users\pk\AppData\Local\{B9006304-3072-4692-9257-E3FDBA54926D} [2010/04/09 06:37:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/04/05 22:25:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/04/05 22:25:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 07:03:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 07:02:56 | 000,000,000 | ---D | M]

[2010/04/06 07:04:05 | 000,000,000 | ---D | M] -- C:\Users\pk\AppData\Roaming\Mozilla\Extensions
[2010/04/11 07:11:01 | 000,000,000 | ---D | M] -- C:\Users\pk\AppData\Roaming\Mozilla\Firefox\Profiles\fx0qleij.default\extensions
[2010/04/06 20:08:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pk\AppData\Roaming\Mozilla\Firefox\Profiles\fx0qleij.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/11 07:11:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.1.0.32\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-4001440316-2418032680-598807567-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4001440316-2418032680-598807567-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-4001440316-2418032680-598807567-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://vanmappub.vancouver.ca/download/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.92 208.67.222.222 75.154.133.68
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\gnwwy.exe) - C:\gnwwy.exe File not found
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\gnwwy.exe) - C:\gnwwy.exe File not found
O20 - HKU\.DEFAULT Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (\gnwwy.exe) - File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\gnwwy.exe) - C:\gnwwy.exe File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (\gnwwy.exe) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\pk\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\pk\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{39c11aea-f4a2-11dc-ba86-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{39c11aea-f4a2-11dc-ba86-806e6f6e6963}\Shell\AutoRun\command - "" = E:\QuickTax2009.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4001440316-2418032680-598807567-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: BtwSvc - File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 04:18:47 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "services" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C74E587E-DB27-B453-F17F-66EA526DEA0E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/12 13:02:06 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\pk\Desktop\OTL.exe
[2010/04/09 06:17:20 | 000,000,000 | ---D | C] -- C:\Users\pk\Desktop\gmer
[2010/04/09 05:41:19 | 000,000,000 | ---D | C] -- C:\Users\pk\AppData\Roaming\Tific
[2010/04/09 05:40:58 | 000,000,000 | ---D | C] -- C:\Users\pk\AppData\Local\Symantec
[2010/04/07 06:35:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/07 03:00:44 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/07 03:00:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/06 21:23:41 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/04/06 21:23:25 | 000,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Users\pk\Desktop\killbox.exe
[2010/04/06 20:02:49 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\symtdiv.sys
[2010/04/06 20:02:49 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\symefa.sys
[2010/04/06 20:02:48 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\cchpx86.sys
[2010/04/06 20:02:48 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\symds.sys
[2010/04/06 20:02:48 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\srtsp.sys
[2010/04/06 20:02:48 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\ironx86.sys
[2010/04/06 20:02:48 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\srtspx.sys
[2010/04/06 19:42:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0401000.020
[2010/04/06 19:38:31 | 019,261,008 | ---- | C] (Macrovision Corporation) -- C:\Users\pk\Desktop\f5d8055v2_ww_02.00.11_w2.exe
[2010/04/06 07:03:51 | 000,000,000 | ---D | C] -- C:\Users\pk\AppData\Roaming\Mozilla
[2010/04/06 06:34:07 | 000,000,000 | ---D | C] -- C:\Users\pk\Documents\Symantec
[2010/04/05 22:24:15 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/04/05 22:24:12 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/04/05 22:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/04/05 22:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/04/05 22:23:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2010/04/05 22:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/04/05 22:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/04/05 22:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/04/05 15:20:25 | 000,000,000 | ---D | C] -- C:\Users\pk\Documents\Downloads
[2010/04/05 12:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/04/05 12:46:04 | 000,407,928 | ---- | C] (Symantec Corporation) -- C:\Users\pk\Desktop\N360Downloader.exe
[2010/04/02 22:02:54 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\2615122.exe
[2010/04/02 21:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/02 21:25:48 | 000,000,000 | ---D | C] -- C:\Users\pk\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/02 21:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/02 21:01:59 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\1464609.exe
[2010/04/02 20:58:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/02 17:30:56 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\1778483.exe
[2010/04/02 06:45:24 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\8553538.exe
[2010/04/01 22:18:53 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\1029887.exe
[2010/04/01 22:17:30 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\1298594.exe
[2010/04/01 22:17:08 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\7003703.exe
[2010/04/01 22:01:55 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\6762766.exe
[2010/04/01 21:42:08 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\958732.exe
[2010/04/01 21:12:25 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/04/01 20:49:22 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\6940531.exe
[2010/04/01 20:34:56 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\7602305.exe
[2010/04/01 00:23:43 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\4804453.exe
[2010/04/01 00:16:51 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\4401774.exe
[2010/03/31 23:56:54 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\7652354.exe
[2010/03/31 23:51:36 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\3671336.exe
[2010/03/31 23:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/03/31 23:35:10 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\1717142.exe
[2010/03/31 23:32:40 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\9165263.exe
[2010/03/31 23:31:23 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\7811503.exe
[2010/03/31 23:30:13 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\1285166.exe
[2010/03/31 23:01:06 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\7286906.exe
[2010/03/31 22:36:37 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\7911753.exe
[2010/03/31 22:31:27 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\383491.exe
[2010/03/31 22:13:54 | 000,000,000 | ---D | C] -- C:\Users\pk\AppData\Roaming\Malwarebytes
[2010/03/31 22:10:47 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\4574961.exe
[2010/03/31 22:03:29 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\4105143.exe
[2010/03/31 21:34:11 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\3122687.exe
[2010/03/31 21:13:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/31 21:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/31 21:13:23 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/31 21:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/31 21:09:33 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\1011576.exe
[2010/03/31 21:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/31 20:41:05 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\8064951.exe
[2010/03/31 20:02:23 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\6487956.exe
[2010/03/31 19:55:02 | 000,000,000 | ---D | C] -- C:\Users\pk\AppData\Local\{B9006304-3072-4692-9257-E3FDBA54926D}
[2010/03/31 19:51:34 | 000,000,000 | -HSD | C] -- C:\Users\pk\.COMMgr
[2010/03/31 06:06:38 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/03/31 06:06:36 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/31 06:06:36 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/03/31 06:06:35 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/31 06:06:35 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/31 06:06:35 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/03/31 06:06:34 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/03/31 06:06:34 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/03/31 06:06:34 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/31 06:06:34 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/03/31 06:06:33 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/31 06:06:33 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/31 06:06:32 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/31 06:06:32 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/31 06:06:32 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/03/31 06:06:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/03/31 06:06:32 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/31 06:06:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/03/31 06:06:32 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/03/31 06:06:32 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/19 22:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/19 22:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/19 22:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/14 20:16:23 | 000,000,000 | ---D | C] -- C:\Users\pk\AppData\Roaming\skypePM
[2010/03/14 20:10:29 | 000,000,000 | ---D | C] -- C:\Users\pk\AppData\Roaming\Skype
[2010/03/14 20:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/14 20:09:54 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/03/14 20:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/12 13:06:30 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\uzgmzs.sys
[2010/04/12 13:03:43 | 002,883,584 | -HS- | M] () -- C:\Users\pk\ntuser.dat
[2010/04/12 13:02:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\pk\Desktop\OTL.exe
[2010/04/12 13:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/04/12 12:58:23 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/12 12:58:22 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/12 12:58:22 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/12 12:58:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/12 12:58:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/12 12:57:50 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/12 07:16:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/12 07:16:15 | 002,782,681 | -H-- | M] () -- C:\Users\pk\AppData\Local\IconCache.db
