Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox - malware calls home to 94.228.209.71


  • This topic is locked This topic is locked
29 replies to this topic

#1 DelMarGuy

DelMarGuy

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 19 July 2010 - 10:31 AM

I've just recently noticed that clicking on URLs on some websites is very slow for me - Firefox displays "Contacting 94.228.209.71" - Googling this IP address says it's some malware calling home. This only happens on one of my PCs, so I think it's infected with something. IE is also slow, but it does not display why, so I think it has the same problem.

I tried to run GMER last night, it took several hours, and when I got up this morning, my machine had blue-screened with IRQL_NOT_LESS_OR_EQUAL. I'm not sure if the blue-screen problem is related or not, but I was unable to save the GMER log. I'm going to try and get it again, but I am posting the DDS and Attach info now, in case that will help get started on some kind of fix - thanks!



EDIT - Just attached a partial ark.txt, I was afraid it was going to blue screen again - hopefully this will show something? - thanks again!



DDS (Ver_10-03-17.01) - NTFSx86
Run by Jeff at 16:01:58.87 on Sun 07/18/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.1917.1007 [GMT -7:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\TimeSnapper\TimeSnapper.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Toshiba\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jeff\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mWinlogon: Userinit=\\.\globalroot\systemroot\system32\userinit.exe,
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\jeff\appdata\roaming\micros~1\windows\startm~1\programs\startup\mailwa~1.lnk - c:\program files\firetrust\mailwasher pro\MailWasher.exe
StartupFolder: c:\users\jeff\appdata\roaming\micros~1\windows\startm~1\programs\startup\timesn~1.lnk - c:\program files\timesnapper\TimeSnapper.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\daily.lnk - c:\users\jeff\data\Daily.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://olin.webex.com/client/T26L/nbr/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vpn-standard.harris.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://iras.invitrogen.com/dana-cached/sc/JuniperSetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\users\jeff\data\eudora\EuShlExt.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\i50uyl2j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-22 28544]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 kp_malibu;kp_malibu;c:\windows\system32\drivers\kp_malibu.sys [2008-6-30 10752]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2007-10-1 5120]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-26 38224]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S3 1394CMDR;CMU 1394 Digital Camera Device;c:\windows\system32\drivers\1394cmdr.sys [2008-3-17 54272]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-16 21504]
S3 ImporterLogService;ImporterLogService;c:\program files\ibiquity digital\importer\importer4.0\servers\LogService.exe [2008-2-18 434176]
S3 jlink;J-Link driver;c:\windows\system32\drivers\jlink.sys [2009-6-17 14208]
S3 MIUSB2;Aptina Imaging USB2 Driver (miusb2.sys);c:\windows\system32\drivers\miusb2.sys [2008-12-10 13312]
S3 rcp_service;ReaConverter scheduler service;c:\program files\reaconverter 5.5 pro\rcp_scheduler.exe [2007-11-30 558592]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\solarwinds\tftpserver\SolarWinds TFTP Server.exe [2007-11-1 61440]
S3 sonydcam;Generic 1394 Desktop Camera;c:\windows\system32\drivers\sonydcam.sys [2008-5-16 26624]
S3 TOUCHSET;TouchSet Controller HID Filter Driver;c:\windows\system32\drivers\touchset.sys [2009-6-10 21760]
S3 usbsnoop;usbsnoop (display);c:\windows\system32\drivers\usbsnoop.sys [2009-1-23 40896]
S3 WmUsbIce;%SvcDesc%;c:\windows\system32\drivers\WmUsbIce.sys [2006-5-26 20992]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XilinxFirmwareLpLoader;XilinxFirmwareLpLoader;c:\windows\system32\drivers\xusb_xlp.sys [2007-12-14 17280]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2007-2-22 2808664]

=============== Created Last 30 ================

2010-07-09 23:20:55 12582564 ----a-w- C:\ltc_100709NakedFlats.zip
2010-07-06 18:17:23 12574676 ----a-w- C:\ltc_100706am.zip
2010-06-30 16:50:27 0 ----a-w- c:\windows\ToDisc.INI
2010-06-24 14:28:53 29094 ----a-w- C:\temp5027.bmp
2010-06-24 14:28:53 29094 ----a-w- C:\temp5024.bmp
2010-06-24 00:46:00 33654 ----a-w- C:\Test.bmp
2010-06-23 10:00:14 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 10:00:14 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 10:00:14 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 10:00:14 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 10:00:14 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 02:52:54 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 02:52:54 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-21 18:37:28 0 d-----w- c:\users\jeff\appdata\roaming\Elluminate

==================== Find3M ====================

2010-07-09 15:02:49 86016 ----a-w- c:\windows\inf\infpub.dat
2010-07-09 15:02:49 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-09 15:02:49 143360 ----a-w- c:\windows\inf\infstor.dat
2010-06-10 06:16:13 14410232 ----a-w- C:\All Comb Formats.zip
2010-06-02 15:11:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-06-02 14:27:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-06-02 14:27:11 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-17 15:10:47 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-08-10 04:19:14 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-19 21:44:14 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-01-19 21:44:14 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-01-19 21:44:14 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-11-11 23:42:09 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 16:05:05.47 ===============

Attached Files


Edited by DelMarGuy, 19 July 2010 - 01:05 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:58 PM

Posted 25 July 2010 - 01:44 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 DelMarGuy

DelMarGuy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 25 July 2010 - 05:22 PM

Thanks - here's the files

OTL logfile created on: 7/25/2010 2:10:26 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Jeff\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 8.34 Gb Free Space | 5.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFF-VISTA
Current User Name: Jeff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/25 14:05:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
PRC - [2010/07/24 22:07:29 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/24 22:07:21 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/22 04:20:48 | 001,064,960 | ---- | M] (TimeSnapper.com) -- C:\Program Files\TimeSnapper\TimeSnapper.exe
PRC - [2009/11/13 04:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/27 00:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/08/28 19:45:00 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/07/29 13:36:44 | 000,107,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\mspdbsrv.exe
PRC - [2008/01/19 00:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007/04/27 20:15:46 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/03/29 10:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 17:50:26 | 000,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 17:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2007/01/25 17:45:42 | 000,468,600 | ---- | M] (TOSHIBA Corporation) -- C:\Toshiba\IVP\ISM\Ivpsvmgr.exe
PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
PRC - [2002/12/17 17:23:32 | 000,074,308 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe


========== Modules (SafeList) ==========

MOD - [2010/07/25 14:05:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/21 10:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 10:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/13 04:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/27 00:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/04/10 23:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/08/28 19:45:00 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/02/18 14:25:44 | 000,434,176 | ---- | M] (iBiquity Digital Corporation) [On_Demand | Stopped] -- C:\Program Files\Ibiquity Digital\Importer\Importer4.0\Servers\LogService.exe -- (ImporterLogService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 00:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (MSFTPSVC)
SRV - [2008/01/19 00:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/11/30 13:27:22 | 000,558,592 | ---- | M] (ReaSoft) [On_Demand | Stopped] -- C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe -- (rcp_service)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/11/06 13:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/11/01 11:06:22 | 000,061,440 | ---- | M] (SolarWinds) [On_Demand | Stopped] -- C:\Program Files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe -- (SolarWinds TFTP Server)
SRV - [2007/10/08 09:22:10 | 000,150,064 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2007/10/08 09:22:10 | 000,121,392 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2007/10/08 09:21:50 | 000,109,104 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/27 20:15:46 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 10:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/03/23 10:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/22 18:39:44 | 002,808,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2007/01/25 17:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 17:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/07/15 03:00:13 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009/04/10 21:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/03/20 07:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/17 12:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 12:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/01/23 13:05:41 | 000,040,896 | ---- | M] (SniffUsb/UsbSnoop Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbsnoop.sys -- (usbsnoop) usbsnoop (display)
DRV - [2008/12/10 17:27:02 | 000,013,312 | ---- | M] (Micron Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\miusb2.sys -- (MIUSB2) Aptina Imaging USB2 Driver (miusb2.sys)
DRV - [2008/09/24 03:29:25 | 000,029,184 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2008/08/28 19:29:50 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/07/11 16:32:34 | 000,014,208 | ---- | M] (SEGGER Microcontroller Systeme GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jlink.sys -- (jlink)
DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/11 15:32:52 | 000,010,752 | ---- | M] (Innovative Integration) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\kp_malibu.SYS -- (kp_malibu)
DRV - [2008/06/10 13:04:28 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/06/10 10:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/21 07:42:00 | 000,088,896 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2008/03/17 10:23:32 | 000,054,272 | ---- | M] (CMU Robotics Institute) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394cmdr.sys -- (1394CMDR)
DRV - [2008/01/18 22:53:26 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sonydcam.sys -- (sonydcam)
DRV - [2008/01/18 22:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/11/06 13:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007/10/08 09:22:48 | 000,924,976 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2007/10/08 09:22:48 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2007/10/08 09:22:46 | 000,025,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2007/10/08 09:22:46 | 000,020,912 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd2)
DRV - [2007/10/08 08:31:30 | 000,028,592 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2007/10/08 08:31:30 | 000,016,816 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2007/10/08 08:31:28 | 000,030,768 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2007/07/31 18:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/07/14 04:30:00 | 000,742,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/05/18 14:12:12 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/05/18 14:12:12 | 000,017,280 | ---- | M] (Xilinx, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb_xlp.sys -- (XilinxFirmwareLpLoader)
DRV - [2007/05/18 14:12:12 | 000,016,000 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XPC4DRVR.SYS -- (XilinxPC4Driver)
DRV - [2007/04/27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2007/04/24 22:07:14 | 002,590,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/03/23 10:03:00 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2007/03/23 02:00:14 | 000,030,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\XPVCOM.sys -- (xpvcom)
DRV - [2007/03/12 21:47:54 | 000,011,264 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007/01/24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/15 17:18:30 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2006/12/12 11:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/12/08 18:50:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2006/12/08 18:50:42 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 20:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/08/30 09:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/06/27 17:09:50 | 000,021,760 | ---- | M] (PAN JIT INTERNATIONAL INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\touchset.sys -- (TOUCHSET)
DRV - [2006/05/26 00:31:50 | 000,020,992 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmUsbIce.sys -- (WmUsbIce)
DRV - [2006/02/14 11:50:00 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2005/12/21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/27 16:57:00 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3441931732-2950259277-583699549-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3441931732-2950259277-583699549-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3441931732-2950259277-583699549-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.9.4

FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2010/07/19 16:48:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 22:07:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 22:07:48 | 000,000,000 | ---D | M]

