Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[Trojan.Nebuler!gen2]Constant intrusion attempts, but none of my antivirus software can find anything wrong... uhoh [screen shots]


  • This topic is locked This topic is locked
14 replies to this topic

#1 WillQuick

WillQuick

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 13 October 2010 - 09:36 AM

Ok, so this is my work PC and I'm currently absolutely sh*tting myself (if you'll excuse the language) because of the constant alerts from Norton 360 about intrusion attempts being stopped.

Normally I just assume Norton's having a hissy fit or misfiring but this one looks bad...

____________________________

Here's a screen shot of the latest attempts that were blocked:



____________________________

This has started happening since this event, which occured just after I unzipped a file I downloaded from a forum I use (massive error on my part, I usually scan everything and this one time I didn't):



____________________________

and there were a few other strange entries straight after which I thought I'd screen shot as well:



____________________________


Here is my DDS log:


DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Owner at 15:17:36.21 on 13/10/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion:

1.6.0_20
Microsoft Windows 7 Home Premium

6.1.7600.0.1252.44.1033.18.6135.4067 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k

LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k

LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k

LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Adobe\Photoshop Elements

6.0\PhotoshopElementsFileAgent.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\InterVideo\RegMgr

\iviRegMgr.exe
c:\Program Files (x86)\Common Files\LightScribe

\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton 360\Engine

\3.8.0.41\ccSvcHst.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD

\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media

\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Protexis\License

Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Microsoft\Search Enhancement

Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision

\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NETGEAR

\WNDA3100v2\WifiSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k

NetworkServiceNetworkRestricted
C:\Windows\system32\rstrui.exe
C:\Windows\system32\spool\DRIVERS

\x64\3\HP1006MC.EXE
C:\Program Files (x86)\Norton 360\Engine

\3.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\McAfee Security Scan

\2.0.181\SSScheduler.exe
C:\Program Files (x86)\NETGEAR

\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Print Your Screen\Print Your Screen

v1.0 Trial\Print Your Screen v1.0.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer

\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\OSD

\OSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote

Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update

\hpwuschd2.exe
C:\Program Files (x86)\Adobe\Photoshop Elements

6.0\apdproxy.exe
C:\Program Files (x86)\Brownie\BrStsW64.exe
C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage

Technology\IAStorIcon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Brownie\brpjp04a.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check

\hphc_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage

Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Norton 360\Engine

\3.8.0.41\MCUI32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Windows Live\Contacts

\wlcomm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\SimpleOCR\Bin\SimpleOCR.exe
C:\Users\Owner\Desktop\bleeping\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&p

f=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&p

f=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&p

f=cndt
uInternet Settings,ProxyServer = 76.11.221.115:8085
uInternet Settings,ProxyOverride = local
mWinlogon: Userinit=userinit.exe
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-

fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit

9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-

a596-fa578c2ebdc3} - C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} -

No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-

95dac4dfa408} - C:\Program Files (x86)\Norton

360\Engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-

4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton

360\Engine\3.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-

b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search

Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-

8ea1c75885f9} - C:\Program Files (x86)\AOL\AOL Toolbar

5.0\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-

4abf-8ecc-5164760863c6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333

-cf10577473f7} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-

2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files

(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638

-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google

\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-

435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java

\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-

42a1-81ea-dc94ec1acf10} - C:\Program Files

(x86)\Windows Live\Toolbar\wltcore.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-

aa305ed9d922} - C:\Program Files (x86)\AOL\AOL Toolbar

5.0\aoltb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-

ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine

\3.8.0.41\coIEPlg.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} -

C:\Program Files (x86)\TechSmith\Snagit

9\SnagitIEAddin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-

8a89d3229068} - C:\Program Files (x86)\Windows Live

\Toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-

009027a5cd4f} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -

No File
uRun: [IBP]
uRun: [swg] "C:\Program Files (x86)\Google

\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent

\uTorrent.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP

odometer\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD

\LaunchApp.exe
mRun: [OSD] C:\Program Files (x86)\Hewlett-Packard

\KBD\OSD\OSD.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-

Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP

Software Update\HPWuSchd2.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits

For Kids\ezRecover.exe
mRun: [UpdatePRCShortCut] "C:\Program Files

(x86)\Hewlett-Packard\Recovery\MUITransfer

\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-

Packard\Recovery" UpdateWithCreateOnce "Software

\CyberLink\PowerRecover"
mRun: [Adobe Photo Downloader] "C:\Program Files

(x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun: [UVS12 Preload] C:\Program Files (x86)\Corel\Corel