[2010/04/12 07:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/04/12 06:56:58 | 001,819,474 | ---- | M] () -- C:\Windows\System32\drivers\N360\0401000.020\Cat.DB
[2010/04/11 23:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/04/11 22:25:24 | 000,000,174 | ---- | M] () -- C:\Windows\ViewNX.INI
[2010/04/11 22:24:52 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/04/11 22:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/11 22:12:22 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/04/11 22:03:36 | 000,626,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/11 22:03:36 | 000,109,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/11 22:03:32 | 000,720,952 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/11 22:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/04/11 12:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/04/10 12:45:20 | 315,922,758 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/09 08:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/04/09 07:10:13 | 000,001,915 | ---- | M] () -- C:\Users\pk\Desktop\Attach.zip
[2010/04/09 06:15:41 | 000,284,915 | ---- | M] () -- C:\Users\pk\Desktop\gmer.zip
[2010/04/09 06:10:54 | 000,525,824 | ---- | M] () -- C:\Users\pk\Desktop\dds.scr
[2010/04/09 06:08:49 | 000,000,000 | ---- | M] () -- C:\Users\pk\defogger_reenable
[2010/04/09 06:07:41 | 000,050,477 | ---- | M] () -- C:\Users\pk\Desktop\Defogger.exe
[2010/04/09 06:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/04/09 05:49:59 | 000,524,288 | -HS- | M] () -- C:\Users\pk\ntuser.dat{cf7d3b99-43d4-11df-a1b9-001de07b4845}.TMContainer00000000000000000002.regtrans-ms
[2010/04/09 05:49:59 | 000,524,288 | -HS- | M] () -- C:\Users\pk\ntuser.dat{cf7d3b99-43d4-11df-a1b9-001de07b4845}.TMContainer00000000000000000001.regtrans-ms
[2010/04/09 05:49:59 | 000,065,536 | -HS- | M] () -- C:\Users\pk\ntuser.dat{cf7d3b99-43d4-11df-a1b9-001de07b4845}.TM.blf
[2010/04/07 21:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/04/07 04:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/04/07 03:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/04/07 02:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/04/07 01:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/04/07 00:29:56 | 000,339,968 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2010/04/07 00:21:06 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2010/04/07 00:13:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ACW.exe
[2010/04/07 00:13:44 | 000,061,440 | ---- | M] (vuhd whudqbknf) -- C:\Windows\System32\4585.exe
[2010/04/07 00:13:44 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlrmdr.exe
[2010/04/07 00:13:42 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2010/04/07 00:13:40 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winver.exe
[2010/04/07 00:13:39 | 000,266,240 | RHS- | M] () -- C:\Windows\System32\winupd01.exe
[2010/04/07 00:13:37 | 003,239,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2010/04/07 00:13:26 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010/04/07 00:13:24 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AdapterTroubleshooter.exe
[2010/04/07 00:13:22 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/04/07 00:13:21 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010/04/07 00:13:20 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2010/04/07 00:13:19 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2010/04/07 00:13:18 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\where.exe
[2010/04/07 00:13:17 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/04/07 00:13:14 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2010/04/07 00:13:12 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010/04/07 00:13:11 | 000,881,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2010/04/07 00:13:07 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010/04/07 00:13:06 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2010/04/07 00:13:06 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/04/07 00:13:05 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\whoami.exe
[2010/04/07 00:13:04 | 000,055,808 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
[2010/04/07 00:13:03 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2010/04/07 00:13:02 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
[2010/04/07 00:13:01 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcer.exe
[2010/04/07 00:13:00 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2010/04/07 00:13:00 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TapiUnattend.exe
[2010/04/07 00:12:59 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2010/04/07 00:12:58 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2010/04/07 00:12:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2010/04/07 00:12:57 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systray.exe
[2010/04/07 00:12:56 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesRemote.exe
[2010/04/07 00:12:55 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\typeperf.exe
[2010/04/07 00:12:54 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesProtection.exe
[2010/04/07 00:12:53 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesPerformance.exe
[2010/04/07 00:12:52 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2010/04/07 00:12:51 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tssetup.exe
[2010/04/07 00:12:50 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesHardware.exe
[2010/04/07 00:12:48 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe
[2010/04/07 00:12:47 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2010/04/07 00:12:46 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesComputerName.exe
[2010/04/07 00:12:44 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2010/04/07 00:12:42 | 000,359,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2010/04/07 00:12:36 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
[2010/04/07 00:12:34 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2010/04/07 00:12:33 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\subst.exe
[2010/04/07 00:12:31 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timeout.exe
[2010/04/07 00:12:30 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2010/04/07 00:12:27 | 008,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2010/04/07 00:12:00 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcmsetup.exe
[2010/04/07 00:11:59 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
[2010/04/07 00:11:58 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2010/04/07 00:11:57 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sort.exe
[2010/04/07 00:11:56 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2010/04/07 00:11:55 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2010/04/07 00:11:54 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powercfg.exe
[2010/04/07 00:11:53 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2010/04/07 00:11:52 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2010/04/07 00:11:52 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2010/04/07 00:11:50 | 000,105,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2010/04/07 00:11:47 | 000,663,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2010/04/07 00:11:44 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2010/04/07 00:11:42 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2010/04/07 00:11:41 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2010/04/07 00:11:39 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2010/04/07 00:11:38 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2010/04/07 00:11:36 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
[2010/04/07 00:11:35 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2010/04/07 00:11:34 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sigverif.exe
[2010/04/07 00:11:33 | 000,728,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2010/04/07 00:11:30 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
[2010/04/07 00:11:29 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2010/04/07 00:11:28 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
[2010/04/07 00:11:26 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2010/04/07 00:11:26 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2010/04/07 00:11:24 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setx.exe
[2010/04/07 00:11:24 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2010/04/07 00:11:23 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2010/04/07 00:11:22 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2010/04/07 00:11:21 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaui.exe
[2010/04/07 00:11:20 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaelv.exe
[2010/04/07 00:11:18 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2010/04/07 00:11:18 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PATHPING.EXE
[2010/04/07 00:11:17 | 000,651,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2010/04/07 00:11:14 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2010/04/07 00:11:13 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2010/04/07 00:11:12 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RunLegacyCPLElevated.exe
[2010/04/07 00:11:11 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runas.exe
[2010/04/07 00:11:10 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secinit.exe
[2010/04/07 00:11:09 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
[2010/04/07 00:11:05 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2010/04/07 00:11:04 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\openfiles.exe
[2010/04/07 00:11:03 | 000,107,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2010/04/07 00:10:59 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\replace.exe
[2010/04/07 00:10:56 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2010/04/07 00:10:55 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2010/04/07 00:10:54 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdbinst.exe
[2010/04/07 00:10:53 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2010/04/07 00:10:51 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\scrnsave.scr
[2010/04/07 00:10:50 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2010/04/07 00:10:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2010/04/07 00:10:43 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sc.exe
[2010/04/07 00:10:42 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regedt32.exe
[2010/04/07 00:10:41 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2010/04/07 00:10:40 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recover.exe
[2010/04/07 00:10:39 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2010/04/07 00:10:39 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
[2010/04/07 00:10:36 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2010/04/07 00:10:36 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasautou.exe