[2010/03/29 07:18:55 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Extensions
[2008/05/10 13:05:18 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/07/24 22:18:14 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\i50uyl2j.default\extensions
[2010/04/27 07:12:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\i50uyl2j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/24 22:18:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/07/18 11:36:12 | 000,411,358 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14241 more lines...
O3 - HKU\S-1-5-21-3441931732-2950259277-583699549-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3441931732-2950259277-583699549-1000..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe ()
O4 - Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeSnapper Professional.lnk = C:\Program Files\TimeSnapper\TimeSnapper.exe (TimeSnapper.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\S-1-5-21-3441931732-2950259277-583699549-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto.com/upload/activex/v3_...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://olin.webex.com/client/T26L/nbr/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://vpn-standard.harris.com/dana-cached...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://iras.invitrogen.com/dana-cached/sc/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (\\.\globalroot\systemroot\system32\userinit.exe) - \\.\globalroot\systemroot\system32\userinit.exe ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Users\Jeff\Data\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{59600854-ee3d-11dd-abad-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{59600854-ee3d-11dd-abad-005056c00008}\Shell\AutoRun\command - "" = E:\setup.EXE -- File not found
O33 - MountPoints2\{59600854-ee3d-11dd-abad-005056c00008}\Shell\configure\command - "" = E:\setup.EXE -- File not found
O33 - MountPoints2\{59600854-ee3d-11dd-abad-005056c00008}\Shell\install\command - "" = E:\setup.EXE -- File not found
O33 - MountPoints2\{82f5aee0-7c44-11de-b751-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{82f5aee0-7c44-11de-b751-005056c00008}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fc5a1808-f9f7-11dc-a9d0-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{fc5a1808-f9f7-11dc-a9d0-005056c00008}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk - C:\Program Files\palm\Hotsync.exe - (PalmSource, Inc)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Jeff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\PROGRA~1\MICROS~4\Office12\ONENOTEM.EXE - File not found
MsConfig - StartUpReg: 00TCrdMain - hkey= - key= - File not found
MsConfig - StartUpReg: BitTorrent - hkey= - key= - C:\Program Files\BitTorrent\bittorrent.exe File not found
MsConfig - StartUpReg: HotSync - hkey= - key= - C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
MsConfig - StartUpReg: scheduler_monitor - hkey= - key= - C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe ()
MsConfig - StartUpReg: SmoothView - hkey= - key= - File not found
MsConfig - StartUpReg: SVPWUTIL - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - StartUpReg: TOSCDSPD - hkey= - key= - File not found
MsConfig - StartUpReg: TSRotIOC - hkey= - key= - File not found
MsConfig - StartUpReg: USB2Check - hkey= - key= - File not found
MsConfig - StartUpReg: VMware hqtray - hkey= - key= - C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
MsConfig - State: "bootini" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {66DA9ADD-B1C4-4891-84D6-706E216B411B} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
ActiveX: {6803DF8A-43CE-4E52-B455-0B9B09D6E2D1} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023)
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
ActiveX: {964C8238-245C-4475-BB6E-D19D2C1220F2} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)
ActiveX: {9AD2FB23-AC50-435C-8ABC-8119D29CF0C1} - Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB932232)
ActiveX: {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971090)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} - Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\emYUV.dll (Microsoft Corporation)
Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/25 14:05:53 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2010/07/23 14:23:39 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\July 23
[2010/07/19 16:48:56 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Documents\Fiddler2
[2010/07/19 16:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Fiddler2
[2010/07/14 06:46:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/09 11:38:31 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\Naked Flats
[2010/07/08 10:32:15 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\Jul 8
[2010/07/07 16:41:19 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\Jul 7
[2010/07/06 13:18:07 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\Jul 6
[2010/07/03 17:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Documents\Visa statements
[2010/07/01 10:37:28 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\Jul 1 Data
[2010/06/30 09:49:13 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\Jun 30 Data
[2010/06/29 17:06:14 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\June 29
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/25 14:10:42 | 011,534,336 | -HS- | M] () -- C:\Users\Jeff\NTUSER.DAT
[2010/07/25 14:09:09 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5A7295D9-DE02-4F8A-81B2-AB929449678B}.job
[2010/07/25 14:05:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2010/07/25 13:56:40 | 000,005,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/25 13:56:40 | 000,005,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/25 13:50:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/25 13:14:46 | 000,000,017 | -H-- | M] () -- C:\Windows\System32\servdat.slm
[2010/07/25 09:50:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/24 19:56:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/24 19:56:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/24 19:56:22 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/24 19:56:18 | 206,645,944 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/24 07:56:42 | 005,309,022 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/24 07:56:42 | 001,822,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/24 07:56:42 | 000,006,860 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/23 13:00:20 | 000,007,944 | ---- | M] () -- C:\Users\Jeff\AppData\Local\d3d9caps.dat
[2010/07/22 13:17:26 | 000,524,288 | -HS- | M] () -- C:\Users\Jeff\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/07/22 13:17:26 | 000,065,536 | -HS- | M] () -- C:\Users\Jeff\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/07/22 13:17:06 | 003,558,453 | -H-- | M] () -- C:\Users\Jeff\AppData\Local\IconCache.db
[2010/07/21 07:25:18 | 000,000,334 | ---- | M] () -- C:\Users\Jeff\AppData\Local\magnifier.ini
[2010/07/20 21:50:02 | 000,082,674 | ---- | M] () -- C:\Users\Jeff\Desktop\Domain Renewal Invoice.pdf
[2010/07/20 09:50:50 | 000,041,984 | ---- | M] () -- C:\Users\Jeff\Desktop\Beta_GUI_Tasks_Left_To_Do.xls
[2010/07/20 08:52:20 | 000,016,764 | ---- | M] () -- C:\Users\Jeff\Desktop\LTC July 1-16.xml
[2010/07/18 11:36:12 | 000,411,358 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/17 09:46:53 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100718-113612.backup
[2010/07/15 14:16:04 | 000,018,432 | ---- | M] () -- C:\Users\Jeff\Desktop\bugs.xls
[2010/07/14 10:52:21 | 000,039,936 | ---- | M] () -- C:\Users\Jeff\Desktop\TTP 632 LOg.doc
[2010/07/14 10:50:14 | 000,050,176 | ---- | M] () -- C:\Users\Jeff\Desktop\System_Frozen_Image_USB_71310_Test_V2.10_TermiteLog.doc
[2010/07/14 08:54:17 | 000,005,308 | ---- | M] () -- C:\Users\Jeff\Desktop\bugs.csv
[2010/07/14 08:34:57 | 000,154,624 | ---- | M] () -- C:\Users\Jeff\Desktop\GEL TEST_JN_TEST_CurrentTooHigh_LeftGEL.doc
[2010/07/14 08:07:40 | 000,000,909 | ---- | M] () -- C:\Users\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/14 06:46:45 | 000,000,666 | ---- | M] () -- C:\Windows\win.ini
[2010/07/12 09:43:30 | 010,710,148 | ---- | M] () -- C:\Users\Jeff\Desktop\Projects.zip
[2010/07/10 15:51:24 | 000,019,968 | ---- | M] () -- C:\Users\Jeff\Desktop\Tmobile plans.xls
[2010/07/09 17:19:45 | 000,001,953 | ---- | M] () -- C:\Users\Jeff\Desktop\PRD PSD Table.doc - Shortcut.lnk
[2010/07/09 16:22:10 | 012,582,564 | ---- | M] () -- C:\ltc_100709NakedFlats.zip
[2010/07/09 16:01:30 | 001,072,671 | ---- | M] () -- C:\Users\Jeff\Desktop\Jess Oberlin Grad Official Photos.pdf
[2010/07/08 17:50:58 | 000,821,821 | ---- | M] () -- C:\Users\Jeff\Desktop\Jess Oberlin gradpic.jpg
[2010/07/07 14:54:38 | 000,558,661 | ---- | M] () -- C:\Users\Jeff\Desktop\Jul 06 2010 1025 L.pdf
[2010/07/07 10:43:28 | 000,030,366 | ---- | M] () -- C:\Users\Jeff\Desktop\LTC June 2010.xml
[2010/07/07 09:46:53 | 000,006,632 | ---- | M] () -- C:\Users\Jeff\Documents\LTC June 2010.csv
[2010/07/06 11:21:21 | 012,574,676 | ---- | M] () -- C:\ltc_100706am.zip
[2010/06/30 10:54:25 | 000,013,824 | ---- | M] () -- C:\Users\Jeff\Desktop\Normal Loads.xls
[2010/06/30 09:50:27 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/20 21:49:55 | 000,082,674 | ---- | C] () -- C:\Users\Jeff\Desktop\Domain Renewal Invoice.pdf
[2010/07/20 08:52:19 | 000,016,764 | ---- | C] () -- C:\Users\Jeff\Desktop\LTC July 1-16.xml
[2010/07/14 10:52:21 | 000,039,936 | ---- | C] () -- C:\Users\Jeff\Desktop\TTP 632 LOg.doc
[2010/07/14 10:50:12 | 000,050,176 | ---- | C] () -- C:\Users\Jeff\Desktop\System_Frozen_Image_USB_71310_Test_V2.10_TermiteLog.doc
[2010/07/14 08:34:56 | 000,154,624 | ---- | C] () -- C:\Users\Jeff\Desktop\GEL TEST_JN_TEST_CurrentTooHigh_LeftGEL.doc
[2010/07/14 08:26:40 | 000,005,308 | ---- | C] () -- C:\Users\Jeff\Desktop\bugs.csv
[2010/07/12 09:46:19 | 010,710,148 | ---- | C] () -- C:\Users\Jeff\Desktop\Projects.zip
[2010/07/09 22:12:23 | 001,072,671 | ---- | C] () -- C:\Users\Jeff\Desktop\Jess Oberlin Grad Official Photos.pdf
[2010/07/09 17:19:45 | 000,001,953 | ---- | C] () -- C:\Users\Jeff\Desktop\PRD PSD Table.doc - Shortcut.lnk
[2010/07/09 16:20:55 | 012,582,564 | ---- | C] () -- C:\ltc_100709NakedFlats.zip
[2010/07/08 17:50:58 | 000,821,821 | ---- | C] () -- C:\Users\Jeff\Desktop\Jess Oberlin gradpic.jpg
[2010/07/07 14:54:37 | 000,558,661 | ---- | C] () -- C:\Users\Jeff\Desktop\Jul 06 2010 1025 L.pdf
[2010/07/07 09:46:53 | 000,006,632 | ---- | C] () -- C:\Users\Jeff\Documents\LTC June 2010.csv
[2010/07/07 09:41:18 | 000,030,366 | ---- | C] () -- C:\Users\Jeff\Desktop\LTC June 2010.xml
[2010/07/06 11:17:23 | 012,574,676 | ---- | C] () -- C:\ltc_100706am.zip
[2010/06/30 10:54:25 | 000,013,824 | ---- | C] () -- C:\Users\Jeff\Desktop\Normal Loads.xls
[2010/06/30 09:50:27 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/09/19 12:49:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/17 14:33:12 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009/06/17 14:33:12 | 000,000,341 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009/06/16 15:46:43 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009/06/16 15:46:43 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009/06/16 15:46:43 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009/06/16 15:46:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2008/10/23 07:24:14 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2008/10/23 07:24:14 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2008/06/30 09:32:46 | 000,618,496 | ---- | C] () -- C:\Windows\System32\stlpmt45.dll
[2008/06/30 09:32:45 | 000,485,376 | ---- | C] () -- C:\Windows\System32\VCLLoader.dll
[2008/05/16 08:20:30 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/03/26 21:11:07 | 000,111,376 | ---- | C] () -- C:\Windows\System32\expat.dll
[2008/03/26 21:11:07 | 000,040,352 | ---- | C] () -- C:\Windows\System32\agcrypto.dll
[2008/03/13 14:06:05 | 000,000,051 | ---- | C] () -- C:\Windows\UpFlash.INI
[2008/02/21 02:28:41 | 000,049,152 | ---- | C] () -- C:\Windows\System32\OctaneARM.dll
[2008/02/13 11:32:04 | 000,018,821 | ---- | C] () -- C:\Windows\winscp406.ini
[2007/12/15 16:08:25 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2007/12/06 14:07:47 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2007/12/06 14:06:18 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2007/12/06 14:06:18 | 000,000,092 | ---- | C] () -- C:\Windows\wpd99.drv
[2007/11/06 13:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007/10/30 19:28:28 | 000,000,255 | ---- | C] () -- C:\Windows\ScreenPlayEditor.ini
[2007/10/01 18:07:39 | 000,022,723 | ---- | C] () -- C:\Windows\System32\SUGS2l3.dll
[2007/08/20 17:36:57 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/08/20 08:18:54 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2007/08/12 21:28:23 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2007/08/12 20:41:41 | 000,001,068 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/05/16 18:40:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/16 18:40:55 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/16 18:40:55 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/16 18:40:55 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/16 18:40:55 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/16 18:40:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/16 17:46:42 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/16 17:30:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007/05/16 17:15:16 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/16 17:15:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/16 17:15:16 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/16 17:15:16 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/05/16 17:13:14 | 000,000,291 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/04/12 20:37:32 | 000,851,968 | R--- | C] () -- C:\Windows\System32\libeay32.dll
[2007/04/12 20:37:32 | 000,159,744 | R--- | C] () -- C:\Windows\System32\ssleay32.dll
[2007/03/23 02:00:14 | 000,030,032 | ---- | C] () -- C:\Windows\System32\drivers\XPVCOM.sys
[2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 05:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002/10/02 05:47:44 | 003,276,800 | ---- | C] () -- C:\Windows\System32\qt-mt305.dll
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\Windows\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\Windows\FRONTPG.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2010/03/29 05:35:59 | 000,110,592 | ---- | M] () -- C:\uC-GUI-BitmapConvert.exe