VideoStudio 12\uvPL.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files

(x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common

Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BrStsWnd] C:\Program Files (x86)\Brownie

\BrstsW64.exe Autorun
mRun: [SunJavaUpdateSched] "C:\Program Files

(x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel®

Rapid Storage Technology\IAStorIcon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows

\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:

\Program Files (x86)\McAfee Security Scan

\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows

\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:

\Program Files (x86)\NETGEAR

\WNDA3100v2\WNDA3100v2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows

\STARTM~1\Programs\Startup\PRINTY~1.LNK - C:

\Windows\Installer\{CA8D31CA-B337-4B11-8D25-

D8D638E13D17}\_CDCD5371FFA7838F5537A4.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar

\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - C:

\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google

\Google Toolbar\Component

\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/

cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:

\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} -

{48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:

\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-

windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-

windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

- hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-

windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-

B298-07617B9B86A8} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-

1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype

\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-

69640C9732AB} - C:\Program Files (x86)\Norton

360\Engine\3.8.0.41\CoIEPlg.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270

-9d49-7389ea579090} - C:\Windows

\SysWow64\EZUPBH~1.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8

-8409-FCE54AD9C208} - C:\Program Files

(x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll
BHO-X64: Windows Live Family Safety Browser Helper

Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:

\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper -

No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-

4d91-8333-CF10577473F7} - C:\Program Files

(x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-

7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files

\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-

009027A5CD4F} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_64.dll
TB-X64: {DE9C389F-3316-41A7-809B-AA305ED9D922}

- No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

- No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-

D2AAB95CABE3} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} -

No File

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Owner\AppData\Roaming

\Mozilla\Firefox\Profiles\b3apx42i.default\
FF - prefs.js: browser.startup.homepage -

hxxp://www.google.com
FF - component: c:\program files (x86)\mozilla firefox

\extensions\{AB2CE124-6272-4b12-94A9-

7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-

0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-

0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn

\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Google\Update

\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin

\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live

\npOLW.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D

Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D

Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins

\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo

Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla

\Firefox\Profiles\b3apx42i.default\extensions\{000F1EA4-

5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry

Reference - C:\Program Files (x86)\Mozilla Firefox

\extensions\{CAFEEFAC-0016-0000-0020-

ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref

("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref

("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS

===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers

\PxHlpa64.sys [2009-12-28 52856]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows

\System32\drivers\SCMNdisP.sys [2010-4-17 25312]
R0 SymEFA;Symantec Extended File Attributes;C:

\Windows\System32\drivers

\N360x64\0308000.029\SymEFA64.sys [2010-2-6 402992]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows

\System32\drivers\N360x64\0308000.029\BHDrvx64.sys

[2010-2-6 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows

\System32\drivers\N360x64\0308000.029\cchpx64.sys

[2010-2-6 583296]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton

\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton

\Definitions\IPSDefs\20101012.001\IDSviA64.sys [2010-9

-15 476720]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows

\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 {55662437-DA8C-40c0-AADA-

2C816A897A49};Power Control [2010/03/27 13:13:07];C:

\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl

[2010-3-27 146928]
R2 ezSharedSvc;Easybits Shared Services for

Windows;C:\Windows\system32\svchost.exe -k netsvcs

[2009-7-14 27136]
R2 IAStorDataMgrSvc;Intel® Rapid Storage

Technology;C:\Program Files (x86)\Intel\Intel® Rapid

Storage Technology\IAStorDataMgrSvc.exe [2010-6-17

13336]
R2 N360;Norton 360;C:\Program Files (x86)\Norton

360\Engine\3.8.0.41\ccSvcHst.exe [2010-2-6 117640]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-

4-16 14112]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver

Service;C:\Program Files (x86)\NVIDIA Corporation\3D

Vision\nvSCPAPISvr.exe [2010-6-7 240232]
R2 WSWNDA3100;WSWNDA3100;C:\Program Files

(x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-4-17

278528]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter

Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys

[2010-4-17 789496]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows

\System32\drivers\Rt64win7.sys [2009-9-23 233472]
R3 SYMNDISV;Symantec Network Filter Driver;C:

\Windows\System32\drivers

\N360x64\0308000.029\symndisv.sys [2010-2-6 56880]
S2 gupdate;Google Update Service (gupdate);C:\Program

Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-12

135664]
S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;C:

\Program Files\Airytec\Switch Off\swoff.exe -service --> C:

\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S2 SwOffWeb;Airytec Switch Off - Web Interface;C:

\Program Files\Airytec\Switch Off\swoff.exe -service --> C:

\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program

Files (x86)\Common Files\Symantec Shared\EENGINE

\EraserUtilRebootDrv.sys [2010-5-27 132656]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows

\System32\drivers\ewusbnet.sys [2010-1-4 132608]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys

[2010-3-29 61280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program

Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8

-5 704864]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows

\System32\drivers\ewusbfake.sys [2010-1-4 113792]
S3 McComponentHostService;McAfee Security Scan

Component Host Service;C:\Program Files (x86)\McAfee

Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:

\Windows\System32\drivers\netr28x.sys [2009-9-23

702976]
S3 NVHDA;Service for NVIDIA High Definition Audio

Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-

9-23 81952]
S3 SynasUSB;SynasUSB;C:\Windows\System32\drivers

\synUSB64.sys [2009-12-28 31248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:

\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S3 WatAdminSvc;Windows Activation Technologies

Service;C:\Windows\System32\Wat\WatAdminSvc.exe

[2010-5-27 1255736]

============== File Associations ===============

.reg=Regedit.Document

=============== Created Last 30 ================

2010-10-13 11:51:48 -------- d--h--w- C:

\PROGRA~3\Common Files
2010-10-13 11:51:18 -------- d-----w- C:

\PROGRA~3\AVG10
2010-10-13 11:50:07 -------- d-----w- C:

\Program Files (x86)\AVG
2010-10-13 11:17:22 -------- d-----w- C:

\PROGRA~3\MFAData
2010-10-13 09:42:37 -------- d-----w- C:

\Users\Owner\AppData\Local\ABBYY
2010-10-13 09:42:37 -------- d-----w- C:

\Program Files (x86)\ABBYY FineReader 9.0
2010-10-13 09:42:37 -------- d-----w- C:

\PROGRA~3\ABBYY
2010-10-13 08:51:09 932864 ----a-w- C:

\Windows\System32\hpgt4070.dll
2010-10-13 08:51:09 808960 ----a-w- C:

\Windows\System32\hpxp4070.dll
2010-10-12 16:06:04 27632 ----a-w- C:

\Windows\SysWow64\Ctl3dv2.dll
2010-10-12 16:06:03 -------- d-----w- C:

\Program Files (x86)\SimpleOCR
2010-10-05 09:12:44 -------- d-----w- C:

\Users\Owner\AppData\Roaming\TrafficAnarchy
2010-10-01 16:03:25 -------- d-----r- C:

\Program Files (x86)\Norton Support
2010-09-29 08:22:16 2048 ----a-w- C:

\Windows\SysWow64\tzres.dll
2010-09-29 08:22:16 2048 ----a-w- C:

\Windows\System32\tzres.dll
2010-09-28 09:07:56 -------- d-----w- C:

\Users\Owner\AppData\Local\Print_Your_Screen
2010-09-15 08:20:03 558592 ----a-w- C:

\Windows\System32\spoolsv.exe

==================== Find3M

====================

2010-07-29 06:30:34 82944 ----a-w- C:

\Windows\SysWow64\iccvid.dll
2010-07-28 13:32:12 695578 ----a-w- C:

\Windows\SysWow64\unins000.exe
2010-07-16 12:51:00 14904 ----a-w- C:

\Windows\help\OEM\Scripts\LaunchHPForums.exe
2006-05-03 09:06:54 163328 --sh--r- C:

\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- C:

\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- C:

\Windows\SysWOW64\nbDX.dll

============= FINISH: 15:18:30.89 ===============


I've attached the file "attach.txt".

Please please help, I haven't backed up for two weeks and I really can't be doing with losing everything sad.gif

- Wil

Attached Files


Edited by WillQuick, 13 October 2010 - 09:37 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:21 PM

Posted 21 October 2010 - 06:38 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 WillQuick

WillQuick
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 25 October 2010 - 03:43 AM

Hi m0le,

I'm still here! I really appreciate you taking the time to help

Will

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:21 PM

Posted 25 October 2010 - 05:54 PM

The rootkit TDSS (tidserv) is knocking on the door which usually means something is trying to let it in.

Let's first see if it has got in

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 WillQuick

WillQuick
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 26 October 2010 - 04:13 AM

Hi m0le,

That's already stopped all the intrusion attempt messages! It found something, which it cured, so we're getting there!