[2010/04/07 00:10:34 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.exe
[2010/04/07 00:10:31 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2010/04/07 00:10:30 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2010/04/07 00:10:25 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2010/04/07 00:10:24 | 000,544,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2010/04/07 00:10:22 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2010/04/07 00:10:21 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/04/07 00:10:20 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
[2010/04/07 00:10:20 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/04/07 00:10:19 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2010/04/07 00:10:17 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printui.exe
[2010/04/07 00:10:16 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2010/04/07 00:10:15 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2010/04/07 00:10:13 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2010/04/07 00:10:12 | 000,678,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/04/07 00:10:10 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\print.exe
[2010/04/07 00:10:09 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2010/04/07 00:10:08 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2010/04/07 00:10:07 | 000,291,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2010/04/07 00:10:07 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2010/04/07 00:10:05 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2010/04/07 00:10:03 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2010/04/07 00:10:03 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2010/04/07 00:10:02 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2010/04/07 00:10:00 | 000,119,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/04/07 00:09:59 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2010/04/07 00:09:58 | 001,815,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2010/04/07 00:09:52 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/04/07 00:09:51 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpnotify.exe
[2010/04/07 00:09:50 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2010/04/07 00:09:49 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2010/04/07 00:09:48 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdRes.exe
[2010/04/07 00:09:45 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2010/04/07 00:09:43 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MAPISRVR.EXE
[2010/04/07 00:09:42 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2010/04/07 00:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2010/04/07 00:09:39 | 000,104,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2010/04/07 00:09:38 | 000,163,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/07 00:09:36 | 000,159,744 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/07 00:09:35 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\grpconv.exe
[2010/04/07 00:09:34 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2010/04/07 00:09:33 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\label.exe
[2010/04/07 00:09:32 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2010/04/07 00:09:31 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2010/04/07 00:09:27 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2010/04/07 00:09:25 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2010/04/07 00:09:24 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\forfiles.exe
[2010/04/07 00:09:23 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontview.exe
[2010/04/07 00:09:20 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fltMC.exe
[2010/04/07 00:09:19 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fixmapi.exe
[2010/04/07 00:09:19 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2010/04/07 00:09:18 | 002,608,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2010/04/07 00:09:10 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/04/07 00:09:09 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2010/04/07 00:09:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\find.exe
[2010/04/07 00:09:07 | 000,040,960 | ---- | M] () -- C:\Windows\System32\FileOps.exe
[2010/04/07 00:09:06 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2010/04/07 00:09:05 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2010/04/07 00:09:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/04/07 00:09:01 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2010/04/07 00:08:58 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2010/04/07 00:08:57 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2010/04/07 00:08:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dplaysvr.exe
[2010/04/07 00:08:55 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2010/04/07 00:08:53 | 002,170,880 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2010/04/07 00:08:46 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2010/04/07 00:08:45 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceProperties.exe
[2010/04/07 00:08:44 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\efsui.exe
[2010/04/07 00:08:42 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/04/07 00:08:40 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2010/04/07 00:08:39 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dvdupgrd.exe
[2010/04/07 00:08:37 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dvdplay.exe
[2010/04/07 00:08:37 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/04/07 00:08:22 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010/04/07 00:07:43 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2010/04/07 00:07:40 | 000,119,808 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2010/04/07 00:07:36 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2010/04/07 00:07:33 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2010/04/07 00:07:32 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dcomcnfg.exe
[2010/04/07 00:02:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/04/06 23:54:32 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ctfmon .exe
[2010/04/06 23:54:31 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2010/04/06 23:54:30 | 000,090,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2010/04/06 23:54:29 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2010/04/06 23:54:27 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2010/04/06 23:54:26 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/04/06 23:54:25 | 000,431,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2010/04/06 23:54:23 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credwiz.exe
[2010/04/06 23:54:22 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\doskey.exe
[2010/04/06 23:54:20 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2010/04/06 23:54:20 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2010/04/06 23:54:18 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/04/06 23:54:17 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhst3g.exe
[2010/04/06 23:54:16 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2010/04/06 23:54:15 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskperf.exe
[2010/04/06 23:54:14 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2010/04/06 23:54:13 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2010/04/06 23:54:11 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dialer.exe
[2010/04/06 23:54:10 | 000,904,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2010/04/06 23:54:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2010/04/06 23:54:05 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2010/04/06 23:54:04 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2010/04/06 23:54:03 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2010/04/06 23:54:02 | 000,105,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2010/04/06 23:54:01 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\compact.exe
[2010/04/06 23:54:00 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comp.exe
[2010/04/06 23:53:59 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2010/04/06 23:53:55 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cofire.exe
[2010/04/06 23:53:54 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2010/04/06 23:53:53 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2010/04/06 23:53:50 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2010/04/06 23:53:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdkey.exe
[2010/04/06 23:53:48 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2010/04/06 23:53:47 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clip.exe
[2010/04/06 23:53:46 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cliconfg.exe
[2010/04/06 23:53:45 | 001,395,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Aurora.scr
[2010/04/06 23:53:39 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2010/04/06 23:53:38 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2010/04/06 23:53:37 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\choice.exe
[2010/04/06 23:53:34 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
[2010/04/06 23:53:33 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkntfs.exe
[2010/04/06 23:53:30 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2010/04/06 23:53:28 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/04/06 23:53:27 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2010/04/06 23:53:24 | 000,238,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2010/04/06 23:53:22 | 000,126,976 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\Tossps.scr
[2010/04/06 23:53:20 | 000,102,400 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\tosmreg.exe
[2010/04/06 23:53:19 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010/04/06 23:53:17 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2010/04/06 23:53:16 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/04/06 23:53:13 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RmClient.exe
[2010/04/06 23:53:12 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/04/06 23:53:09 | 000,460,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/04/06 23:53:06 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/04/06 23:53:03 | 000,540,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/04/06 23:52:44 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2010/04/06 23:52:43 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventcreate.exe
[2010/04/06 23:52:41 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2010/04/06 23:52:39 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2010/04/06 23:37:15 | 001,851,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SkyTel.exe
[2010/04/06 23:35:03 | 004,501,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2010/04/06 23:10:28 | 000,009,685 | ---- | M] () -- C:\Users\pk\Desktop\index.htm