< MD5 for: AGP440.SYS >
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 04:06:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 04:06:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 04:06:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 00:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 00:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KR10N.SYS >
[2005/09/27 16:57:00 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\drivers\KR10N.sys
[2005/09/27 16:57:00 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\DriverStore\FileRepository\kr10n.inf_f8c77270\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 00:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/19 00:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/19 00:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 00:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2010/07/24 19:56:11 | 016,777,216 | -HS- | M] () -- C:\Windows\System32\config\eqcc88nh.sav
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:1489AFE4
< End of report >
OTL Extras logfile created on: 7/25/2010 2:10:26 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Jeff\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 8.34 Gb Free Space | 5.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFF-VISTA
Current User Name: Jeff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3441931732-2950259277-583699549-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027D20DA-F166-4BDE-85E8-FDA40A80B10F}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 |
"{02D2686D-259B-4401-9176-D7B24EBD69DD}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{13B45F1A-A0A3-46CE-BDEE-7DD300D06140}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 |
"{188FC4FD-8A30-45A7-9414-9F64C6EA8D65}" = lport=53492 | protocol=17 | dir=in | name=winapp listener |
"{27FF3118-7DD1-41BA-AF3E-1819E168D681}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{314068A3-C9D3-4265-B51B-A86FAF700127}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{40D8DE5C-0485-4CFE-A428-E44CD8D95C34}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 |
"{492DE6F4-01FC-4FD2-8FF6-1264D4630DC6}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4A0084C6-41A9-4445-986F-C61B03BED4D6}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{620D9882-7A50-4DB5-B8BD-64F11F6B085A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8C42B72B-F98E-44A2-B26A-3E413C9B5ABC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{98F62E6C-1844-436C-95BB-872352209557}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{994DE7E2-53DC-4F33-9483-8ADD108A2D86}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 |
"{A061819E-02D5-4632-AF93-5EBD236BD17F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A8A6DD18-F1BF-4AF0-8863-01B920586C11}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 |
"{A9E9B621-AB8A-46BA-AC35-9C4BCECFC917}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 |
"{C1E1842B-7909-4CB3-99E4-49D496C46201}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C342D370-F17B-4251-A141-C337B37034C8}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CECC5182-EFB9-47DF-8522-1600A5BE9118}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 |
"{DB0E4BED-C8DE-4E36-BB4A-901F13DBD54E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DD78701E-9D49-4790-994F-5FAC83380496}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{EE44B9B8-3C1D-4B58-96CF-7DD30C71E6CC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FBA5C181-164A-4BCE-AB67-C638C26B96AD}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005492C4-24CF-4C7C-9FA9-236A692E3BA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{04239EA7-EF38-4FF1-A8BB-B902BF086DCC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05559555-445F-436B-851E-79F46BD657E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{070EF9E5-45DD-44CA-B405-8BD727CE62A7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{0D257AC1-256E-4BE3-ADA4-484F457BAA2B}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{0F96A67D-3C69-4E72-8998-FEE595568A55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11384E7B-63E7-408D-8C08-38832C8F7797}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16B9D233-F5D3-4BD9-A83F-3D4355DC7A8F}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{174530CA-79D1-4885-875D-5DE440A5676F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{186420EE-AC4D-4B1B-8024-A1C582BE605D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{205E41B2-E8C4-4613-AAF6-2B0D40B20724}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{25025A34-8D20-4CF8-B796-4C80320BF11F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{280F4974-2FCD-449C-A122-482849B7ED8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29668A41-BA13-4345-AAC1-BB10B55264C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D9746EE-1438-4E85-8075-294A2125F472}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E5CBB9C-64A2-44FB-920C-878B50494DA9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FD54F10-3F17-4F1E-866A-FA8B2FD5EE86}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{316B8038-BE9D-4575-91B7-212829DCFCAB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{334F088F-DFA1-4F8E-894A-8F92473F8BD0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3400736E-B9E6-49B2-88ED-69C60C67107E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3792ED25-C5FF-4AF3-9E68-446C074E78A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{418C206A-A762-4127-9F66-C093709C27D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{445C3827-B3F9-455E-8D7B-4823CAD7CDCF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{48145F9F-CFDC-4F33-B948-885363CC0E27}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{4A3064AC-F14F-47FC-9CCA-F0AFF9427E7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4ADAF755-9FF6-4AF9-9A48-001BB4844401}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AE07469-73AB-4EF2-8920-99396F7BDBF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5652E2B5-DFC2-4E09-B2B5-CF3F797DA610}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A3177F2-1040-4229-BAC1-B107AF137A56}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61061873-84CD-445B-A0A8-34D5489127D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68701E1C-AFD2-4C3F-B1C3-6C0ED5390D61}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{69B34EB4-FA24-4A84-BAD8-189CDD09EB9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F9BAEDA-860C-4BAC-B862-7FFD6D372E3E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{74FC20BC-A55B-476B-BF4F-51F9539DA375}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75852705-DEEB-4B50-A461-8AEBBDACCAC7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{7F3441C5-2BD3-4689-AC0C-F6C1961D4F39}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{89C47F5C-86A6-43C1-AF38-502AEBEA03A6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8F5F6943-45B4-4599-A99A-90C6A12A52C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FD2D21D-D42C-4D5F-AF97-F38510D076E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92A997E0-781C-444B-B361-EA3EADBB2218}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9451CA9F-AF11-4D64-B738-3E5B97840B23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99E945FE-22D0-4828-B713-36C7AB9DE1E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B765C40-9EB6-4138-AD60-485D8CFA830F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DF42E8D-11F4-4C0B-A92C-51357F1E20B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5E12F83-9F7E-4325-A3D6-BFC0710C53CE}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A6D2A211-F075-443D-A9B2-9EB76FC0A9E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA215E97-4B9D-4171-8EE1-61DABE4D4314}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB80B347-3AA8-4201-9499-010B34814BC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABA13E20-4F99-48A6-8B06-56F3B75FA05A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AC54032D-3DD9-405C-9962-FEDD34AB3236}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC9E175F-DFD9-4B37-8BD9-001096371610}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADB3438C-02AC-44E7-A20A-2EA6472A0ECA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE70DB41-794D-48EA-BADC-340CFBC9CE70}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{B17CD458-8F2A-4B1B-8238-5154D44DCA82}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDDEEC62-0A25-42F8-BB0E-03241524B91A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3D27C3E-154E-42F8-BD52-1C7B042A12A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C5DE3C4B-02D5-48D3-B273-10A40531309E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC3E98F9-4375-4D33-831A-31D0A9A7A7D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD4C7E99-A00B-4A64-9F94-61C80C25693B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE513C88-9A21-418B-AB73-04BFB2459BC3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{D0DD3E57-B467-4B89-BF79-4A17CCB114D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D39FBAE5-7A5E-4B06-BA36-0D80683A52ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D743B981-01AA-4D6E-BDAA-1E5B4E96DFBA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{E19C5958-53F3-4F44-9B78-F095DE24FEC8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E92C7B28-F8E8-4C8F-9B4E-A3F3453A1131}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9440772-3106-40CB-B421-2D9CE7A64085}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{EA99F0F4-D63B-46CB-8AC5-22D31C565704}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0497A80-2355-4B9A-8502-B49A97233A97}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F20D2AB1-BED1-4BF5-868A-9C969E9ED7BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE5D739F-C92C-48BA-A159-759385D3AED3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{FE9F9B9F-9228-4C75-B01B-8176FA32AC9D}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"TCP Query User{00F13651-DDA1-4A33-99F0-B8A80130E62E}C:\program files\harris corp\hdeconfig\hdeconfig.exe" = protocol=6 | dir=in | app=c:\program files\harris corp\hdeconfig\hdeconfig.exe |
"TCP Query User{06A0E67A-7A9A-4379-B2FD-B053E96FED3D}C:\harris\winshare2\ee\sbc\winapp\eesimvs2003\eesimvs2003\release\eesimvs2003.exe" = protocol=6 | dir=in | app=c:\harris\winshare2\ee\sbc\winapp\eesimvs2003\eesimvs2003\release\eesimvs2003.exe |
"TCP Query User{0E98B92C-6EA8-4CBB-A5EF-0FB8E92F5C49}C:\program files\ibiquity digital\importer\importer4.0\servers\hdr_dlmx.exe" = protocol=6 | dir=in | app=c:\program files\ibiquity digital\importer\importer4.0\servers\hdr_dlmx.exe |
"TCP Query User{10756E43-BD59-41FE-B0B7-6E4BC0975F1E}C:\harris\winshare2\ee\sbc\winapp\serverapp\serverapp\bin\debug\serverapp.vshost.exe" = protocol=6 | dir=in | app=c:\harris\winshare2\ee\sbc\winapp\serverapp\serverapp\bin\debug\serverapp.vshost.exe |
"TCP Query User{1314DCEA-A427-4F8D-8446-8EAA2CC72FE3}C:\users\jeff\appdata\local\abacast\abaclient.exe" = protocol=6 | dir=in | app=c:\users\jeff\appdata\local\abacast\abaclient.exe |
"TCP Query User{1396CC5B-C464-45CD-A6F4-F253C3AC36AA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{1EFF674F-53B0-4765-A376-FA42B3C5CBD1}C:\program files\abacast\abaclient.exe" = protocol=6 | dir=in | app=c:\program files\abacast\abaclient.exe |
"TCP Query User{377D3260-53B1-4708-910B-178B5E452BAA}C:\harris\winshare2\ee\sbc\winapp\logger\bin\release\logger.exe" = protocol=6 | dir=in | app=c:\harris\winshare2\ee\sbc\winapp\logger\bin\release\logger.exe |
"TCP Query User{3826968A-B4EF-4171-99DB-466CE609910D}C:\program files\tftputil\tftputil gui.exe" = protocol=6 | dir=in | app=c:\program files\tftputil\tftputil gui.exe |
"TCP Query User{4174E82F-E798-4E9C-8DCA-FFAD8C07C478}C:\dhcp\dhcpsrv.exe" = protocol=6 | dir=in | app=c:\dhcp\dhcpsrv.exe |
"TCP Query User{43C017A5-F691-4E6A-A2E0-398B96671158}C:\program files\harris corp\flexstar\hde-200 control center\hdeconfig.exe" = protocol=6 | dir=in | app=c:\program files\harris corp\flexstar\hde-200 control center\hdeconfig.exe |
"TCP Query User{46A9AD9F-4E9B-4C21-97B6-F2C7509C0C17}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4EF41BC6-33D8-4D40-BB44-D8049A7100DB}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{5B837795-11C1-40C0-9669-D97DE9D38772}C:\program files\harris corp\hdeconfig\hdeconfig.exe" = protocol=6 | dir=in | app=c:\program files\harris corp\hdeconfig\hdeconfig.exe |
"TCP Query User{5BF10AE1-EB1E-4007-983F-152BA7E98A14}C:\harris\winshare2\ee\sbc\winapp\logger\bin\debug\logger.vshost.exe" = protocol=6 | dir=in | app=c:\harris\winshare2\ee\sbc\winapp\logger\bin\debug\logger.vshost.exe |
"TCP Query User{603A855A-83E1-491F-82D6-5B15B22193C9}C:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.exe" = protocol=6 | dir=in | app=c:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.exe |
"TCP Query User{64E3D785-A893-48E6-8792-32CEB870A7B4}C:\harris\winshare2\ee\sbc\winapp\logger\bin\debug\logger.vshost.exe" = protocol=6 | dir=in | app=c:\harris\winshare2\ee\sbc\winapp\logger\bin\debug\logger.vshost.exe |
"TCP Query User{6562EF1C-0EE5-4CA3-8E7D-E2448A51DA41}C:\program files\harris corp\hde-200 contol center\hdeconfig.exe" = protocol=6 | dir=in | app=c:\program files\harris corp\hde-200 contol center\hdeconfig.exe |
"TCP Query User{7E7C675E-A9D3-4E42-A896-69A94E3D48E4}C:\harris\eesimvs2003.exe" = protocol=6 | dir=in | app=c:\harris\eesimvs2003.exe |
"TCP Query User{80F6A145-3AB6-48D7-9F44-1A1AAE55DCA6}C:\program files\tftpd32\tftpd32.exe" = protocol=6 | dir=in | app=c:\program files\tftpd32\tftpd32.exe |
"TCP Query User{92241CAD-4942-4FB6-B050-DBC859B02ABF}C:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.exe" = protocol=6 | dir=in | app=c:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.exe |
"TCP Query User{934057A6-92D4-427C-A2A3-178B153C216C}C:\program files\ibiquity digital\importer\importer4.0\servers\logisticsprocessor.exe" = protocol=6 | dir=in | app=c:\program files\ibiquity digital\importer\importer4.0\servers\logisticsprocessor.exe |
"TCP Query User{9B9AD381-1649-43CC-B49D-F6D940515421}C:\program files\3com\3cserver.exe" = protocol=6 | dir=in | app=c:\program files\3com\3cserver.exe |
"TCP Query User{9CF761BC-1126-4663-A947-8F0833FC924A}C:\program files\simplecomtools\udp test tool 2.5\udp test tool.exe" = protocol=6 | dir=in | app=c:\program files\simplecomtools\udp test tool 2.5\udp test tool.exe |
"TCP Query User{A368238D-2F4E-4DEA-860D-B6AA05E06F90}C:\harris\winshare2\ee\sbc\winapp\logger\bin\release\logger.vshost.exe" = protocol=6 | dir=in | app=c:\harris\winshare2\ee\sbc\winapp\logger\bin\release\logger.vshost.exe |
"TCP Query User{B11103D3-7E6D-4EB4-9894-50A2A455D15B}C:\theadev2\projects\nge\workspace\wingui2008\debug\wingui.exe" = protocol=6 | dir=in | app=c:\theadev2\projects\nge\workspace\wingui2008\debug\wingui.exe |
"TCP Query User{B683715A-0846-4A87-8A4E-88E92705E57F}C:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.vshost.exe" = protocol=6 | dir=in | app=c:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.vshost.exe |
"TCP Query User{B6B9119A-AFD0-49D1-AFEA-1B8DE28F5E92}C:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.vshost.exe" = protocol=6 | dir=in | app=c:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.vshost.exe |
"TCP Query User{D076D5E4-28FA-4697-95D8-B53721E49CC0}C:\program files\simplecomtools\tcp test tool 2.3\tcp test tool.exe" = protocol=6 | dir=in | app=c:\program files\simplecomtools\tcp test tool 2.3\tcp test tool.exe |
"TCP Query User{D3EB5334-47C0-45F0-B032-B21B7DFF3C3B}C:\harris\winshare2\ee\sbc\projects\bin\windows codec\eesimvs2003.exe" = protocol=6 | dir=in | app=c:\harris\winshare2\ee\sbc\projects\bin\windows codec\eesimvs2003.exe |
"TCP Query User{D59EA745-764A-4C56-B78E-93BA86C48B15}C:\program files\harris corp\flexstar\hde-200 logger\logger.exe" = protocol=6 | dir=in | app=c:\program files\harris corp\flexstar\hde-200 logger\logger.exe |
"TCP Query User{DAAAD771-B20E-48E9-A936-56E45F1A333D}C:\program files\ibiquity digital\importer\importer4.0\servers\administrator.exe" = protocol=6 | dir=in | app=c:\program files\ibiquity digital\importer\importer4.0\servers\administrator.exe |
"TCP Query User{E2DA27D8-F2C9-43DC-B3F6-FC923BA565A2}C:\harris\winshare2\ee\sbc\winapp\logger\bin\release\logger.exe" = protocol=6 | dir=in | app=c:\harris\winshare2\ee\sbc\winapp\logger\bin\release\logger.exe |
"TCP Query User{F9738E89-DC53-4F34-ABDE-8EEC9985A8E7}C:\program files\ibiquity digital\importer\importer4.0\servers\connectionmanager.exe" = protocol=6 | dir=in | app=c:\program files\ibiquity digital\importer\importer4.0\servers\connectionmanager.exe |
"UDP Query User{0A2D5C81-6C14-465B-9B68-2D6CD05BA9B3}C:\program files\harris corp\flexstar\hde-200 control center\hdeconfig.exe" = protocol=17 | dir=in | app=c:\program files\harris corp\flexstar\hde-200 control center\hdeconfig.exe |
"UDP Query User{0AB82C6F-AD0F-456B-8BA2-BF40400CFFB9}C:\theadev2\projects\nge\workspace\wingui2008\debug\wingui.exe" = protocol=17 | dir=in | app=c:\theadev2\projects\nge\workspace\wingui2008\debug\wingui.exe |
"UDP Query User{0AD84551-1C9D-4EA3-A90A-7857A48FA220}C:\program files\ibiquity digital\importer\importer4.0\servers\connectionmanager.exe" = protocol=17 | dir=in | app=c:\program files\ibiquity digital\importer\importer4.0\servers\connectionmanager.exe |
"UDP Query User{1551E738-7F76-4626-BA6A-6002AAD760F3}C:\harris\eesimvs2003.exe" = protocol=17 | dir=in | app=c:\harris\eesimvs2003.exe |
"UDP Query User{196432BF-C8BE-48F2-8761-2239FAE4F6D0}C:\harris\winshare2\ee\sbc\projects\bin\windows codec\eesimvs2003.exe" = protocol=17 | dir=in | app=c:\harris\winshare2\ee\sbc\projects\bin\windows codec\eesimvs2003.exe |
"UDP Query User{2DCD7E06-C796-4E38-A704-1B98863DE2BC}C:\program files\harris corp\hde-200 contol center\hdeconfig.exe" = protocol=17 | dir=in | app=c:\program files\harris corp\hde-200 contol center\hdeconfig.exe |
"UDP Query User{333A9647-B93E-42D6-A666-15DB9D8069ED}C:\program files\ibiquity digital\importer\importer4.0\servers\administrator.exe" = protocol=17 | dir=in | app=c:\program files\ibiquity digital\importer\importer4.0\servers\administrator.exe |