Here's the log from the scan:

2010/10/26 09:41:44.0868 TDSS rootkit removing tool 2.4.5.0 Oct 25 2010 09:49:04
2010/10/26 09:41:44.0868 ================================================================================
2010/10/26 09:41:44.0868 SystemInfo:
2010/10/26 09:41:44.0868
2010/10/26 09:41:44.0868 OS Version: 6.1.7600 ServicePack: 0.0
2010/10/26 09:41:44.0868 Product type: Workstation
2010/10/26 09:41:44.0868 ComputerName: HP6227
2010/10/26 09:41:44.0883 UserName: Owner
2010/10/26 09:41:44.0883 Windows directory: C:\Windows
2010/10/26 09:41:44.0883 System windows directory: C:\Windows
2010/10/26 09:41:44.0883 Running under WOW64
2010/10/26 09:41:44.0883 Processor architecture: Intel x64
2010/10/26 09:41:44.0883 Number of processors: 8
2010/10/26 09:41:44.0883 Page size: 0x1000
2010/10/26 09:41:44.0883 Boot type: Normal boot
2010/10/26 09:41:44.0883 ================================================================================
2010/10/26 09:41:44.0883 Utility is running under WOW64
2010/10/26 09:41:46.0833 Initialize success
2010/10/26 09:41:51.0123 ================================================================================
2010/10/26 09:41:51.0123 Scan started
2010/10/26 09:41:51.0123 Mode: Manual;
2010/10/26 09:41:51.0123 ================================================================================
2010/10/26 09:41:54.0056 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/10/26 09:41:55.0351 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/10/26 09:41:55.0788 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/10/26 09:41:56.0443 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/10/26 09:41:57.0067 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/10/26 09:41:57.0239 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/10/26 09:41:57.0457 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/10/26 09:41:57.0644 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/10/26 09:41:57.0941 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/10/26 09:41:58.0299 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/10/26 09:41:58.0970 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/26 09:41:59.0532 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/10/26 09:41:59.0891 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/10/26 09:42:00.0109 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/10/26 09:42:00.0827 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/10/26 09:42:01.0217 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/10/26 09:42:02.0137 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/10/26 09:42:02.0699 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/10/26 09:42:03.0635 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/26 09:42:04.0259 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/10/26 09:42:05.0429 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/10/26 09:42:06.0755 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/10/26 09:42:07.0753 BCMH43XX (912e49ed3c14e00cb9613884a3b957d0) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
2010/10/26 09:42:08.0502 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/10/26 09:42:09.0687 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys
2010/10/26 09:42:10.0483 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/10/26 09:42:11.0559 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/26 09:42:12.0168 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/10/26 09:42:12.0745 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/10/26 09:42:13.0556 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/10/26 09:42:14.0305 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/10/26 09:42:14.0882 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/10/26 09:42:15.0366 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/10/26 09:42:15.0974 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/10/26 09:42:17.0300 ccHP (1b79efc84b924a6932bb9d2a549de5c9) C:\Windows\System32\Drivers\N360x64\0308000.029\ccHPx64.sys
2010/10/26 09:42:18.0127 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/26 09:42:18.0361 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/26 09:42:18.0579 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/10/26 09:42:18.0969 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/10/26 09:42:19.0968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/26 09:42:20.0327 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/10/26 09:42:20.0607 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/10/26 09:42:20.0826 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/26 09:42:20.0966 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/10/26 09:42:21.0185 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/10/26 09:42:21.0965 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/10/26 09:42:22.0167 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/10/26 09:42:22.0386 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/10/26 09:42:22.0651 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/10/26 09:42:23.0306 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/26 09:42:24.0476 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/10/26 09:42:26.0067 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2010/10/26 09:42:27.0331 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/10/26 09:42:28.0142 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/10/26 09:42:28.0907 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/10/26 09:42:29.0655 ewusbnet (53913561a7089c9a4649ce4e42f6101b) C:\Windows\system32\DRIVERS\ewusbnet.sys
2010/10/26 09:42:30.0513 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/10/26 09:42:30.0763 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/10/26 09:42:31.0153 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/26 09:42:31.0309 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/10/26 09:42:31.0793 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/10/26 09:42:32.0573 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/26 09:42:33.0415 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/10/26 09:42:34.0226 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/10/26 09:42:34.0959 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/10/26 09:42:35.0537 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/26 09:42:35.0786 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2010/10/26 09:42:35.0942 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/10/26 09:42:36.0753 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/10/26 09:42:37.0471 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/10/26 09:42:38.0064 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/26 09:42:38.0594 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/10/26 09:42:39.0109 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/10/26 09:42:39.0577 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/10/26 09:42:40.0513 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/26 09:42:41.0012 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/10/26 09:42:41.0870 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/10/26 09:42:42.0728 hwdatacard (d96a290f699081ae737390c0fe329d7c) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2010/10/26 09:42:43.0758 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/10/26 09:42:44.0195 hwusbfake (e0c7255498640fc64b19aae17fd6f965) C:\Windows\system32\DRIVERS\ewusbfake.sys