[2010/04/06 23:08:00 | 000,189,440 | RHS- | M] () -- C:\Users\pk\AppData\Roaming\gnwwy.exe
[2010/04/06 21:33:31 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\help.exe
[2010/04/06 21:24:25 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2010/04/06 21:23:26 | 000,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Users\pk\Desktop\killbox.exe
[2010/04/06 21:10:28 | 000,036,864 | ---- | M] (pujdacevoukasstv) -- C:\Windows\System32\3495.exe
[2010/04/06 20:15:57 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/04/06 20:12:31 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesAdvanced.exe
[2010/04/06 20:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/04/06 19:38:33 | 019,261,008 | ---- | M] (Macrovision Corporation) -- C:\Users\pk\Desktop\f5d8055v2_ww_02.00.11_w2.exe
[2010/04/06 07:03:01 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/06 06:45:19 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2010/04/06 06:25:47 | 001,216,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2010/04/06 06:25:24 | 000,109,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\colorcpl.exe
[2010/04/05 23:33:54 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2010/04/05 23:33:54 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2010/04/05 23:31:58 | 000,183,808 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2010/04/05 23:31:56 | 000,248,832 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2010/04/05 23:28:53 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2010/04/05 23:23:02 | 000,487,424 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\cselect.exe
[2010/04/05 23:22:39 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2010/04/05 23:22:36 | 001,161,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2010/04/05 23:21:34 | 000,217,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2010/04/05 23:21:13 | 000,304,128 | ---- | M] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010/04/05 23:21:10 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\write.exe
[2010/04/05 23:20:56 | 000,246,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2010/04/05 23:20:52 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2010/04/05 23:20:50 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicpl.exe
[2010/04/05 23:20:48 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcad32.exe
[2010/04/05 23:20:41 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010/04/05 23:20:37 | 000,432,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2010/04/05 23:20:33 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cleanmgr.exe
[2010/04/05 23:20:31 | 000,669,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2010/04/05 23:20:19 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe
[2010/04/05 23:20:17 | 001,217,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010/04/05 23:20:10 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2010/04/05 23:20:02 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NetProj.exe
[2010/04/05 23:20:01 | 000,963,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2010/04/05 23:19:58 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2010/04/05 23:19:54 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2010/04/05 23:19:51 | 000,991,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2010/04/05 23:19:44 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2010/04/05 23:19:34 | 000,344,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2010/04/05 23:17:05 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2010/04/05 23:06:17 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verclsid.exe
[2010/04/05 23:03:52 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netsh.exe
[2010/04/05 23:02:18 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallSettings.exe
[2010/04/05 23:02:03 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\plasrv.exe
[2010/04/05 22:56:39 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2010/04/05 22:34:42 | 005,739,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logon.scr
[2010/04/05 22:33:41 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
[2010/04/05 22:33:40 | 000,300,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2010/04/05 22:33:30 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2010/04/05 22:33:05 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/04/05 22:32:57 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\control.exe
[2010/04/05 22:32:57 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2010/04/05 22:31:21 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
[2010/04/05 22:31:13 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/04/05 22:30:57 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2010/04/05 22:30:36 | 000,139,264 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
[2010/04/05 22:30:32 | 000,159,744 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/05 22:30:17 | 000,033,792 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2010/04/05 22:30:04 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2010/04/05 22:27:25 | 002,948,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/04/05 22:24:03 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/04/05 22:24:03 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/04/05 22:24:03 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/04/05 22:20:08 | 000,000,883 | ---- | M] () -- C:\Users\pk\Desktop\Norton Installation Files.lnk
[2010/04/05 22:14:00 | 004,740,694 | ---- | M] () -- C:\Windows\System32\drivers\etc\crap_hosts.crap
[2010/04/05 19:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/04/05 18:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/04/05 17:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/04/05 16:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/04/05 15:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/04/05 10:59:13 | 000,407,928 | ---- | M] (Symantec Corporation) -- C:\Users\pk\Desktop\N360Downloader.exe
[2010/04/05 09:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/04/04 22:44:29 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/04/04 22:44:28 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/04/04 22:44:28 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/04/04 22:44:28 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/04/02 22:02:54 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\2615122.exe
[2010/04/02 21:32:56 | 000,031,061 | ---- | M] () -- C:\Windows\System32\t1p0_127059271900.b1k
[2010/04/02 21:28:50 | 000,238,920 | ---- | M] () -- C:\Windows\System32\3564524.exe
[2010/04/02 21:25:55 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/02 21:15:52 | 007,899,168 | ---- | M] () -- C:\Users\pk\Desktop\SUPERAntiSpyware.exe
[2010/04/02 21:01:59 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\1464609.exe
[2010/04/02 17:30:56 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\1778483.exe
[2010/04/02 06:45:24 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\8553538.exe
[2010/04/01 22:18:53 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\1029887.exe
[2010/04/01 22:17:30 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\1298594.exe
[2010/04/01 22:17:08 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\7003703.exe
[2010/04/01 22:01:55 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\6762766.exe
[2010/04/01 21:42:08 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\958732.exe
[2010/04/01 20:49:22 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\6940531.exe
[2010/04/01 20:34:56 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\7602305.exe
[2010/04/01 00:23:43 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\4804453.exe
[2010/04/01 00:16:51 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\4401774.exe
[2010/03/31 23:56:54 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\7652354.exe
[2010/03/31 23:51:36 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\3671336.exe
[2010/03/31 23:35:10 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\1717142.exe
[2010/03/31 23:32:40 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\9165263.exe
[2010/03/31 23:31:23 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\7811503.exe
[2010/03/31 23:30:13 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\1285166.exe
[2010/03/31 23:04:17 | 000,011,216 | -HS- | M] () -- C:\ProgramData\PqC8sw32avv
[2010/03/31 23:01:06 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\7286906.exe
[2010/03/31 22:36:37 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\7911753.exe
[2010/03/31 22:32:55 | 000,000,004 | ---- | M] () -- C:\Program Files\181444.dat
[2010/03/31 22:31:27 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\383491.exe
[2010/03/31 22:10:47 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\4574961.exe
[2010/03/31 22:03:29 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\4105143.exe
[2010/03/31 21:34:11 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\3122687.exe
[2010/03/31 21:13:35 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/31 21:09:33 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\1011576.exe
[2010/03/31 21:04:28 | 000,001,885 | ---- | M] () -- C:\Users\pk\Desktop\HijackThis.lnk
[2010/03/31 20:41:05 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\8064951.exe
[2010/03/31 20:02:49 | 000,033,291 | ---- | M] () -- C:\Windows\System32\t1p0_774717612177.b1k
[2010/03/31 20:02:39 | 000,001,178 | ---- | M] () -- C:\ProgramData\_VOIDmfeklnmal.dll
[2010/03/31 20:02:23 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\6487956.exe
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/27 15:11:24 | 000,002,855 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Photo Manager 2009.lnk
[2010/03/27 15:06:55 | 000,002,583 | ---- | M] () -- C:\Users\pk\Desktop\Microsoft Excel.lnk
[2010/03/26 18:39:52 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0401000.020\isolate.ini
[2010/03/21 09:34:16 | 000,050,688 | ---- | M] () -- C:\Users\pk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/19 22:27:14 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/14 20:16:25 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/03/14 20:10:00 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/13 17:07:26 | 000,051,622 | ---- | M] () -- C:\Users\pk\Desktop\Netfile verificaiton MJ.pdf
[2010/03/13 17:02:07 | 000,051,485 | ---- | M] () -- C:\Users\pk\Desktop\Net file verification Dave.pdf
[2010/03/13 16:51:18 | 000,519,083 | ---- | M] () -- C:\Gunnar_cra.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/09 07:10:13 | 000,001,915 | ---- | C] () -- C:\Users\pk\Desktop\Attach.zip
[2010/04/09 07:04:03 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/09 06:15:38 | 000,284,915 | ---- | C] () -- C:\Users\pk\Desktop\gmer.zip
[2010/04/09 06:10:50 | 000,525,824 | ---- | C] () -- C:\Users\pk\Desktop\dds.scr
[2010/04/09 06:08:49 | 000,000,000 | ---- | C] () -- C:\Users\pk\defogger_reenable
[2010/04/09 06:07:40 | 000,050,477 | ---- | C] () -- C:\Users\pk\Desktop\Defogger.exe