"UDP Query User{37CF035A-AA19-4334-B6F2-24C2361AA08C}C:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.vshost.exe" = protocol=17 | dir=in | app=c:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.vshost.exe |
"UDP Query User{3E531F6D-0200-43F9-B184-EF1A61D6730F}C:\program files\ibiquity digital\importer\importer4.0\servers\hdr_dlmx.exe" = protocol=17 | dir=in | app=c:\program files\ibiquity digital\importer\importer4.0\servers\hdr_dlmx.exe |
"UDP Query User{405B2469-78CA-4FAE-B67B-808CD57527E4}C:\harris\winshare2\ee\sbc\winapp\serverapp\serverapp\bin\debug\serverapp.vshost.exe" = protocol=17 | dir=in | app=c:\harris\winshare2\ee\sbc\winapp\serverapp\serverapp\bin\debug\serverapp.vshost.exe |
"UDP Query User{4613088A-4795-467E-A2D5-B571754EE94B}C:\program files\simplecomtools\udp test tool 2.5\udp test tool.exe" = protocol=17 | dir=in | app=c:\program files\simplecomtools\udp test tool 2.5\udp test tool.exe |
"UDP Query User{4670B8DB-4A7C-4424-BF0C-8E09E4BDAAFD}C:\harris\winshare2\ee\sbc\winapp\logger\bin\release\logger.vshost.exe" = protocol=17 | dir=in | app=c:\harris\winshare2\ee\sbc\winapp\logger\bin\release\logger.vshost.exe |
"UDP Query User{4929584A-D880-4390-A649-CEE5DB311F03}C:\users\jeff\appdata\local\abacast\abaclient.exe" = protocol=17 | dir=in | app=c:\users\jeff\appdata\local\abacast\abaclient.exe |
"UDP Query User{49B8E1B5-BC5D-4AF1-BF22-6A0C53DB8278}C:\harris\winshare2\ee\sbc\winapp\logger\bin\release\logger.exe" = protocol=17 | dir=in | app=c:\harris\winshare2\ee\sbc\winapp\logger\bin\release\logger.exe |
"UDP Query User{5E24548D-C2F4-4127-962C-F6EDA9B401B1}C:\dhcp\dhcpsrv.exe" = protocol=17 | dir=in | app=c:\dhcp\dhcpsrv.exe |
"UDP Query User{69EA078E-0817-4E0F-9779-F3A3CDC8C24E}C:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.exe" = protocol=17 | dir=in | app=c:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.exe |
"UDP Query User{6C3F427A-B8EE-4F01-82AA-643AF5A89153}C:\harris\winshare2\ee\sbc\winapp\eesimvs2003\eesimvs2003\release\eesimvs2003.exe" = protocol=17 | dir=in | app=c:\harris\winshare2\ee\sbc\winapp\eesimvs2003\eesimvs2003\release\eesimvs2003.exe |
"UDP Query User{8D578931-976E-4A74-8F65-8B7D48FC4A91}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{906C3E45-6EBD-47B5-B8DC-E97C7AF7DF24}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9FDF4E5F-8A0D-4DBE-BC9D-621FC20813B4}C:\harris\winshare2\ee\sbc\winapp\logger\bin\release\logger.exe" = protocol=17 | dir=in | app=c:\harris\winshare2\ee\sbc\winapp\logger\bin\release\logger.exe |
"UDP Query User{A4095AF0-D79D-4988-A8A0-E77B7C8DE7B7}C:\program files\harris corp\hdeconfig\hdeconfig.exe" = protocol=17 | dir=in | app=c:\program files\harris corp\hdeconfig\hdeconfig.exe |
"UDP Query User{ABE068B2-15E7-4B29-86C0-BAAC688A3E51}C:\program files\abacast\abaclient.exe" = protocol=17 | dir=in | app=c:\program files\abacast\abaclient.exe |
"UDP Query User{C91E48C5-8A77-4F9B-9D17-5A3BB7DC1F9A}C:\program files\3com\3cserver.exe" = protocol=17 | dir=in | app=c:\program files\3com\3cserver.exe |
"UDP Query User{CE14C4D2-EF76-4B38-9FB6-A57856A7A891}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CEC7FE28-E566-48F2-A738-B469A03FB416}C:\program files\simplecomtools\tcp test tool 2.3\tcp test tool.exe" = protocol=17 | dir=in | app=c:\program files\simplecomtools\tcp test tool 2.3\tcp test tool.exe |
"UDP Query User{D2157118-AF00-4F12-A7ED-9DB5D5801C66}C:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.exe" = protocol=17 | dir=in | app=c:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.exe |
"UDP Query User{D351D1FA-45E6-49A3-913B-D27B44E2F3F1}C:\program files\ibiquity digital\importer\importer4.0\servers\logisticsprocessor.exe" = protocol=17 | dir=in | app=c:\program files\ibiquity digital\importer\importer4.0\servers\logisticsprocessor.exe |
"UDP Query User{D64CA618-B293-433D-BE33-FC1E3EC1C518}C:\harris\winshare2\ee\sbc\winapp\logger\bin\debug\logger.vshost.exe" = protocol=17 | dir=in | app=c:\harris\winshare2\ee\sbc\winapp\logger\bin\debug\logger.vshost.exe |
"UDP Query User{DC9645D7-BCB4-4116-A48A-B97A71121BC9}C:\program files\harris corp\hdeconfig\hdeconfig.exe" = protocol=17 | dir=in | app=c:\program files\harris corp\hdeconfig\hdeconfig.exe |
"UDP Query User{DE67F0D2-E8BA-4B7B-BAB5-9AEA35569734}C:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.vshost.exe" = protocol=17 | dir=in | app=c:\users\jeff\documents\visual studio 2005\projects\harris\projects\exporter\bin\debug\hdeconfig.vshost.exe |
"UDP Query User{E67F6576-3009-4F99-8B8B-6886C28AFFA3}C:\program files\tftpd32\tftpd32.exe" = protocol=17 | dir=in | app=c:\program files\tftpd32\tftpd32.exe |
"UDP Query User{E7471F6D-B2DC-4A7A-A0A7-9B32B7E20749}C:\harris\winshare2\ee\sbc\winapp\logger\bin\debug\logger.vshost.exe" = protocol=17 | dir=in | app=c:\harris\winshare2\ee\sbc\winapp\logger\bin\debug\logger.vshost.exe |
"UDP Query User{E9383FC9-4F98-43A3-A8B0-CD94E8E05FBC}C:\program files\harris corp\flexstar\hde-200 logger\logger.exe" = protocol=17 | dir=in | app=c:\program files\harris corp\flexstar\hde-200 logger\logger.exe |
"UDP Query User{FAF6C991-714B-4303-AB95-772927113033}C:\program files\tftputil\tftputil gui.exe" = protocol=17 | dir=in | app=c:\program files\tftputil\tftputil gui.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003B5184-F3DF-AF76-CB17-D35B7BB46B81}" = CCC Help Japanese
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{016A9D72-3A3D-4D6A-B28C-2AEE9BAD249A}" = Doppler
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{0DFC8F48-0BF4-470A-869E-40545CC6A418}" = Eudora
"{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music
"{0F6932CF-E642-5A7A-8194-3F7443188287}" = CCC Help Turkish
"{103A43D9-9ED8-E78D-7BF1-E536DFE6FC9F}" = Catalyst Control Center Localization Greek
"{1216A1B7-E7C4-412B-9C2D-CC4678071471}" = HDE-200 Logger
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12887AF2-AE16-34CC-E85C-637DF6911C8C}" = Catalyst Control Center Localization Turkish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13614186-B0A0-AA21-F75A-2097F9167DB8}" = CCC Help Portuguese
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{177B615E-47B1-C1C4-6F3B-7D6FEB8D4564}" = CCC Help Thai
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1AA86313-B188-498D-91CF-D017AC5A82A5}" = SolarWinds TFTP Server
"{1F01E0F8-6C55-4BAA-B6A2-AE3D878E8AA2}" = IAR Embedded Workbench for ARM 4.42A
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26210745-925C-8AE4-F3B9-5FA737A1F6F2}" = CCC Help Russian
"{262C7F33-8251-432E-88C1-E9F42A53F8F0}" = PDFill PDF Editor with FREE PDF Writer and Tools
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2768CDA5-57DA-59D4-884F-A0F8A5B36D3E}" = CCC Help Finnish
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29DC966A-DA3E-3ED4-68E7-6D3D9A055B42}" = Catalyst Control Center Localization Korean
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2D1E5B3B-419C-4FF3-9002-73C146DBA3D9}" = IAR Embedded Workbench for ARM 5.30
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2E7A9DDC-E062-0074-08AB-DE7D1B431F75}" = Catalyst Control Center Localization Chinese Traditional
"{2FAE3800-CC47-C556-C57F-A91851BF7854}" = CCC Help French
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{32DCE772-D109-4FAF-9CA3-A6AA27B824AD}" = Aptina Imaging DevSuite
"{33824DAC-3F98-0BB6-56D5-7DE1A3CCC068}" = Catalyst Control Center Localization German
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3621A2DF-0870-FE7E-674F-1DBCB18C5D22}" = ccc-utility
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EB7A19B-690F-49BA-B494-CADA547D0DB9}_is1" = Virtual Moon Atlas Pro 3.5
"{3F11CE8A-388B-0D3A-DF6F-061F23A13D26}" = CCC Help Korean
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41DD15BE-811D-7DEF-19A9-30AF18F75EFF}" = Catalyst Control Center Localization Thai
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52F368DE-06BD-E116-9233-D1DE207BDFE6}" = CCC Help Dutch
"{53BABC75-1DC1-479B-224B-1EB9E18A799B}" = CCC Help German
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{556EEE74-6788-4292-8252-8B17E2C7952A}" = Photosynth 2.0.1403.5
"{56797214-1A4C-052E-1ECE-B00308BF3362}" = CCC Help Chinese Standard
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56DB0BD0-E3EB-49B4-A312-97CF88BE12CE}" = Windows Mobile 6 Professional SDK
"{572D71E9-5102-74B3-5D22-DEDF911F7FE5}" = CCC Help Italian
"{5757AE1A-1DB4-4898-9806-09F77FBD5E57}" = MSDN Library for Visual Studio .NET 2003
"{5868DD13-0DB2-4CE9-9F32-A81EFE09482E}" = DotNetBar for Windows Forms
"{5BA0C9F0-3B01-91A3-6922-4DCF943D9CBE}" = CCC Help English
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{5FB8C47C-E54B-4B45-9AF9-133E99C87DE3}" = TimeBiller ActiveSync Provider Support
"{6080CE3C-2CB3-2FA3-1CE2-3350B06664BC}" = CCC Help Swedish
"{611E35B8-7F46-DDBB-CC4F-FAAED6C054FF}" = Catalyst Control Center Localization Spanish
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F79096-EB6C-47DE-9E1F-099861DC057F}" = eReader
"{6668C7AC-1912-441C-BC67-F04D9ABA57EF}" = Micro Net Utilities
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67692AC8-CB30-472E-88CF-805657AE3E9C}" = Perforce Visual Components
"{678F1F2D-F214-08D4-67FB-AC04316C4940}" = ccc-core-static
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{691A2D5E-2ECA-40E2-AF66-96A31C16ECD8}" = Blackfin SDK 1.10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A0B868C-89BE-ACF1-8C0A-CC88878A9E46}" = Catalyst Control Center Localization Russian
"{6C4734CF-A10C-DFF4-5565-457F33849862}" = Catalyst Control Center Localization Swedish
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DECCD60-782D-7B14-22DE-FB8D6EA46433}" = CCC Help Polish
"{705E9ED2-EDFB-4802-BF38-D06A1CE16E98}" = SplashPhoto for PocketPC
"{7078C6C2-F5A5-4A5F-86A8-CD1301CA07DF}" = Mobipocket Reader 6.1
"{715044AC-B95E-4CD0-9B0C-CEDDB422F93B}" = CCC Help Czech
"{724A8BEC-B350-1C76-C580-959AEA487108}" = Catalyst Control Center Localization Japanese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7994AA46-4BA6-4349-1606-1DF4148CE05B}" = CCC Help Hungarian
"{7AFBAC39-F6A8-9F8D-6A6D-F134F7E34B6E}" = Catalyst Control Center Localization Danish
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{845D19A7-0BBF-12DF-87CF-F5D468930EA6}" = Catalyst Control Center Localization Czech
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{896D642C-7125-44F0-AC49-A23ABF82209C}" = CDBurnerXP Pro 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{90BF970B-3335-CFD5-711C-9FE0310A97C0}" = CCC Help Greek
"{91530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{926593ED-3962-4630-7CE3-34FF1B4ACCF3}" = Catalyst Control Center Localization Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9726DB5B-D4B5-4F91-B9C2-C2C0AD7C2C67}" = TouchSet Touch Panel Driver Setup for Windows XP
"{9835FB0B-80A7-4927-8B0E-526E7CD7CFBF}" = Harris FlexStar HDE-200 Control Center
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9E2EB8B9-A938-47A2-AB22-6EEEDC7DC44D}" = Cropper
"{9EB0D4D4-87A5-52F5-C59C-159F81BED0E6}" = Catalyst Control Center Graphics Previews Vista
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A58F2B4A-ABAC-479E-83CE-F3AF284C9737}" = Sentinel System Driver Installer 7.4.2
"{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}" = AvantGo Client
"{A91383E9-0311-DB40-6AF6-3F9E80F83E84}" = Catalyst Control Center Localization Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B1211E68-4DA2-7942-BE75-14272A8C1EA9}" = Catalyst Control Center Localization Dutch
"{B1F8FA80-EFA5-EC12-AD36-F5266EF90B61}" = CCC Help Danish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B2F2C2D7-4237-412A-8277-F2CA12023559}" = GolfScore
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4369E44-8703-E769-A711-40EE5000AC2C}" = Catalyst Control Center Core Implementation
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7DE7B5E-4A2B-B709-E133-EC74C81E654A}" = Catalyst Control Center Graphics Full New
"{B87A3B9F-7632-E053-2148-8EDD1A787B78}" = Catalyst Control Center Localization Chinese Standard
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C04C5426-75E8-4229-82D1-2C90304BA24B}" = Importer Core 4.0
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C1C6A301-6BFC-486B-8BF5-414C1756C8A2}" = Upflash
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C7EA6173-A2B8-D45E-A0EE-74F8D2C58D30}" = Catalyst Control Center Localization Hungarian
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile Device Center Driver Update
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1C3920F-1DC3-A2FA-BF5E-7497B5EF072E}" = Catalyst Control Center Localization Norwegian
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D760AFA6-20DE-424C-9D05-86608967BFB6}" = Modeling Power Toys for Visual Studio 2008
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D95AAA04-9BEF-54B3-CD70-348AC1155DAB}" = Catalyst Control Center Graphics Full Existing
"{D9C7C58C-AC51-EDBF-CF22-E4E1B93ED50D}" = Skins
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{dd47a96a-5f55-4969-9973-19417c23c4e3}.sdb" = II
"{DDC4619D-1DC8-C2A7-4968-45586F237131}" = CCC Help Norwegian
"{DE899090-BDDF-4FDE-A88A-579331A82562}" = TCP Test Tool 2.3
"{E015B7D9-01AD-FE29-052A-489F4F29ED7F}" = Catalyst Control Center Graphics Light
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7511B20-2857-3F50-1B84-F0F32C519FE1}" = CCC Help Chinese Traditional
"{EB5BE9DE-6025-6227-0C25-AE5C852EC479}" = Catalyst Control Center Localization Polish
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC28331A-FF2B-6D66-D8A0-32C706AEA120}" = CCC Help Spanish
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F138FC69-3A60-4FB2-B24A-1084B6AF150A}" = GPS Pathfinder Tools SDK 2.10 Evaluation
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F2B27034-6059-0549-F01A-4BD9865521B1}" = Catalyst Control Center Localization French
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F7BB00A8-4D83-4E86-8391-A84E4057376F}" = Programming Microsoft ASP.NET 2.0 Core Reference
"{FBE6B550-A93E-AA46-1DBB-421EC319E2DA}" = Catalyst Control Center Localization Italian
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.64
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AMCap" = AMCap
"ATI Uninstaller" = ATI Uninstaller
"Audacity_is1" = Audacity 1.2.6
"Chapura PocketCopy Uninstall_is1" = Chapura PocketCopy 2.1.1
"ClipX" = ClipX
"CMU 1394 Digital Camera Driver" = CMU 1394 Digital Camera Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crossword Weaver 8.0" = Crossword Weaver 8.0
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"Debut" = Debut Video Capture Software
"Desktop Dialer" = Desktop Dialer
"Directory Printer_is1" = Directory Printer 3.73
"Egress" = Egress
"Fiddler2" = Fiddler2
"FileZilla Client" = FileZilla Client 3.3.2
"FlexMail" = FlexMail 4
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HijackThis" = HijackThis 2.0.2
"HitEmStraight" = HitEmStraight
"ImageJ_is1" = ImageJ 1.41o
"InstallShield_{1AA86313-B188-498D-91CF-D017AC5A82A5}" = SolarWinds TFTP Server
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"J-Link ARM V4.06b" = J-Link ARM V4.06b
"Juniper Network Connect 6.2.0" = Juniper Networks Network Connect 6.2.0
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"oggcodecs" = oggcodecs 0.71.0946
"OmniFormat" = OmniFormat
"OmniGSoft Nine Hole Golf 1.0 (Trial Version)" = OmniGSoft Nine Hole Golf 1.0 (Trial Version)
"Pdf995" = Pdf995
"Picasa2" = Picasa 2
"PlotLab .NET version 3.0 P14_is1" = PlotLab .NET version 3.0 P14
"PRJPRO" = Microsoft Office Project Professional 2007
"QK SMTP Server" = QK SMTP Server
"ReaConverter 5.5 Pro_is1" = ReaConverter 5.5 Pro
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RSP OGG Vorbis Player OCX" = RSP OGG Vorbis Player OCX 2.8.1
"Samsung ML-1740 Series" = Samsung ML-1740 Series
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tftpd32" = Tftpd32 Standalone Edition
"TFTPUtil" = TFTPUtil GUI Installer
"TightVNC_is1" = TightVNC 1.3.9
"TimeBiller Pack (Demo)_is1" = TimeBiller Pack 3.0
"TimeBiller Pack_is1" = TimeBiller Pack 3.0
"TimeSnapper Professional" = TimeSnapper Professional 3.5.0.22
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Media Center Game Console" = TOSHIBA Media Center Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trillian" = Trillian
"Ultra MP4 Video Converter_is1" = Ultra MP4 Video Converter 4.2.0716
"Virtual Magnifying Glass_is1" = Virtual Magnifying Glass v3.3.2
"Visual Assist X" = Visual Assist X
"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualDSP_{84208599-1789-46FB-82D6-06F5B4FE2977}" = VisualDSP++ 4.5 (Updated February 2007) (C:\Program Files\Analog Devices\VisualDSP 4.5)
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Mobile Device Handbook" = T-Mobile Wing™ User Manual
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winmail Reader_is1" = Winmail Reader 1.1.12
"WinMerge_is1" = WinMerge 2.8.0.0
"WinPcapInst" = WinPcap 4.0.2
"Wireshark" = Wireshark 0.99.7
"WT022084" = Bejeweled 2 Deluxe
"WT022085" = Blackhawk Striker 2
"WT022086" = Blasterball 3
"WT022087" = Diner Dash - Flo on the Go
"WT022089" = FATE
"WT022090" = Mah Jong Quest
"WT022091" = Penguins!
"WT022092" = Polar Bowler
"WT022093" = Polar Golfer
"WZCLINE" = WinZip Command Line Support Add-On 2.2
"Xilinx ISE 9.2i" = Xilinx ISE 9.2i
"XXConsole" = XXConsole: Super Console Generator ver 0.93
"Yahoo! Messenger" = Yahoo! Messenger
"ZTreeWin" = ZTreeWin (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3441931732-2950259277-583699549-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Abacast Client" = Abacast Client
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/7/2009 4:33:28 PM | Computer Name = Jeff-Vista | Source = Application Error | ID = 1000
Description = Faulting application GelAnalysis.exe, version 0.0.0.0, time stamp
0x49da0b2c, faulting module GelAnalysis.exe, version 0.0.0.0, time stamp 0x49da0b2c,
exception code 0xc0000005, fault offset 0x0003b84a, process id 0xeb4, application
start time 0x01c9b7c01b744ba0.