2010/10/26 09:42:44.0553 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/26 09:42:44.0943 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
2010/10/26 09:42:45.0396 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/10/26 09:42:46.0628 IDSVia64 (5b6fde76d72c2a1f0f99cbe5277e82ec) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101021.003\IDSvia64.sys
2010/10/26 09:42:47.0315 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/10/26 09:42:48.0126 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys
2010/10/26 09:42:49.0265 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/10/26 09:42:49.0545 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/26 09:42:49.0670 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/26 09:42:49.0889 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/10/26 09:42:50.0747 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/10/26 09:42:51.0277 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/10/26 09:42:51.0480 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/10/26 09:42:52.0821 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/26 09:42:53.0383 Iviaspi (cfe46dd772cc2e158ce8107416bee5c6) C:\Windows\system32\drivers\Iviaspi.sys
2010/10/26 09:42:53.0695 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/26 09:42:53.0913 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/26 09:42:54.0834 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/26 09:42:55.0583 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/10/26 09:42:56.0160 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/10/26 09:42:57.0158 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/26 09:42:57.0689 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/10/26 09:42:58.0859 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/10/26 09:43:00.0076 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/10/26 09:43:00.0731 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/10/26 09:43:01.0183 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/10/26 09:43:01.0495 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
2010/10/26 09:43:02.0650 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/10/26 09:43:03.0398 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/10/26 09:43:03.0554 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/10/26 09:43:03.0679 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/26 09:43:03.0913 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/26 09:43:04.0100 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/26 09:43:04.0256 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/10/26 09:43:04.0272 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/10/26 09:43:04.0303 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/26 09:43:04.0412 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/26 09:43:04.0678 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/26 09:43:05.0598 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/26 09:43:06.0550 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/26 09:43:07.0314 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/10/26 09:43:07.0876 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/10/26 09:43:08.0671 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/10/26 09:43:09.0248 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/10/26 09:43:09.0482 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/10/26 09:43:09.0794 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/26 09:43:10.0450 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/26 09:43:11.0011 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/10/26 09:43:11.0744 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/10/26 09:43:12.0977 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/26 09:43:13.0398 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/10/26 09:43:14.0100 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/10/26 09:43:14.0755 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/10/26 09:43:16.0128 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/26 09:43:17.0142 NAVENG (956f589c6a7dde71dc6b03be633ebf23) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101025.002\ENG64.SYS
2010/10/26 09:43:19.0108 NAVEX15 (ee7a0e2478e7cd1a199d1b82e3a69b3e) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101025.002\EX64.SYS
2010/10/26 09:43:20.0184 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/10/26 09:43:20.0902 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/10/26 09:43:21.0104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/26 09:43:21.0229 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/26 09:43:21.0401 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/26 09:43:22.0290 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/10/26 09:43:22.0696 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/26 09:43:22.0774 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/26 09:43:23.0210 netr28x (44d4bd55191624c82a2745296ba42814) C:\Windows\system32\DRIVERS\netr28x.sys
2010/10/26 09:43:23.0538 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/10/26 09:43:24.0490 NPF (3ceee0be85d24d911b9c02714817774c) C:\Windows\system32\DRIVERS\npf.sys
2010/10/26 09:43:25.0316 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/10/26 09:43:25.0956 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/26 09:43:27.0344 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/10/26 09:43:28.0967 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/10/26 09:43:29.0248 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/10/26 09:43:29.0466 NVHDA (6574620a7d7549bb72ea26c162025909) C:\Windows\system32\drivers\nvhda64v.sys
2010/10/26 09:43:34.0130 nvlddmkm (2b9fd17492fbd799726369f2db3e4827) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/26 09:43:35.0098 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/10/26 09:43:35.0800 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/10/26 09:43:36.0673 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/10/26 09:43:37.0157 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/26 09:43:37.0859 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/10/26 09:43:38.0483 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/10/26 09:43:39.0013 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/10/26 09:43:39.0294 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/10/26 09:43:39.0450 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/10/26 09:43:39.0544 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/10/26 09:43:39.0980 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/10/26 09:43:40.0386 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/26 09:43:40.0604 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/10/26 09:43:41.0416 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/26 09:43:41.0930 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/10/26 09:43:42.0726 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/10/26 09:43:43.0537 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/10/26 09:43:43.0771 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/26 09:43:43.0834 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/26 09:43:44.0068 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/10/26 09:43:44.0302 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/26 09:43:44.0395 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/26 09:43:44.0582 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/26 09:43:44.0770 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/26 09:43:44.0988 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/10/26 09:43:45.0284 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/26 09:43:45.0362 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/26 09:43:45.0487 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/10/26 09:43:45.0643 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/10/26 09:43:46.0002 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/10/26 09:43:46.0283 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