[2010/04/09 05:39:41 | 000,524,288 | -HS- | C] () -- C:\Users\pk\ntuser.dat{cf7d3b99-43d4-11df-a1b9-001de07b4845}.TMContainer00000000000000000002.regtrans-ms
[2010/04/09 05:39:41 | 000,524,288 | -HS- | C] () -- C:\Users\pk\ntuser.dat{cf7d3b99-43d4-11df-a1b9-001de07b4845}.TMContainer00000000000000000001.regtrans-ms
[2010/04/09 05:39:41 | 000,065,536 | -HS- | C] () -- C:\Users\pk\ntuser.dat{cf7d3b99-43d4-11df-a1b9-001de07b4845}.TM.blf
[2010/04/08 20:12:55 | 000,050,688 | ---- | C] () -- C:\Users\pk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/07 06:50:32 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/04/07 06:50:31 | 000,001,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/04/06 20:14:52 | 001,819,474 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\Cat.DB
[2010/04/06 20:02:49 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symnetv.cat
[2010/04/06 20:02:49 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symefa.cat
[2010/04/06 20:02:49 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symnet.cat
[2010/04/06 20:02:49 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symefa.inf
[2010/04/06 20:02:49 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symnetv.inf
[2010/04/06 20:02:49 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symnet.inf
[2010/04/06 20:02:48 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtspx.cat
[2010/04/06 20:02:48 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtsp.cat
[2010/04/06 20:02:48 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\iron.cat
[2010/04/06 20:02:48 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symds.cat
[2010/04/06 20:02:48 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\cchpx86.cat
[2010/04/06 20:02:48 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\symds.inf
[2010/04/06 20:02:48 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\cchpx86.inf
[2010/04/06 20:02:48 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtspx.inf
[2010/04/06 20:02:48 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\srtsp.inf
[2010/04/06 20:02:48 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\iron.inf
[2010/04/06 19:42:58 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0401000.020\isolate.ini
[2010/04/06 07:03:01 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/05 22:24:12 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/04/05 22:24:12 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/04/05 22:24:00 | 000,002,151 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/04/05 12:46:09 | 000,000,883 | ---- | C] () -- C:\Users\pk\Desktop\Norton Installation Files.lnk
[2010/04/03 20:30:33 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010/04/03 20:30:32 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010/04/03 20:30:32 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010/04/03 20:30:32 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010/04/03 20:30:32 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010/04/03 20:30:32 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010/04/03 20:30:32 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010/04/03 20:30:32 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010/04/03 20:30:32 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010/04/03 20:30:32 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010/04/03 20:30:32 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010/04/03 20:30:31 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010/04/03 20:30:30 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010/04/03 20:30:30 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010/04/03 20:30:30 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/04/03 20:30:29 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/04/03 20:30:27 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/04/03 20:30:25 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/04/03 20:30:23 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/04/03 20:30:21 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/04/03 20:30:20 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/04/03 20:30:19 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/04/03 20:30:18 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/04/03 20:30:16 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/04/02 21:29:27 | 000,031,061 | ---- | C] () -- C:\Windows\System32\t1p0_127059271900.b1k
[2010/04/02 21:28:50 | 000,238,920 | ---- | C] () -- C:\Windows\System32\3564524.exe
[2010/04/02 21:25:55 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/02 21:24:21 | 007,899,168 | ---- | C] () -- C:\Users\pk\Desktop\SUPERAntiSpyware.exe
[2010/03/31 22:35:45 | 000,266,240 | RHS- | C] () -- C:\Windows\System32\winupd01.exe
[2010/03/31 22:32:55 | 000,000,004 | ---- | C] () -- C:\Program Files\181444.dat
[2010/03/31 21:13:35 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/31 21:04:28 | 000,001,885 | ---- | C] () -- C:\Users\pk\Desktop\HijackThis.lnk
[2010/03/31 20:02:48 | 000,033,291 | ---- | C] () -- C:\Windows\System32\t1p0_774717612177.b1k
[2010/03/31 20:02:36 | 000,001,178 | ---- | C] () -- C:\ProgramData\_VOIDmfeklnmal.dll
[2010/03/31 19:55:48 | 000,189,440 | RHS- | C] () -- C:\Users\pk\AppData\Roaming\gnwwy.exe
[2010/03/31 19:54:52 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\uzgmzs.sys
[2010/03/31 19:51:31 | 000,011,216 | -HS- | C] () -- C:\ProgramData\PqC8sw32avv
[2010/03/19 22:27:14 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/14 20:16:25 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/03/14 20:10:00 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/13 17:08:00 | 000,051,622 | ---- | C] () -- C:\Users\pk\Desktop\Netfile verificaiton MJ.pdf
[2010/03/13 17:03:08 | 000,051,485 | ---- | C] () -- C:\Users\pk\Desktop\Net file verification Dave.pdf
[2010/03/13 16:51:17 | 000,519,083 | ---- | C] () -- C:\Gunnar_cra.pdf
[2010/01/30 22:17:05 | 000,000,143 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/10/02 10:01:15 | 000,060,744 | ---- | C] () -- C:\Users\pk\g2mdlhlpx.exe
[2009/02/03 18:48:41 | 000,524,288 | -HS- | C] () -- C:\Users\pk\NTUSER.DAT{e0ec0e0a-f25d-11dd-8a52-001de07b4845}.TMContainer00000000000000000002.regtrans-ms
[2009/02/03 18:48:41 | 000,524,288 | -HS- | C] () -- C:\Users\pk\NTUSER.DAT{e0ec0e0a-f25d-11dd-8a52-001de07b4845}.TMContainer00000000000000000001.regtrans-ms
[2009/02/03 18:48:40 | 000,065,536 | -HS- | C] () -- C:\Users\pk\NTUSER.DAT{e0ec0e0a-f25d-11dd-8a52-001de07b4845}.TM.blf
[2009/01/18 20:04:43 | 000,000,680 | ---- | C] () -- C:\Users\pk\AppData\Local\d3d9caps.dat
[2008/12/05 21:35:26 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/09/03 22:50:59 | 000,985,088 | ---- | C] () -- C:\Windows\System32\owl55f.dll
[2008/09/03 22:50:59 | 000,906,784 | ---- | C] () -- C:\Windows\System32\owl52f.dll
[2008/04/26 09:27:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/03/28 11:01:02 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/03/23 22:29:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Keyboard Layouts
[2008/03/23 22:29:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008/03/23 22:29:21 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Licenses
[2008/03/23 16:30:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/19 22:28:45 | 000,000,174 | ---- | C] () -- C:\Windows\ViewNX.INI
[2008/03/19 22:24:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\LaserPrinter
[2008/03/19 22:24:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2008/03/19 22:24:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\MAS
[2008/03/19 22:14:12 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Solid Colors
[2008/03/19 22:11:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
[2008/03/17 22:32:44 | 000,524,288 | -HS- | C] () -- C:\Users\pk\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008/03/17 22:32:44 | 000,524,288 | -HS- | C] () -- C:\Users\pk\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008/03/17 22:32:44 | 000,262,144 | -H-- | C] () -- C:\Users\pk\ntuser.dat.LOG1
[2008/03/17 22:32:44 | 000,065,536 | -HS- | C] () -- C:\Users\pk\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2008/03/17 22:32:44 | 000,000,020 | -HS- | C] () -- C:\Users\pk\ntuser.ini
[2008/03/17 22:32:44 | 000,000,000 | -H-- | C] () -- C:\Users\pk\ntuser.dat.LOG2
[2008/03/17 22:32:43 | 002,883,584 | -HS- | C] () -- C:\Users\pk\ntuser.dat
[2008/03/17 21:24:03 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/03/17 21:24:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/03/17 21:24:03 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/03/17 21:24:03 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/05/20 12:29:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/20 12:23:15 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/20 12:23:15 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/20 12:23:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/20 12:23:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/20 12:23:15 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/20 12:23:15 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/20 09:17:22 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/05/20 09:17:22 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/05/20 09:17:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1263.dll
[2007/05/15 12:43:11 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/03/21 15:40:55 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/03/21 15:39:41 | 000,030,722 | ---- | C] () -- C:\Windows\System32\32prinh.dll
[2007/03/21 15:39:41 | 000,026,626 | ---- | C] () -- C:\Windows\System32\sxtwg32.dll
[2007/02/21 11:26:58 | 000,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[1999/01/22 11:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/09 09:49:34 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2010/03/09 09:49:34 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2006/11/02 02:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007/06/20 19:15:28 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\agp440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/18 22:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/18 22:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/01/18 22:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/01/18 21:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/02/11 23:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007/02/11 23:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\TOSAPINS\Intel-Matrix-Storage-Manager\Winall\Driver64\IaStor.sys
[2007/02/11 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys
[2007/02/11 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\TOSAPINS\Intel-Matrix-Storage-Manager\Winall\Driver\iaStor.sys
[2007/02/11 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007/02/11 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 00:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 00:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 00:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