Error - 4/7/2009 4:44:40 PM | Computer Name = Jeff-Vista | Source = Application Error | ID = 1000
Description = Faulting application GelAnalysis.exe, version 0.0.0.0, time stamp
0x49da0b2c, faulting module GelAnalysis.exe, version 0.0.0.0, time stamp 0x49da0b2c,
exception code 0xc0000005, fault offset 0x0003b84a, process id 0x1554, application
start time 0x01c9b7c1ac8888d0.

Error - 4/8/2009 10:17:27 AM | Computer Name = Jeff-Vista | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1098 Start Time: 01c9b6be55e25eb0 Termination Time: 0

Error - 4/10/2009 3:54:58 PM | Computer Name = Jeff-Vista | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error - 4/11/2009 2:50:30 PM | Computer Name = Jeff-Vista | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error - 4/14/2009 12:10:54 AM | Computer Name = Jeff-Vista | Source = Application Error | ID = 1000
Description = Faulting application GelIP.exe, version 1.0.0.1, time stamp 0x494f33c3,
faulting module GelIP.exe, version 1.0.0.1, time stamp 0x494f33c3, exception code
0xc0000005, fault offset 0x000a6920, process id 0xe34, application start time 0x01c9bc8ba00b4920.

Error - 4/15/2009 7:14:05 PM | Computer Name = Jeff-Vista | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error - 4/16/2009 7:12:30 PM | Computer Name = Jeff-Vista | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error - 4/18/2009 9:28:16 AM | Computer Name = Jeff-Vista | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error - 4/18/2009 9:30:26 AM | Computer Name = Jeff-Vista | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

[ FlexStar Events ]
Error - 10/23/2008 4:11:40 PM | Computer Name = Jeff-Vista | Source = Jeffs Exporter c67 2 | ID = 0
Description = ../eexprti/eexprti.cpp(5424) wrong number OF responses -1

Error - 10/23/2008 4:11:40 PM | Computer Name = Jeff-Vista | Source = Jeffs Exporter c67 2 | ID = 0
Description = eexpxtx.c(276) eexprti_init failed to initialize (c67 needs reset?)
- eexpxtx process exit

Error - 10/23/2008 4:12:03 PM | Computer Name = Jeff-Vista | Source = Jeffs Exporter c67 2 | ID = 0
Description = adminx.c(1727) Watchdog - heartbeat EEXPXCtrlIn failed, reboot
in 30 seconds.

Error - 10/23/2008 4:13:19 PM | Computer Name = Jeff-Vista | Source = Jeffs Exporter c67 2 | ID = 0
Description = cfghelp.cpp(384) GetAttrib(mac) failed

Error - 10/23/2008 4:13:22 PM | Computer Name = Jeff-Vista | Source = Jeffs Exporter c67 2 | ID = 0
Description = iid.c(923) POLL SOCKET TIMEOUT (52 ms) - retrying

Error - 10/23/2008 4:13:22 PM | Computer Name = Jeff-Vista | Source = Jeffs Exporter c67 2 | ID = 0
Description = ../eexprti/eexprti.cpp(5580) C67 Receive timeout. Retrying..

Error - 10/24/2008 11:26:17 AM | Computer Name = Jeff-Vista | Source = Jeffs Exporter c67 2 | ID = 0
Description = cfghelp.cpp(384) GetAttrib(mac) failed

Error - 10/24/2008 11:28:27 AM | Computer Name = Jeff-Vista | Source = Jeffs Exporter Mode test | ID = 0
Description = cfghelp.cpp(384) GetAttrib(mac) failed

Error - 10/24/2008 11:28:45 AM | Computer Name = Jeff-Vista | Source = Jeffs Exporter Mode test | ID = 0
Description = iid.c(923) POLL SOCKET TIMEOUT (52 ms) - retrying

Error - 10/24/2008 11:28:45 AM | Computer Name = Jeff-Vista | Source = Jeffs Exporter Mode test | ID = 0
Description = ../eexprti/eexprti.cpp(5580) C67 Receive timeout. Retrying..

[ System Events ]
Error - 7/22/2010 2:10:06 PM | Computer Name = Jeff-Vista | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001B9E2A0690. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 7/22/2010 4:17:19 PM | Computer Name = Jeff-Vista | Source = DCOM | ID = 10010
Description =

Error - 7/22/2010 4:21:11 PM | Computer Name = Jeff-Vista | Source = Service Control Manager | ID = 7000
Description =

Error - 7/22/2010 4:21:11 PM | Computer Name = Jeff-Vista | Source = Service Control Manager | ID = 7000
Description =

Error - 7/22/2010 6:33:31 PM | Computer Name = Jeff-Vista | Source = Dhcp | ID = 1002
Description = The IP address lease 10.33.38.225 for the Network Card with network
address 001B9E2A0690 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/23/2010 3:59:21 PM | Computer Name = Jeff-Vista | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.118 for the Network Card with network
address 001B9E2A0690 has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/23/2010 9:36:45 PM | Computer Name = Jeff-Vista | Source = Dhcp | ID = 1002
Description = The IP address lease 10.33.38.167 for the Network Card with network
address 001B9E2A0690 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/24/2010 10:56:33 PM | Computer Name = Jeff-Vista | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:47:10 PM on 7/24/2010 was unexpected.

Error - 7/24/2010 10:57:56 PM | Computer Name = Jeff-Vista | Source = Service Control Manager | ID = 7000
Description =

Error - 7/24/2010 10:57:56 PM | Computer Name = Jeff-Vista | Source = Service Control Manager | ID = 7000
Description =


< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:58 PM

Posted 26 July 2010 - 02:57 AM

Hi,

please run maxlook next:

You must first verify that you can logon to the Windows Recovery Console.
To do so, you must have the Recovery Console installed or use the Windows Vista installation cd.

How to install and use the Windows XP Recovery Console


Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat




You will see 1 file copied many times then return to the x:\windows> prompt.
Type Exit to restart your computer then logon in normal mode.
Once logged in please do this:
  • Click on start
  • select Run...
  • enter maxlook.exe -sig and hit enter
  • a blue window will open. Please make sure that you are connected to the internet while the blue window is open.
  • Once it is finished a log file will open. Please save that log and post the content in your next reply.
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:58 PM

Posted 06 August 2010 - 04:32 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:58 PM

Posted 07 August 2010 - 11:00 AM

Hi,

topic reopened.

Please let me know how the PC is currently doing.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 DelMarGuy

DelMarGuy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 07 August 2010 - 11:24 AM

Thanks for the help so far - the PC is still the same, I see some kind of malware call home from some websites. Also, I am getting intermittent BSOD, but I'm not sure if they are related or not. Here's the log from maxlook:

CODE
Run from C:\Users\Jeff\Downloads\maxlook.exe on Sat 08/07/2010 at  8:23:51.05

--------- maxlook unsigned files ---------

c:\windows\maxdrive\1394cmdr.sys:
    Verified:    Unsigned
    File date:    10:23 AM 3/17/2008
    Publisher:    CMU Robotics Institute
    Description:    1394 Camera Driver
    Product:    1394 Digital Camera
    Version:    6.04.05.0132
    File version:    6.04.05.0132
c:\windows\maxdrive\cdr4_xp.sys:
    Verified:    Unsigned
    File date:    3:00 AM 10/18/2006
    Publisher:    Sonic Solutions
    Description:    CDR4 CD and DVD Place Holder Driver (see PxHelp)
    Product:    Drag-to-Disc
    Version:    8.0.0.212
    File version:    8.0.0.212
c:\windows\maxdrive\cdralw2k.sys:
    Verified:    Unsigned
    File date:    3:00 AM 10/18/2006
    Publisher:    Sonic Solutions
    Description:    CDRAL Place Holder Driver (see PxHelp)
    Product:    Drag-to-Disc
    Version:    8.0.0.212
    File version:    8.0.0.212
c:\windows\maxdrive\DGIVECP.SYS:
    Verified:    Unsigned
    File date:    6:50 PM 12/8/2006
    Publisher:    Samsung Electronics Co., Ltd.
    Description:    Windows 2k,XP IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes
    Product:    Samsung Electronics Co., Ltd.  VECP for Windows 2000, XP
    Version:    1.1.2.40
    File version:    1.1.2.40
c:\windows\maxdrive\grmngen.sys:
    Verified:    Unsigned
    File date:    4:18 PM 3/8/2007
    Publisher:    GARMIN Corp.
    Description:    Generic WDM Support Driver
    Product:    
    Version:    2, 2, 1, 0
    File version:    2, 2, 1, 0
c:\windows\maxdrive\grmnusb.sys:
    Verified:    Unsigned
    File date:    4:18 PM 3/8/2007
    Publisher:    GARMIN Corp.
    Description:    grmnusb.sys
    Product:    Garmin USB GPS
    Version:    2, 2, 1, 0
    File version:    2, 2, 1, 0
c:\windows\maxdrive\IIWDrvr6.sys:
    Verified:    Unsigned
    File date:    6:39 AM 2/19/2008
    Publisher:    Jungo
    Description:    WinDriver Device Driver 9.20
    Product:    WinDriver Device Driver (x86)
    Version:    9.20
    File version:    9.20
c:\windows\maxdrive\kp_malibu.sys:
    Verified:    Unsigned
    File date:    3:32 PM 6/11/2008
    Publisher:    Innovative Integration
    Description:    KP_Malibu Driver
    Product:    Malibu Kernel Plugin Driver
    Version:    9.20
    File version:    9.20 built by: WinDDK
c:\windows\maxdrive\KR10I.sys:
    Verified:    Unsigned
    File date:    11:50 AM 2/14/2006
    Publisher:    TOSHIBA CORPORATION
    Description:    TOSHIBA RAID Driver
    Product:    TOSHIBA RAID
    Version:    1.03
    File version:    1.03.0008
c:\windows\maxdrive\KR10N.sys:
    Verified:    Unsigned
    File date:    4:57 PM 9/27/2005
    Publisher:    TOSHIBA CORPORATION
    Description:    TOSHIBA RAID Driver
    Product:    TOSHIBA RAID
    Version:    1.00
    File version:    1.02.0005
c:\windows\maxdrive\kr3npxp.sys:
    Verified:    Unsigned
    File date:    8:06 PM 9/27/2006
    Publisher:    TOSHIBA CORPORATION
    Description:    TOSHIBA RAID Driver
    Product:    TOSHIBA RAID
    Version:    3.00
    File version:    3.00.0072
c:\windows\maxdrive\miusb2.sys:
    Verified:    Unsigned
    File date:    5:27 PM 12/10/2008
    Publisher:    Micron Technology, Inc.
    Description:    miusb64/miusb2
    Product:    Aptina Imaging DevSuite
    Version:    5.1.0.3508
    File version:    5.1.0.3508
c:\windows\maxdrive\pxhelp20.sys:
    Verified:    Unsigned
    File date:    3:00 AM 10/18/2006
    Publisher:    Sonic Solutions
    Description:    Px Engine Device Driver for Windows 2000/XP
    Product:    PxHelp20
    Version:    n/a
    File version:    3.00.43J
c:\windows\maxdrive\SSPORT.SYS:
    Verified:    Unsigned
    File date:    6:50 PM 12/8/2006
    Publisher:    Samsung Electronics
    Description:    32bit Port Contention Driver
    Product:    Port Contention Driver
    Version:    1.0
    File version:    1.0
c:\windows\maxdrive\tdcmdpst.sys:
    Verified:    Unsigned
    File date:    11:50 AM 10/18/2006
    Publisher:    TOSHIBA Corporation.
    Description:    Toshiba ODD Writing Driver For x86.
    Product:    n/a
    Version:    2, 0, 0, 0
    File version:    2, 0, 0, 0
c:\windows\maxdrive\touchset.sys:
    Verified:    Unsigned
    File date:    5:09 PM 6/27/2006
    Publisher:    PAN JIT INTERNATIONAL INC.
    Description:    TouchSet USB Touch Panel Controller Driver
    Product:    TouchSet USB Touch Panel Controller
    Version:    1. 1. 6. 0
    File version:    1. 1. 6. 91
c:\windows\maxdrive\VPCAppSv.sys:
    Verified:    Unsigned
    File date:    6:31 PM 5/20/2002
    Publisher:    Connectix Corporation
    Description:    Virtual PC Application Services
    Product:    Virtual PC
    Version:    4.4 (Build 327)
    File version:    2.0 (Build 327)
c:\windows\maxdrive\VPCPower.sys:
    Verified:    Unsigned
    File date:    10:30 AM 5/16/2002
    Publisher:    Connectix Corporation
    Description:    VPCPower WDM Support Driver
    Product:    
    Version:    1, 2, 0, 2
    File version:    1, 2, 0, 2
c:\windows\maxdrive\WmUsbIce.sys:
    Verified:    Unsigned
    File date:    12:31 AM 5/26/2006
    Publisher:    Analog Devices, Inc.
    Description:    USB-ICE driver
    Product:    n/a
    Version:    1.2.0.0
    File version:    1.2.0.0
c:\windows\maxdrive\XPC4DRVR.SYS:
    Verified:    Unsigned
    File date:    2:12 PM 5/18/2007
    Publisher:    Xilinx, Inc.
    Description:    Xilinx PC4 Driver
    Product:    Xilinx PC4 Driver
    Version:    1.040
    File version:    1.040
c:\windows\maxdrive\XPVCOM.sys:
    Verified:    Unsigned
    File date:    2:00 AM 3/23/2007
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Version:    n/a
    File version:    n/a

--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\1394cmdr.sys:
    Verified:    Unsigned
    File date:    10:23 AM 3/17/2008
    Publisher:    CMU Robotics Institute
    Description:    1394 Camera Driver
    Product:    1394 Digital Camera
    Version:    6.04.05.0132
    File version:    6.04.05.0132
c:\windows\system32\drivers\cdr4_xp.sys:
    Verified:    Unsigned
    File date:    3:00 AM 10/18/2006
    Publisher:    Sonic Solutions
    Description:    CDR4 CD and DVD Place Holder Driver (see PxHelp)
    Product:    Drag-to-Disc
    Version:    8.0.0.212
    File version:    8.0.0.212
c:\windows\system32\drivers\cdralw2k.sys:
    Verified:    Unsigned
    File date:    3:00 AM 10/18/2006
    Publisher:    Sonic Solutions
    Description:    CDRAL Place Holder Driver (see PxHelp)
    Product:    Drag-to-Disc
    Version:    8.0.0.212
    File version:    8.0.0.212
c:\windows\system32\drivers\DGIVECP.SYS:
    Verified:    Unsigned
    File date:    6:50 PM 12/8/2006
    Publisher:    Samsung Electronics Co., Ltd.
    Description:    Windows 2k,XP IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes
    Product:    Samsung Electronics Co., Ltd.  VECP for Windows 2000, XP
    Version:    1.1.2.40
    File version:    1.1.2.40
c:\windows\system32\drivers\grmngen.sys:
    Verified:    Unsigned
    File date:    4:18 PM 3/8/2007
    Publisher:    GARMIN Corp.
    Description:    Generic WDM Support Driver
    Product:    
    Version:    2, 2, 1, 0
    File version:    2, 2, 1, 0
c:\windows\system32\drivers\grmnusb.sys:
    Verified:    Unsigned
    File date:    4:18 PM 3/8/2007
    Publisher:    GARMIN Corp.
    Description:    grmnusb.sys
    Product:    Garmin USB GPS
    Version:    2, 2, 1, 0
    File version:    2, 2, 1, 0
c:\windows\system32\drivers\IIWDrvr6.sys:
    Verified:    Unsigned
    File date:    6:39 AM 2/19/2008
    Publisher:    Jungo
    Description:    WinDriver Device Driver 9.20
    Product:    WinDriver Device Driver (x86)
    Version:    9.20
    File version:    9.20
c:\windows\system32\drivers\kp_malibu.sys:
    Verified:    Unsigned
    File date:    3:32 PM 6/11/2008
    Publisher:    Innovative Integration
    Description:    KP_Malibu Driver
    Product:    Malibu Kernel Plugin Driver
    Version:    9.20
    File version:    9.20 built by: WinDDK
c:\windows\system32\drivers\KR10I.sys:
    Verified:    Unsigned
    File date:    11:50 AM 2/14/2006
    Publisher:    TOSHIBA CORPORATION
    Description:    TOSHIBA RAID Driver
    Product:    TOSHIBA RAID
    Version:    1.03
    File version:    1.03.0008
c:\windows\system32\drivers\KR10N.sys:
    Verified:    Unsigned
    File date:    4:57 PM 9/27/2005
    Publisher:    TOSHIBA CORPORATION
    Description:    TOSHIBA RAID Driver
    Product:    TOSHIBA RAID
    Version:    1.00
    File version:    1.02.0005
c:\windows\system32\drivers\kr3npxp.sys:
    Verified:    Unsigned
    File date:    8:06 PM 9/27/2006
    Publisher:    TOSHIBA CORPORATION
    Description:    TOSHIBA RAID Driver
    Product:    TOSHIBA RAID
    Version:    3.00
    File version:    3.00.0072
c:\windows\system32\drivers\miusb2.sys:
    Verified:    Unsigned
    File date:    5:27 PM 12/10/2008
    Publisher:    Micron Technology, Inc.
    Description:    miusb64/miusb2
    Product:    Aptina Imaging DevSuite
    Version:    5.1.0.3508
    File version:    5.1.0.3508
c:\windows\system32\drivers\pxhelp20.sys:
    Verified:    Unsigned
    File date:    3:00 AM 10/18/2006
    Publisher:    Sonic Solutions
    Description:    Px Engine Device Driver for Windows 2000/XP
    Product:    PxHelp20
    Version:    n/a
    File version:    3.00.43J
c:\windows\system32\drivers\SSPORT.SYS:
    Verified:    Unsigned
    File date:    6:50 PM 12/8/2006
    Publisher:    Samsung Electronics
    Description:    32bit Port Contention Driver
    Product:    Port Contention Driver
    Version:    1.0
    File version:    1.0
c:\windows\system32\drivers\tdcmdpst.sys:
    Verified:    Unsigned
    File date:    11:50 AM 10/18/2006
    Publisher:    TOSHIBA Corporation.
    Description:    Toshiba ODD Writing Driver For x86.
    Product:    n/a
    Version:    2, 0, 0, 0
    File version:    2, 0, 0, 0
c:\windows\system32\drivers\touchset.sys:
    Verified:    Unsigned
    File date:    5:09 PM 6/27/2006
    Publisher:    PAN JIT INTERNATIONAL INC.
    Description:    TouchSet USB Touch Panel Controller Driver
    Product:    TouchSet USB Touch Panel Controller
    Version:    1. 1. 6. 0
    File version:    1. 1. 6. 91
c:\windows\system32\drivers\VPCAppSv.sys:
    Verified:    Unsigned
    File date:    6:31 PM 5/20/2002
    Publisher:    Connectix Corporation
    Description:    Virtual PC Application Services
    Product:    Virtual PC
    Version:    4.4 (Build 327)
    File version:    2.0 (Build 327)
c:\windows\system32\drivers\VPCPower.sys:
    Verified:    Unsigned
    File date:    10:30 AM 5/16/2002
    Publisher:    Connectix Corporation
    Description:    VPCPower WDM Support Driver
    Product:    
    Version:    1, 2, 0, 2
    File version:    1, 2, 0, 2
c:\windows\system32\drivers\WmUsbIce.sys:
    Verified:    Unsigned
    File date:    12:31 AM 5/26/2006
    Publisher:    Analog Devices, Inc.
    Description:    USB-ICE driver
    Product:    n/a
    Version:    1.2.0.0
    File version:    1.2.0.0
c:\windows\system32\drivers\XPC4DRVR.SYS:
    Verified:    Unsigned
    File date:    2:12 PM 5/18/2007
    Publisher:    Xilinx, Inc.
    Description:    Xilinx PC4 Driver
    Product:    Xilinx PC4 Driver
    Version:    1.040
    File version:    1.040
c:\windows\system32\drivers\XPVCOM.sys:
    Verified:    Unsigned
    File date:    2:00 AM 3/23/2007
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Version:    n/a
    File version:    n/a


Rogue configuration file = C:\Windows\system32\config\eqcc88nh.sav



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:58 PM

Posted 07 August 2010 - 01:04 PM

Hi,

can you please run maxlook once more by simply doubleclicking it and post the log in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 DelMarGuy

DelMarGuy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 07 August 2010 - 02:09 PM

here is maxlook just double-clicked

Run from c:\Users\Jeff\Downloads\maxlook.exe on Sat 08/07/2010 at 11:15:30.54

C:\Windows\system32\drivers\XPVCOM.sys is infected!