OTL Extras logfile created on: 12/04/2010 1:03:28 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\pk\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.70 Gb Total Space | 67.70 Gb Free Space | 38.98% Space Free | Partition Type: NTFS
Drive D: | 5.83 Gb Total Space | 5.77 Gb Free Space | 99.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 914.43 Gb Total Space | 522.75 Gb Free Space | 57.17% Space Free | Partition Type: NTFS

Computer Name: MOBILEKK
Current User Name: pk
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe File not found

[HKEY_USERS\S-1-5-21-4001440316-2418032680-598807567-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [File && Folder Unlocker] -- C:\Users\pk\Downloads\ffunlock\ffunlock.exe %1 ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Windows\system32\winupd01.exe" = C:\Windows\system32\winupd01.exe:*:Enabled:DHCP Router -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\system32\winupd01.exe" = C:\Windows\system32\winupd01.exe:*:Enabled:DHCP Router -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B09911-FB09-4648-8582-40D098A564F6}" = rport=138 | protocol=17 | dir=out | app=system |
"{0BA7BD81-2DF7-429D-BE51-FFD9912B8B62}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0EAF526F-8F56-4B27-B03A-924C13E98253}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{241DFEB9-5B26-4CFC-A167-0A962EFCC922}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3640F86C-C505-4798-96BA-C383F7595BFA}" = lport=445 | protocol=6 | dir=in | app=system |
"{48AFE5E5-B695-43EB-ADA6-0A3F0017F6CF}" = rport=137 | protocol=17 | dir=out | app=system |
"{72C7EEF7-9B3D-4062-9A94-B804B2C55078}" = lport=139 | protocol=6 | dir=in | app=system |
"{75A031A7-16AD-4A3E-9F53-B4DD6F00815F}" = rport=139 | protocol=6 | dir=out | app=system |
"{8AD272A1-BB56-4561-97C7-FE8CECEFD66B}" = rport=445 | protocol=6 | dir=out | app=system |
"{8D6B7416-EC9F-4C42-9C50-10F55845E4B0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{ACC6C1F3-7FD6-49E4-A99B-15D16F674EC0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BDE12C67-A050-41F4-A417-CBD7B0A4887D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CD723F16-B099-4081-8B47-75BCF0A19B80}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{DBE3DB38-F9D6-4013-AFB5-A5E9A627D451}" = lport=138 | protocol=17 | dir=in | app=system |
"{F1205709-11DF-4FB7-9B5C-8E0C62A62E6B}" = lport=137 | protocol=17 | dir=in | app=system |
"{F912D2F1-6026-4985-8F41-4F32AC232DBB}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0639BD0B-9C50-4540-A52D-AC7A2A4BBBBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{092727DA-275F-4063-82A0-EC84D9B545D8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{09DFAEDB-4319-4581-834F-8B34FC2DDAFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0EAFBCA4-59CB-4ACD-898D-A7200BD5F4C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0EF004E2-86F2-4693-BE12-8DED66A06F34}" = dir=in | app=c:\program files\skype\phone\skype .exe |
"{17EC1F64-5E73-4DD1-8FC3-6AA3CA764963}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17EC7041-8459-4B1A-8630-69C655B324E5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{192013CC-5628-4A78-B47B-B117E352DF64}" = protocol=6 | dir=in | app=c:\windows\temp\vrt7139.tmp |
"{1AEAE57D-6BED-43F4-A0D3-FDF664815D39}" = protocol=17 | dir=in | app=c:\program files\windows mail\winmail.exe |
"{1D81D59A-9782-4546-AE24-0734A95F51F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F597F86-C6AC-41DC-8A94-B60E547E5460}" = protocol=6 | dir=in | app=c:\windows\temp\vrta350.tmp |
"{31EF4652-8A95-4615-A0AA-894D9FCB6E72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3530A043-1055-440E-9ED9-8397FC1AD99E}" = protocol=17 | dir=in | app=c:\windows\temp\vrta350.tmp |
"{3A98A79B-11B9-4717-9F18-9F1F28D492EA}" = protocol=17 | dir=in | app=c:\windows\temp\vrt7139.tmp |
"{3B8B23F9-4E63-4C58-9035-96D45555BD9A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{439A377E-F171-44BB-B060-AB14B6F7371A}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{43CBC220-388E-4355-B68C-1336029A6D18}" = dir=in | app=c:\program files\skype\phone\skype .exe |
"{4793B057-E2D3-412C-8C7A-AABC362EDA0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49D5B97E-C553-4AA8-8DA9-947162A9C02A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49F431AD-D3C8-4B95-BE13-51D7C6B50DEB}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{4FB483B8-17B7-4411-AAD1-2AFCE666AF97}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{4FFFF91B-EBC9-46CC-BD12-CAD0F2798A34}" = dir=in | app=c:\program files\skype\phone\skype .exe |
"{53798CB4-093E-4B88-BCEB-DC3330A68ADD}" = dir=in | app=c:\program files\skype\phone\skype .exe |
"{5495F7CB-71A3-4934-8439-F32B7AABCC70}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55A5ED7D-F931-4DE2-AB27-ABECD19231ED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{631527D6-55BA-40FF-8EDE-CF502E594D98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{640E66A4-5751-4D7F-A038-85EBA621AFA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6625CBC2-EF54-4041-BE47-FCA8A4114C4A}" = protocol=6 | dir=in | app=c:\windows\temp\vrt7139.tmp |
"{66797A6F-96CC-46DC-B803-582764754BE4}" = protocol=6 | dir=in | app=c:\windows\temp\vrt84e7.tmp |
"{667EC1C2-B646-4AF2-8C97-527F64E8BDCE}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{66A28547-915D-4120-B161-87D987165E45}" = protocol=6 | dir=in | app=c:\windows\temp\vrta350.tmp |
"{701D348C-1291-44DA-BB33-24DDC3F61164}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{717761B0-BC42-4744-AF99-491B9BF2F253}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{762C0A48-8819-4821-B218-C34599AB6626}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7974F8D5-0AC4-4996-99ED-869D129F1453}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{7D6AAF42-7381-4A39-9034-7EA43F6E5887}" = protocol=17 | dir=in | app=c:\windows\temp\vrt84e7.tmp |
"{8A60BE76-191C-4E23-A2BD-299BBAEE7255}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{8DB155A2-1F1C-4034-A415-13A82FE6D96C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9049D823-214F-4B10-99EB-051BB35385DD}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{95D995E8-CFBF-4C76-8256-5F83B424BDA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{979C068C-2302-4B67-9948-60628B4BD130}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{99C395BE-FBA3-49B1-B03B-75C06D61914E}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{A81323A7-4FF0-4923-A7AE-21E85D362C86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFD5E4B9-67B8-4052-9058-C21611051685}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B08EF6F6-1F82-4EAD-9799-CF1C6EE0C168}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B1CB6F4C-CF10-4C82-B0DF-0718FCCB8B38}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe |
"{B5A3FEF7-1E01-4662-AE86-71CD93765EDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7790A15-E8E8-4FCD-94B7-E1E1B64DD132}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA3414A2-0F2C-4237-824E-D93EFC882BC6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BCBEC739-734B-40EF-A7CF-4FEECDF5C74D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE57BDDE-0592-4B7A-9E33-13507F8416D1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C19FF68C-AD3A-4A72-BC2A-AE2F600C9A27}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3AFB56D-B891-47AB-B752-EA7B200D9395}" = dir=in | app=c:\program files\skype\phone\skype .exe |
"{C4A521A4-3899-4F5E-A4F1-30DACA29E404}" = protocol=6 | dir=in | app=c:\program files\windows mail\winmail.exe |
"{C622B72A-FADE-496F-92F4-59D89F1DE08A}" = protocol=17 | dir=in | app=c:\windows\temp\vrta350.tmp |
"{CB70F1B8-4EF5-438D-B3A0-13E4BAE03D1D}" = dir=in | app=c:\program files\skype\phone\skype .exe |
"{D323CBFA-F3AD-4368-87FD-16908345DEA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D373802F-FBE3-4918-B1B7-5ABDC2E4A9F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D55ED874-3E0E-47ED-B725-D90FE9D59465}" = protocol=17 | dir=in | app=c:\windows\temp\vrt7139.tmp |
"{E5784A1C-99B2-4966-A039-6596F885F295}" = dir=in | app=c:\program files\skype\phone\skype .exe |
"{EC9502E6-81CA-45E4-A121-04E4DFBB8CDD}" = dir=in | app=c:\program files\skype\phone\skype .exe |
"{F4A3DE0C-05E6-4F13-988F-F7EC7C5F3BEC}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F4DC81A0-0E26-4F62-8A2D-302F5800969A}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe |
"{FEEC28B8-2B91-4EA3-8214-3B901731BE4D}" = dir=in | app=c:\program files\skype\phone\skype .exe |
"TCP Query User{A8125B01-A8C5-4C08-8D8C-E43C18442594}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AD33A99D-7042-435A-84DE-CF222AB96938}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{D22033F3-7CBE-4EE3-BA99-20A8491494AF}E:\setup\easy_search.exe" = protocol=6 | dir=in | app=e:\setup\easy_search.exe |
"UDP Query User{8713C0F8-6C86-42DD-8FEF-B6F3E3DDC10D}E:\setup\easy_search.exe" = protocol=17 | dir=in | app=e:\setup\easy_search.exe |
"UDP Query User{B664A942-1A2B-4045-AFC1-B79714AF2519}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{F4B50CC1-8DB3-4937-B9D8-EA1E56D23ADE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{49B85E35-3C56-4420-9A0A-D125348A2D7F}" = TOSHIBA Supervisor Password
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B81CF96-0223-40E9-B6E7-1461F450B605}" = TOSHIBA Hardware Setup
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC015C45-1667-40A4-A126-966EE5629062}" = Quicken 2010
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v4
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E9021599-1E2A-4027-A1CC-40E42A08603C}" = RETScreen Version 4
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{FEA36347-ADBE-423F-A1B2-74A3C3BCE15E}" = RETScreen
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"Capture NX" = Capture NX
"CutePDF Writer Installation" = CutePDF Writer 2.7
"EE4E v1.70b2_is1" = EE4E
"FileZilla Client" = FileZilla Client 3.2.8.1
"Fx Frame Capture" = Fx Frame Capture
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{49B85E35-3C56-4420-9A0A-D125348A2D7F}" = TOSHIBA Supervisor Password
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"InstallShield_{8B81CF96-0223-40E9-B6E7-1461F450B605}" = TOSHIBA Hardware Setup
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Jalbum_0" = Jalbum 8.1
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"N360" = Norton 360
"OnlinePlay" = OnlinePlay 1.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"ProInst" = Intel® PROSet/Wireless Software
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Slide Show to Go!_is1" = Slide Show to Go! v8.7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Videora iPod Converter" = Videora iPod Converter 3.07
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4001440316-2418032680-598807567-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"QUICKMEDIACONVERTER" = QMC