2007-03-23 09:00:14 . 2007-03-23 09:00:14 - 30032 - FD255B2A8F614BDCDFAE5F0A289D605E ----a-w- C:\Program Files\Windows Mobile 6 SDK\Tools\Cellular Emulator\xpvcom.sys
2007-03-23 09:00:14 . 2007-03-23 09:00:14 - 30032 - 9E2D7B7A47AE4153E3264F9A6CE4E7C2 ----a-w- C:\Windows\System32\drivers\XPVCOM.sys
2007-03-23 09:00:14 . 2007-03-23 09:00:14 - 30032 - FD255B2A8F614BDCDFAE5F0A289D605E ----a-w- C:\Windows\System32\DriverStore\FileRepository\xpvcom.inf_5082846e\XPVCOM.sys

Rogue configuration file = C:\Windows\system32\config\eqcc88nh.sav


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:58 PM

Posted 07 August 2010 - 02:39 PM

Hi,

One or more of the identified infections is probably a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to clean, please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 DelMarGuy

DelMarGuy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 07 August 2010 - 05:17 PM

Here's the ComboFix report - thanks again!

ComboFix 10-08-07.01 - Jeff 08/07/2010 13:57:54.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.1917.804 [GMT -7:00]
Running from: c:\users\Jeff\Desktop\Virus-root check\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
C:\test.txt
c:\users\Jeff\g2mdlhlpx.exe
c:\users\Jeff\videos\ultra_mp4converter.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\%appdata%
c:\windows\system32\Temp
c:\windows\system32\Temp\eReader_Install\CustomInstaller.exe
c:\windows\system32\Temp\eReader_Install\eReader.PocketPC_2003_and_2003SE.CAB
c:\windows\system32\Temp\eReader_Install\eReader.PocketPC_2003_and_2003SE.ini
c:\windows\system32\Temp\eReader_Install\eReader.PocketPC_WM5_and_WM6.CAB
c:\windows\system32\Temp\eReader_Install\eReader.PocketPC_WM5_and_WM6.ini
c:\windows\system32\Temp\eReader_Install\reader_2.ico
c:\windows\system32\Thumbs.db

Infected copy of c:\windows\system32\drivers\XPVCOM.sys was found and disinfected
Restored copy from - c:\windows\System32\DriverStore\FileRepository\xpvcom.inf_5082846e\XPVCOM.sys

.
((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
.

2010-08-07 17:48 . 2010-08-07 17:48 -------- d-----w- c:\program files\PIXresizer
2010-08-07 15:23 . 2010-06-07 23:16 220024 ----a-w- c:\windows\sigcheck.exe
2010-08-07 15:03 . 2010-08-07 18:27 -------- d-----w- c:\windows\maxdrive
2010-08-03 02:00 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-08-03 01:58 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2010-08-02 17:56 . 2010-08-02 17:56 -------- d--h--w- c:\programdata\svchost
2010-07-29 15:14 . 2010-07-29 15:24 -------- d-----w- c:\users\Jeff\AppData\Local\ShippingAssistant
2010-07-29 15:14 . 2010-07-29 15:14 -------- d-----w- c:\program files\USPS
2010-07-19 23:43 . 2010-07-30 14:25 -------- d-----w- c:\program files\Fiddler2
2010-07-09 23:20 . 2010-07-09 23:22 12582564 ----a-w- C:\ltc_100709NakedFlats.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 22:03 . 2007-10-27 21:44 -------- d-----w- c:\users\Jeff\AppData\Roaming\MailWasherPro
2010-08-07 20:43 . 2007-09-02 04:27 -------- d-----w- c:\users\Jeff\AppData\Roaming\Skype
2010-08-07 15:29 . 2009-12-07 21:25 -------- d-----w- c:\users\Jeff\AppData\Roaming\skypePM
2010-08-06 23:32 . 2007-11-19 00:51 -------- d-----w- c:\users\Jeff\AppData\Roaming\VisualAssist
2010-08-05 17:50 . 2007-12-06 21:06 -------- d-----w- c:\programdata\pdf995
2010-08-04 20:19 . 2009-01-13 20:38 -------- d-----w- c:\users\Jeff\AppData\Roaming\RCP 5
2010-07-30 20:55 . 2007-10-23 15:34 7944 ----a-w- c:\users\Jeff\AppData\Local\d3d9caps.dat
2010-07-18 19:13 . 2009-02-26 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 14:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-12 16:23 . 2007-11-19 00:50 -------- d-----w- c:\program files\Visual Assist X
2010-07-10 04:20 . 2010-03-05 23:06 -------- d-----w- c:\program files\TimeSnapper
2010-07-06 18:21 . 2010-07-06 18:17 12574676 ----a-w- C:\ltc_100706am.zip
2010-06-25 02:00 . 2007-05-26 11:33 -------- d-----w- c:\program files\Microsoft.NET
2010-06-21 18:38 . 2010-06-21 18:37 -------- d-----w- c:\users\Jeff\AppData\Roaming\Elluminate
2010-06-10 06:16 . 2010-06-10 06:16 14410232 ----a-w- C:\All Comb Formats.zip
2010-06-09 15:14 . 2007-05-26 11:31 -------- d-----w- c:\programdata\Microsoft Help
2010-05-26 17:06 . 2010-06-09 10:33 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 10:33 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14 . 2009-10-03 09:01 221568 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2010-02-25 02:57 876544 ----a-w- c:\program files\Perforce\p4exp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2010-02-25 02:57 876544 ----a-w- c:\program files\Perforce\p4exp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2010-02-25 02:57 876544 ----a-w- c:\program files\Perforce\p4exp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2007-10-27 18120904]
TimeSnapper Professional.lnk - c:\program files\TimeSnapper\TimeSnapper.exe [2010-5-22 1064960]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Daily.lnk - c:\users\Jeff\Data\Daily.exe [2007-10-26 14336]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\users\Jeff\Data\Eudora\EuShlExt.dll" [2005-08-10 86016]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Jeff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-04-27 01:56 538744 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\scheduler_monitor]
2007-06-15 19:17 27136 ----a-w- c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-03-22 18:46 448632 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-03-23 04:42 438272 ----a-w- c:\program files\Toshiba\Utilities\SVPWUTIL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSRotIOC]
2006-06-14 21:58 65536 ----a-w- c:\windows\System32\TouchSet\TSRotIOC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 20:31 81920 ----a-w- c:\windows\System32\PCLECoInst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2007-10-08 16:21 55856 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:ee,ec,b6,a1,68,39,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 1394CMDR;CMU 1394 Digital Camera Device;c:\windows\system32\DRIVERS\1394cmdr.sys [2008-03-17 54272]
R3 ImporterLogService;ImporterLogService;c:\program files\Ibiquity Digital\Importer\Importer4.0\Servers\LogService.exe [2008-02-18 434176]
R3 jlink;J-Link driver;c:\windows\system32\Drivers\jlink.sys [2008-07-11 14208]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 MIUSB2;Aptina Imaging USB2 Driver (miusb2.sys);c:\windows\system32\Drivers\miusb2.sys [2008-12-11 13312]
R3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 558592]
R3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [2007-11-01 61440]
R3 sonydcam;Generic 1394 Desktop Camera;c:\windows\system32\DRIVERS\sonydcam.sys [2008-01-19 26624]
R3 TOUCHSET;TouchSet Controller HID Filter Driver;c:\windows\system32\Drivers\touchset.sys [2006-06-28 21760]
R3 usbsnoop;usbsnoop (display);c:\windows\system32\drivers\usbsnoop.sys [2009-01-23 40896]
R3 WmUsbIce;%SvcDesc%;c:\windows\system32\Drivers\WmUsbIce.sys [2006-05-26 20992]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XilinxFirmwareLpLoader;XilinxFirmwareLpLoader;c:\windows\system32\Drivers\xusb_xlp.sys [2007-05-18 17280]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-23 2808664]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-20 28544]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 kp_malibu;kp_malibu;c:\windows\System32\drivers\kp_malibu.SYS [2008-06-11 10752]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-12-09 5120]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 xpvcom;XPVCOM Port;c:\windows\system32\DRIVERS\XPVCOM.sys [2007-03-23 30032]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - VMM

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:29]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:29]

2010-08-07 c:\windows\Tasks\User_Feed_Synchronization-{5A7295D9-DE02-4F8A-81B2-AB929449678B}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://iras.invitrogen.com/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\i50uyl2j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE
AddRemove-Tftpd32 - c:\program files\Tftpd32\uninstall.exe
AddRemove-Xilinx ISE 9.2i - c:\xilinx92i\bin\nt\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-07 15:01
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8C9CFC51]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x881c8d24
\Driver\ACPI -> acpi.sys @ 0x83014d68
\Driver\atapi -> ataport.SYS @ 0x83163a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\C:/Program Files/Perforce]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3441931732-2950259277-583699549-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A33A597D-7BB8-FE30-55FF-60E6BDF4AC65}*]
"damhjjog"=hex:64,62,64,6a,61,61,69,62,6e,67,64,6a,62,6c,65,6e,67,70,61,61,6c,
70,66,6c,6b,68,6b,63,61,64,68,64,6d,6f,65,70,63,6f,6b,6e,00,00
"iapccaaokhicnoajoe"=hex:6a,61,67,6b,6e,6d,6e,61,6f,66,70,69,67,64,64,6a,6a,67,
69,6e,00,00
"habjaddahheplckg"=hex:69,61,6a,6c,6a,6c,63,6f,68,68,65,6c,6d,62,6e,6f,63,6b,
00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\TOSHIBA\IVP\Services\Software Upgrades\Swupdtmr]
@DACL=(02 0000)
@SACL=
"STATE"=dword:00000003
"TMH"=dword:01ca20da
"TML"=dword:3eea43e0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3980)
c:\program files\Perforce\p4exp.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-08-07 15:14:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-07 22:14

Pre-Run: 19,014,795,264 bytes free
Post-Run: 20,793,909,248 bytes free

- - End Of File - - CBF05E8E3815F1314D2D43C1CF07065D


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:58 PM

Posted 08 August 2010 - 04:59 AM

Hi,

that is looking good. How is the PC doing now?

Please redo a scan with maxlook. Therefore first go to Start -> Run and type in maxlook -cleanup.


Then double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat




You will see 1 file copied many times then return to the x:\windows> prompt.
Type Exit to restart your computer then logon in normal mode.
Once logged in please do this:
  • Click on start
  • select Run...
  • enter maxlook.exe -sig and hit enter
  • a blue window will open. Please make sure that you are connected to the internet while the blue window is open.
  • Once it is finished a log file will open. Please save that log and post the content in your next reply.
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.


You need to redo all steps for the log to work.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 DelMarGuy

DelMarGuy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 08 August 2010 - 09:09 AM

Well the PC is a little better, it finally performed a chkdsk that I had requested a week ago, but never seemed to run.

However, when I access some web pages (http://www.signonsandiego.com/) or (http://applianceguru.com/) - I can see in the Firefox status bar attempts to access this IP address - 94.228.209.71, which is what started my investigation. It seems like it's just accessing an extra page of ads, and I'm blocking it now by using Fiddler. So I still think I have some kind of problem - unless both of those websites have a problem, which seems unlikely to me.

Anyway - once again, thanks for all the help, here's the latest from maxlook -

CODE
Run from C:\Users\Jeff\Desktop\Virus-root check\maxlook.exe on Sun 08/08/2010 at  6:58:25.25

--------- maxlook unsigned files ---------

c:\windows\maxdrive\1394cmdr.sys:
    Verified:    Unsigned
    File date:    10:23 AM 3/17/2008
    Publisher:    CMU Robotics Institute
    Description:    1394 Camera Driver
    Product:    1394 Digital Camera
    Version:    6.04.05.0132
    File version:    6.04.05.0132
c:\windows\maxdrive\cdr4_xp.sys:
    Verified:    Unsigned
    File date:    3:00 AM 10/18/2006
    Publisher:    Sonic Solutions
    Description:    CDR4 CD and DVD Place Holder Driver (see PxHelp)
    Product:    Drag-to-Disc
    Version:    8.0.0.212
    File version:    8.0.0.212
c:\windows\maxdrive\cdralw2k.sys:
    Verified:    Unsigned
    File date:    3:00 AM 10/18/2006
    Publisher:    Sonic Solutions
    Description:    CDRAL Place Holder Driver (see PxHelp)
    Product:    Drag-to-Disc
    Version:    8.0.0.212
    File version:    8.0.0.212
c:\windows\maxdrive\DGIVECP.SYS:
    Verified:    Unsigned
    File date:    6:50 PM 12/8/2006
    Publisher:    Samsung Electronics Co., Ltd.
    Description:    Windows 2k,XP IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes
    Product:    Samsung Electronics Co., Ltd.  VECP for Windows 2000, XP
    Version:    1.1.2.40
    File version:    1.1.2.40
c:\windows\maxdrive\grmngen.sys:
    Verified:    Unsigned
    File date:    4:18 PM 3/8/2007
    Publisher:    GARMIN Corp.
    Description:    Generic WDM Support Driver
    Product:    
    Version:    2, 2, 1, 0
    File version:    2, 2, 1, 0
c:\windows\maxdrive\grmnusb.sys:
    Verified:    Unsigned
    File date:    4:18 PM 3/8/2007
    Publisher:    GARMIN Corp.
    Description:    grmnusb.sys
    Product:    Garmin USB GPS
    Version:    2, 2, 1, 0
    File version:    2, 2, 1, 0
c:\windows\maxdrive\IIWDrvr6.sys:
    Verified:    Unsigned
    File date:    6:39 AM 2/19/2008
    Publisher:    Jungo
    Description:    WinDriver Device Driver 9.20
    Product:    WinDriver Device Driver (x86)
    Version:    9.20
    File version:    9.20
c:\windows\maxdrive\kp_malibu.sys:
    Verified:    Unsigned
    File date:    3:32 PM 6/11/2008
    Publisher:    Innovative Integration
    Description:    KP_Malibu Driver
    Product:    Malibu Kernel Plugin Driver
    Version:    9.20
    File version:    9.20 built by: WinDDK
c:\windows\maxdrive\KR10I.sys:
    Verified:    Unsigned
    File date:    11:50 AM 2/14/2006
    Publisher:    TOSHIBA CORPORATION
    Description:    TOSHIBA RAID Driver
    Product:    TOSHIBA RAID
    Version:    1.03
    File version:    1.03.0008
c:\windows\maxdrive\KR10N.sys:
    Verified:    Unsigned
    File date:    4:57 PM 9/27/2005
    Publisher:    TOSHIBA CORPORATION
    Description:    TOSHIBA RAID Driver
    Product:    TOSHIBA RAID
    Version:    1.00
    File version:    1.02.0005
c:\windows\maxdrive\kr3npxp.sys:
    Verified:    Unsigned
    File date:    8:06 PM 9/27/2006
    Publisher:    TOSHIBA CORPORATION
    Description:    TOSHIBA RAID Driver
    Product:    TOSHIBA RAID
    Version:    3.00
    File version:    3.00.0072
c:\windows\maxdrive\miusb2.sys:
    Verified:    Unsigned
    File date:    5:27 PM 12/10/2008
    Publisher:    Micron Technology, Inc.
    Description:    miusb64/miusb2
    Product:    Aptina Imaging DevSuite
    Version:    5.1.0.3508
    File version:    5.1.0.3508
c:\windows\maxdrive\pxhelp20.sys:
    Verified:    Unsigned
    File date:    3:00 AM 10/18/2006
    Publisher:    Sonic Solutions
    Description:    Px Engine Device Driver for Windows 2000/XP
    Product:    PxHelp20
    Version:    n/a
    File version:    3.00.43J
c:\windows\maxdrive\SSPORT.SYS:
    Verified:    Unsigned
    File date:    6:50 PM 12/8/2006
    Publisher:    Samsung Electronics
    Description:    32bit Port Contention Driver
    Product:    Port Contention Driver
    Version:    1.0
    File version:    1.0
c:\windows\maxdrive\tdcmdpst.sys:
    Verified:    Unsigned
    File date:    11:50 AM 10/18/2006
    Publisher:    TOSHIBA Corporation.
    Description:    Toshiba ODD Writing Driver For x86.
    Product:    n/a
    Version:    2, 0, 0, 0
    File version:    2, 0, 0, 0
c:\windows\maxdrive\touchset.sys:
    Verified:    Unsigned
    File date:    5:09 PM 6/27/2006
    Publisher:    PAN JIT INTERNATIONAL INC.
    Description:    TouchSet USB Touch Panel Controller Driver
    Product:    TouchSet USB Touch Panel Controller
    Version:    1. 1. 6. 0
    File version:    1. 1. 6. 91
c:\windows\maxdrive\VPCAppSv.sys:
    Verified:    Unsigned
    File date:    6:31 PM 5/20/2002
    Publisher:    Connectix Corporation
    Description:    Virtual PC Application Services
    Product:    Virtual PC
    Version:    4.4 (Build 327)
    File version:    2.0 (Build 327)
c:\windows\maxdrive\VPCPower.sys:
    Verified:    Unsigned
    File date:    10:30 AM 5/16/2002
    Publisher:    Connectix Corporation
    Description:    VPCPower WDM Support Driver
    Product:    
    Version:    1, 2, 0, 2
    File version:    1, 2, 0, 2
c:\windows\maxdrive\WmUsbIce.sys:
    Verified:    Unsigned
    File date:    12:31 AM 5/26/2006
    Publisher:    Analog Devices, Inc.
    Description:    USB-ICE driver
    Product:    n/a
    Version:    1.2.0.0
    File version:    1.2.0.0
c:\windows\maxdrive\XPC4DRVR.SYS:
    Verified:    Unsigned
    File date:    2:12 PM 5/18/2007
    Publisher:    Xilinx, Inc.
    Description:    Xilinx PC4 Driver
    Product:    Xilinx PC4 Driver
    Version:    1.040
    File version:    1.040
c:\windows\maxdrive\XPVCOM.sys:
    Verified:    Unsigned
    File date:    2:00 AM 3/23/2007
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Version:    n/a
    File version:    n/a

--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\1394cmdr.sys:
    Verified:    Unsigned
    File date:    10:23 AM 3/17/2008
    Publisher:    CMU Robotics Institute
    Description:    1394 Camera Driver
    Product:    1394 Digital Camera
    Version:    6.04.05.0132
    File version:    6.04.05.0132
c:\windows\system32\drivers\cdr4_xp.sys:
    Verified:    Unsigned
    File date:    3:00 AM 10/18/2006
    Publisher:    Sonic Solutions
    Description:    CDR4 CD and DVD Place Holder Driver (see PxHelp)
    Product:    Drag-to-Disc
    Version:    8.0.0.212
    File version:    8.0.0.212
c:\windows\system32\drivers\cdralw2k.sys:
    Verified:    Unsigned
    File date:    3:00 AM 10/18/2006
    Publisher:    Sonic Solutions
    Description:    CDRAL Place Holder Driver (see PxHelp)
    Product:    Drag-to-Disc
    Version:    8.0.0.212
    File version:    8.0.0.212
c:\windows\system32\drivers\DGIVECP.SYS:
    Verified:    Unsigned
    File date:    6:50 PM 12/8/2006
    Publisher:    Samsung Electronics Co., Ltd.
    Description:    Windows 2k,XP IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes
    Product:    Samsung Electronics Co., Ltd.  VECP for Windows 2000, XP
    Version:    1.1.2.40
    File version:    1.1.2.40
c:\windows\system32\drivers\grmngen.sys:
    Verified:    Unsigned
    File date:    4:18 PM 3/8/2007
    Publisher:    GARMIN Corp.
    Description:    Generic WDM Support Driver
    Product:    
    Version:    2, 2, 1, 0
    File version:    2, 2, 1, 0
c:\windows\system32\drivers\grmnusb.sys:
    Verified:    Unsigned
    File date:    4:18 PM 3/8/2007
    Publisher:    GARMIN Corp.
    Description:    grmnusb.sys
    Product:    Garmin USB GPS
    Version:    2, 2, 1, 0
    File version:    2, 2, 1, 0
c:\windows\system32\drivers\IIWDrvr6.sys:
    Verified:    Unsigned
    File date:    6:39 AM 2/19/2008
    Publisher:    Jungo
    Description:    WinDriver Device Driver 9.20
    Product:    WinDriver Device Driver (x86)
    Version:    9.20
    File version:    9.20
c:\windows\system32\drivers\kp_malibu.sys:
    Verified:    Unsigned
    File date:    3:32 PM 6/11/2008
    Publisher:    Innovative Integration
    Description:    KP_Malibu Driver
    Product:    Malibu Kernel Plugin Driver
    Version:    9.20
    File version:    9.20 built by: WinDDK
c:\windows\system32\drivers\KR10I.sys:
    Verified:    Unsigned
    File date:    11:50 AM 2/14/2006
    Publisher:    TOSHIBA CORPORATION
    Description:    TOSHIBA RAID Driver
    Product:    TOSHIBA RAID
    Version:    1.03
    File version:    1.03.0008
c:\windows\system32\drivers\KR10N.sys:
    Verified:    Unsigned
    File date:    4:57 PM 9/27/2005
    Publisher:    TOSHIBA CORPORATION
    Description:    TOSHIBA RAID Driver
    Product:    TOSHIBA RAID
    Version:    1.00
    File version:    1.02.0005
c:\windows\system32\drivers\kr3npxp.sys:
    Verified:    Unsigned
    File date:    8:06 PM 9/27/2006
    Publisher:    TOSHIBA CORPORATION
    Description:    TOSHIBA RAID Driver
    Product:    TOSHIBA RAID
    Version:    3.00
    File version:    3.00.0072
c:\windows\system32\drivers\miusb2.sys:
    Verified:    Unsigned
    File date:    5:27 PM 12/10/2008
    Publisher:    Micron Technology, Inc.
    Description:    miusb64/miusb2
    Product:    Aptina Imaging DevSuite
    Version:    5.1.0.3508
    File version:    5.1.0.3508
c:\windows\system32\drivers\pxhelp20.sys:
    Verified:    Unsigned
    File date:    3:00 AM 10/18/2006
    Publisher:    Sonic Solutions
    Description:    Px Engine Device Driver for Windows 2000/XP
    Product:    PxHelp20
    Version:    n/a
    File version:    3.00.43J
c:\windows\system32\drivers\SSPORT.SYS:
    Verified:    Unsigned
    File date:    6:50 PM 12/8/2006
    Publisher:    Samsung Electronics
    Description:    32bit Port Contention Driver
    Product:    Port Contention Driver
    Version:    1.0
    File version:    1.0
c:\windows\system32\drivers\tdcmdpst.sys:
    Verified:    Unsigned
    File date:    11:50 AM 10/18/2006
    Publisher:    TOSHIBA Corporation.
    Description:    Toshiba ODD Writing Driver For x86.
    Product:    n/a
    Version:    2, 0, 0, 0
    File version:    2, 0, 0, 0
c:\windows\system32\drivers\touchset.sys:
    Verified:    Unsigned
    File date:    5:09 PM 6/27/2006
    Publisher:    PAN JIT INTERNATIONAL INC.
    Description:    TouchSet USB Touch Panel Controller Driver
    Product:    TouchSet USB Touch Panel Controller
    Version:    1. 1. 6. 0
    File version:    1. 1. 6. 91
c:\windows\system32\drivers\VPCAppSv.sys:
    Verified:    Unsigned
    File date:    6:31 PM 5/20/2002
    Publisher:    Connectix Corporation
    Description:    Virtual PC Application Services
    Product:    Virtual PC
    Version:    4.4 (Build 327)
    File version:    2.0 (Build 327)
c:\windows\system32\drivers\VPCPower.sys:
    Verified:    Unsigned
    File date:    10:30 AM 5/16/2002
    Publisher:    Connectix Corporation
    Description:    VPCPower WDM Support Driver
    Product:    
    Version:    1, 2, 0, 2
    File version:    1, 2, 0, 2
c:\windows\system32\drivers\WmUsbIce.sys:
    Verified:    Unsigned
    File date:    12:31 AM 5/26/2006
    Publisher:    Analog Devices, Inc.
    Description:    USB-ICE driver
    Product:    n/a
    Version:    1.2.0.0
    File version:    1.2.0.0
c:\windows\system32\drivers\XPC4DRVR.SYS:
    Verified:    Unsigned
    File date:    2:12 PM 5/18/2007
    Publisher:    Xilinx, Inc.
    Description:    Xilinx PC4 Driver
    Product:    Xilinx PC4 Driver
    Version:    1.040
    File version:    1.040
c:\windows\system32\drivers\XPVCOM.sys:
    Verified:    Unsigned
    File date:    2:00 AM 3/23/2007
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Version:    n/a
    File version:    n/a


Rogue configuration file = C:\Windows\system32\config\eqcc88nh.sav





#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:58 PM

Posted 09 August 2010 - 04:47 AM

Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
File::
C:\Windows\system32\config\eqcc88nh.sav


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Do you connect directly to the internet or through a router? Could the router have been compromised?

Do you notice this behaviour with other browsers beside Firefox?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 DelMarGuy

DelMarGuy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 09 August 2010 - 12:55 PM

Thanks again -

1. I normally connect through a router, then a cable modem. I disconnected the router, an connected directly using the cable modem, and I still see the problem. Also, I have multiple machines using the same router, and only one machine shows the problem, so I don't think the router is the problem.

2. I do see the problem when using IE 8, as well as FireFox. I have not tried Chrome -

3. I tried to run ComboFix again, and it seemed like it was working - it gave me a notice about detecting rootkit activity, and it need to reboot, which is fine. After the reboot, it started to create a log, then I got a BSOD, with the driver XPVCOM.sys listed as the problem. I booted to Safe mode, removed the XPVCOM.sys, and rebooted normally. However, I don't see any log from ComboFix. Should I run it again?

Thanks again - at the present time, I really can't re-format this machine, so I appreciate your efforts in resolving this -

Jeff




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users