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >




#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:00 PM

Posted 12 April 2010 - 05:59 PM

Hi,

did you by any chance use the Kaspersky Removal Tool or AVZ before you got here?

Can you please run a scan with rootrepeal:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 OnceBittenY

OnceBittenY
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 13 April 2010 - 10:02 AM

Hi myrti,
No, I haven't run those tools before. I tried RootRepeal but got an error message on startup (and the reports tab doesn't show any checkboxes). I've attached a screenshot of the error I received - any thoughts?

Thanks,
Paul

Attached Files

  • Attached File  Clip.gif   267.1KB   3 downloads


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:00 PM

Posted 14 April 2010 - 11:32 AM

Hi,

there may be some interference from other programs. Please try RootRepeal again, but before the scan do the following:
Please start RootRepeal, and, before doing anything else, try changing the "Disk Access Level" in the Settings->Options dialog. Try moving it to the "Special" or "High" level. Also, click on the Files tab, and uncheck "Use lowest level for MBR check". Please let me know if this fixes the problem.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 OnceBittenY

OnceBittenY
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 15 April 2010 - 12:36 AM

Thanks myrti,
I tried it again (several times, including running in Windows Safe Mode) with those settings (I tried all of the different disk settings) and it still didn't work. I've sent the logs and .crash file to the RootRepeal author but I haven't heard anything back yet. Are there other tools we could try?

Thanks for your help with this...
Paul



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:00 PM

Posted 15 April 2010 - 01:11 PM

Hi,

please try to run a scan with Sophos then:
lease download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
  • Make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 OnceBittenY

OnceBittenY
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 16 April 2010 - 01:03 AM

Thanks myrti,
Sophos didn't find anything (though Norton still warns me about the hacktool.rootkit) - here's the log. Please let me know if there are other things I can try...

Thanks again,
Paul


Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 15/04/2010 at 19:53:03 PM
User "pk" on computer "MOBILEKK"
Windows version 6.0 SP 0.0 build 6000 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000409
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M84Q4334\%7Cpgsb-n%7Cadpg-homepage%7Cpp1-pubroot%7Cpp0-%7Carena-gnrl%7Carena-gam%7Ccp0-n%7Cops-n%7Cnc-%7Ckw-n%7Cpos-ldbd%7Csz-728x90,960x90%7Ctile-1%7C;ord=6805750817334084[1]
Hidden: file C:\Windows\Temp\subADEB.tmp
Hidden: file C:\Windows\System32\DriverStore\FileRepository\angel.inf_a57d4f99\Angel.sys
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M84Q4334\oc-sec%7Cpgsb-n%7Cadpg-homepage%7Cpp1-pubroot%7Cpp0-%7Carena-gnrl%7Carena-gam%7Ccp0-n%7Cops-n%7Cnc-%7Ckw-n%7Cpos-boxr%7Csz-300x250%7Ctile-3%7C;ord=6805750817334084[1]
Hidden: file C:\Program Files\Camera Assistant Software for Toshiba\RemoveOemLink.exe
Hidden: file C:\Program Files\QuickTax 2009\ic2009ac.dll
Hidden: file C:\Program Files\Nightwatch\Slide Show to Go\sstgss.exe
Hidden: file C:\Program Files\Nightwatch\Slide Show to Go\sstgpp.exe
Hidden: file C:\Program Files\Nightwatch\Slide Show to Go\sstgsa.exe
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7DV5N73\%7Cpgsb-n%7Cadpg-homepage%7Cpp1-pubroot%7Cpp0-%7Carena-gnrl%7Carena-gam%7Ccp0-n%7Cops-n%7Cnc-%7Ckw-n%7Cpos-ldbd%7Csz-728x90,960x90%7Ctile-1%7C;ord=4571173854566545[1]
Hidden: file C:\ProgramData\Norton\00000082\0000010f\000004b3\cltLMS1.dat
Hidden: file C:\ProgramData\Norton\00000082\0000010f\000004b3\cltLMS2.dat
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL9WXA4S\%7Cpgsb-n%7Cadpg-homepage%7Cpp1-pubroot%7Cpp0-%7Carena-gnrl%7Carena-gam%7Ccp0-n%7Cops-n%7Cnc-%7Ckw-n%7Cpos-ldbd%7Csz-728x90,960x90%7Ctile-1%7C;ord=9721793988924312[1]
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL9WXA4S\%7Cpgsb-n%7Cadpg-homepage%7Cpp1-pubroot%7Cpp0-%7Carena-gnrl%7Carena-gam%7Ccp0-n%7Cops-n%7Cnc-%7Ckw-n%7Cpos-ldbd%7Csz-728x90,960x90%7Ctile-1%7C;ord=6619442310227033[1]
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7DV5N73\oc-sec%7Cpgsb-n%7Cadpg-homepage%7Cpp1-pubroot%7Cpp0-%7Carena-gnrl%7Carena-gam%7Ccp0-n%7Cops-n%7Cnc-%7Ckw-n%7Cpos-boxr%7Csz-300x250%7Ctile-3%7C;ord=4571173854566545[1]
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7DV5N73\oc-sec%7Cpgsb-n%7Cadpg-homepage%7Cpp1-pubroot%7Cpp0-%7Carena-gnrl%7Carena-gam%7Ccp0-n%7Cops-n%7Cnc-%7Ckw-n%7Cpos-boxr%7Csz-300x250%7Ctile-3%7C;ord=6619442310227033[1]
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M84Q4334\%7Cpgsb-n%7Cadpg-homepage%7Cpp1-pubroot%7Cpp0-%7Carena-gnrl%7Carena-gam%7Ccp0-n%7Cops-n%7Cnc-%7Ckw-n%7Cpos-ldbd%7Csz-728x90,960x90%7Ctile-1%7C;ord=7912960617085044[1]
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6S6FOAR\or%7Carena-globeinvestor%7Carena-markets%7Carena-streetwise%7Ccp0-ece_frontpage%7Cops-n%7Cnc-%7Ckw-n%7Cpos-ldbd%7Csz-728x90,960x90%7Ctile-1%7C;ord=7952154534669784[1]
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M84Q4334\a-investor%7Carena-globeinvestor%7Carena-markets%7Carena-streetwise%7Ccp0-ece_frontpage%7Cops-n%7Cnc-%7Ckw-n%7Cpos-lug%7Csz-310x56%7Ctile-2%7C;ord=7952154534669784[1]
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6S6FOAR\investor%7Carena-globeinvestor%7Carena-markets%7Carena-streetwise%7Ccp0-ece_frontpage%7Cops-n%7Cnc-%7Ckw-n%7Cpos-boxr%7Csz-300x250%7Ctile-3%7C;ord=7952154534669784[1]
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL9WXA4S\%7Cpgsb-n%7Cadpg-homepage%7Cpp1-pubroot%7Cpp0-%7Carena-gnrl%7Carena-gam%7Ccp0-n%7Cops-n%7Cnc-%7Ckw-n%7Cpos-ldbd%7Csz-728x90,960x90%7Ctile-1%7C;ord=7547210975207099[1]
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7DV5N73\loc=theTop;loc=top;sz=468x60,728x90;dcopt=ist;kw=ron;kw=sports;kw=2010wintergames;nk=print;pr=vs;ck=sports;sck=2010wintergames;page=story;kw=vs;tile=1;ord=63830856[1]
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL9WXA4S\loc=theTop;loc=top;sz=468x60,728x90;dcopt=ist;kw=ron;kw=sports;kw=2010wintergames;nk=print;pr=vs;ck=sports;sck=2010wintergames;page=story;kw=vs;tile=1;ord=80000749[1]
Hidden: file C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\viaide.sys
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntoskrnl.exe
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6000.20624_none_4d093b091589a9b8\SLsvc.exe
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6000.16513_none_0a056d7cf846bbd5_authui.dll_05ff9fd2
Hidden: file C:\Program Files\Common Files\Acronis\MediaBuilderHome\fox.dll
Hidden: file C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_tape.inf_31bf3856ad364e35_6.0.6001.18000_none_e67ad7997d7e1e1f\miniqic.sys
Hidden: file C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-d..files-x86.resources_31bf3856ad364e35_6.0.6001.18000_fr-fr_ade9df4c5a93a8bc\bootmgr.exe.mui
Hidden: file C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\shmig.dll
Hidden: file C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-ie-extensionmanager_31bf3856ad364e35_6.0.6001.18000_none_4e25938577670ef1\iedw.exe
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\wininet.dll
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7DV5N73\oc-sec%7Cpgsb-n%7Cadpg-homepage%7Cpp1-pubroot%7Cpp0-%7Carena-gnrl%7Carena-gam%7Ccp0-n%7Cops-n%7Cnc-%7Ckw-n%7Cpos-boxr%7Csz-300x250%7Ctile-3%7C;ord=8700554011817716[1]
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL9WXA4S\oc-sec%7Cpgsb-n%7Cadpg-homepage%7Cpp1-pubroot%7Cpp0-%7Carena-gnrl%7Carena-gam%7Ccp0-n%7Cops-n%7Cnc-%7Ckw-n%7Cpos-boxr%7Csz-300x250%7Ctile-3%7C;ord=9721793988924312[1]
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7DV5N73\cs_aviation;sz=300x250;klg=en;kt=K;kga=-1;kr=F;kw=airplane+takeoffs+and+landings;kgg=-1;kcr=ca;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=10432205677278[1].205
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7DV5N73\oc-sec%7Cpgsb-n%7Cadpg-homepage%7Cpp1-pubroot%7Cpp0-%7Carena-gnrl%7Carena-gam%7Ccp0-n%7Cops-n%7Cnc-%7Ckw-n%7Cpos-boxr%7Csz-300x250%7Ctile-3%7C;ord=7912960617085044[1]
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M84Q4334\oc-sec%7Cpgsb-n%7Cadpg-homepage%7Cpp1-pubroot%7Cpp0-%7Carena-gnrl%7Carena-gam%7Ccp0-n%7Cops-n%7Cnc-%7Ckw-n%7Cpos-boxr%7Csz-300x250%7Ctile-3%7C;ord=7547210975207099[1]
Hidden: file C:\Windows\System32\drivers\uzgmzs.sys
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M84Q4334\sic_musicalinstruments;sz=300x250;klg=en;kt=K;kga=-1;kr=F;kw=bob+dylan+harmonica;kgg=-1;kcr=ca;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=3296722384645792[1].5
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M84Q4334\alinstruments;sz=300x250;klg=en;kt=K;kga=-1;kr=F;kw=blues+traveler+harmonica+solo;kgg=-1;kcr=ca;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=434734452176532[1].3
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6S6FOAR\struments;sz=300x250;klg=en;kt=K;kga=-1;kr=F;kw=blues+harmonica;kgg=-1;kcr=ca;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;kts=1271380348743;ord=4758458218781043[1]
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL9WXA4S\d=hs_OchfmBc8;kpu=RonnieShellist;kr=A;kt=K;ko=y;kpid=185871;kga=-1;u=hs_OchfmBc8%7C185871;kgg=-1;kcr=ca;afv=1;khd=0;dc_dedup=1;shortform=1;tile=1;ord=926681577[1].asx
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6S6FOAR\RonnieShellist;kr=A;kt=K;ko=y;kpid=185871;kga=-1;u=hs_OchfmBc8%7C185871;kgg=-1;kcr=ca;afv=1;khd=0;dc_dedup=1;shortform=1;dc_seed=217976775;tile=1;ord=452474913[1].asx
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M84Q4334\RonnieShellist;kr=A;kt=K;ko=y;kpid=185871;kga=-1;u=hs_OchfmBc8%7C185871;kgg=-1;kcr=ca;afv=1;khd=0;dc_dedup=1;shortform=1;dc_seed=217976775;tile=1;ord=394326946[1].htm
Hidden: file C:\Users\pk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL9WXA4S\%7Cpgsb-n%7Cadpg-homepage%7Cpp1-pubroot%7Cpp0-%7Carena-gnrl%7Carena-gam%7Ccp0-n%7Cops-n%7Cnc-%7Ckw-n%7Cpos-ldbd%7Csz-728x90,960x90%7Ctile-1%7C;ord=8700554011817716[1]
Hidden: file C:\Users\pk\Desktop\OTL.exe
Info: Starting disk scan of D: (NTFS).
Stopped logging on 15/04/2010 at 22:49:49 PM



#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:00 PM

Posted 18 April 2010 - 04:26 AM

Hi,

please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 OnceBittenY

OnceBittenY
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 18 April 2010 - 09:20 AM

Thanks myrti,
I've attached the combofix log. It was very long so I didn't cut/paste it into the thread. It looks like it found/fixed a bunch of things - let me know if you have any questions.

Thanks again for your help with this.

Regards,
Paul

Attached Files



#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:00 PM

Posted 19 April 2010 - 05:38 AM

Hi,

there are a couple of things left on your PC that need to go:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
renv::
c:\program files\Acronis\TrueImageHome\timountermonitor .exe
c:\program files\Acronis\TrueImageHome\trueimagemonitor .exe
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\Camera Assistant Software for Toshiba\traybar .exe
c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
c:\program files\Common Files\Nikon\Monitor\nkmonitor .exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Java\jre1.6.0_03\bin\jusched .exe
c:\program files\Linksys\Linksys EasyLink Advisor\linksys easylink advisor .exe
c:\program files\ltmoh\ltmoh .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\QuickTime\qttask        .exe
c:\program files\Skype\Phone\skype .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\TOSHIBA\FlashCards\tcrdmain .exe
c:\program files\TOSHIBA\Power Saver\tpwrmain .exe
c:\program files\TOSHIBA\SmoothView\smoothview .exe
c:\program files\TOSHIBA\TBS\hson .exe
c:\program files\TOSHIBA\TOSCDSPD\toscdspd .exe
c:\program files\Windows Defender\msascui .exe

File::
c:\windows\System32\drivers\mrqd.sys

Driver::
pbvwvvt


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Do you have a Windows CD handy?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 OnceBittenY

OnceBittenY
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 19 April 2010 - 09:02 AM

Thanks myrti - I've run that now. I've attached the log. I don't have a Windows CD at my fingertips but I imagine I could find it... Let me know if I need to.

Thanks for all of your help with this.

Regards,
Paul

Attached Files



#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:00 PM

Posted 19 April 2010 - 09:52 AM

Hi,
We need to run one more script:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
renv::
c:\program files\Windows Defender\msascui .exe


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

I would like to run a system file integrity check on your system, since a couple of the system files on your PC seem to be damaged.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 OnceBittenY

OnceBittenY
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 19 April 2010 - 10:26 PM

Thanks myrti,
Attached is the new combofix log. Would you like me to run the Windows file checker (sfc.exe)? Any specific things you're looking for?

Thanks!
Paul

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users