2010/10/26 09:43:46.0720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/26 09:43:47.0125 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/10/26 09:43:47.0484 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/10/26 09:43:47.0687 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/10/26 09:43:47.0999 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
2010/10/26 09:43:48.0685 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/10/26 09:43:48.0841 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/26 09:43:49.0060 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/10/26 09:43:49.0325 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/10/26 09:43:49.0496 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/26 09:43:49.0574 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/10/26 09:43:49.0715 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/26 09:43:49.0840 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/10/26 09:43:50.0042 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/10/26 09:43:50.0183 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/10/26 09:43:50.0323 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/10/26 09:43:50.0542 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/10/26 09:43:51.0166 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\N360x64\0308000.029\SRTSP64.SYS
2010/10/26 09:43:51.0587 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\N360x64\0308000.029\SRTSPX64.SYS
2010/10/26 09:43:51.0821 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/10/26 09:43:52.0616 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/26 09:43:52.0960 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/26 09:43:53.0194 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/10/26 09:43:53.0989 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/26 09:43:55.0237 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS
2010/10/26 09:43:55.0549 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2010/10/26 09:43:56.0532 SYMFW (6320bf296b62d324890866a13a296fc0) C:\Windows\System32\Drivers\N360x64\0308000.029\SYMFW.SYS
2010/10/26 09:43:57.0296 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
2010/10/26 09:43:57.0764 SYMNDISV (21dcc664a1e0af7bf4c8aded8c9ff9d5) C:\Windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS
2010/10/26 09:43:58.0794 SYMTDI (56a1cb71b8bb7ba9c41d2c9706df43cd) C:\Windows\System32\Drivers\N360x64\0308000.029\SYMTDI.SYS
2010/10/26 09:43:59.0153 SynasUSB (512231ba47975f3f1a67b11f271bb49d) C:\Windows\system32\drivers\SynUSB64.sys
2010/10/26 09:43:59.0621 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/10/26 09:44:01.0540 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/26 09:44:01.0789 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/26 09:44:02.0413 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/10/26 09:44:02.0928 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/10/26 09:44:03.0490 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/26 09:44:04.0238 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/26 09:44:04.0706 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/26 09:44:05.0237 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/26 09:44:05.0362 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/10/26 09:44:05.0533 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/26 09:44:05.0798 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/10/26 09:44:07.0078 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/26 09:44:08.0497 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/10/26 09:44:09.0371 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/26 09:44:10.0088 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/10/26 09:44:10.0806 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/26 09:44:11.0789 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/26 09:44:11.0882 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/26 09:44:12.0740 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/26 09:44:13.0255 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/26 09:44:13.0988 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/26 09:44:14.0082 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/26 09:44:14.0113 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/10/26 09:44:14.0144 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/26 09:44:14.0176 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/10/26 09:44:14.0207 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/10/26 09:44:14.0269 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/10/26 09:44:14.0300 vncmirror (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys
2010/10/26 09:44:14.0347 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/10/26 09:44:14.0690 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/10/26 09:44:14.0815 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/10/26 09:44:14.0862 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/10/26 09:44:14.0909 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/10/26 09:44:14.0940 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/10/26 09:44:14.0971 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/10/26 09:44:15.0018 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/10/26 09:44:15.0049 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/26 09:44:15.0065 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/26 09:44:15.0096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/10/26 09:44:15.0112 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/26 09:44:15.0174 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/10/26 09:44:15.0205 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/10/26 09:44:15.0268 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/26 09:44:15.0330 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/26 09:44:15.0361 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/10/26 09:44:15.0377 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/26 09:44:15.0533 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
2010/10/26 09:44:15.0626 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/26 09:44:15.0642 ================================================================================
2010/10/26 09:44:15.0642 Scan finished
2010/10/26 09:44:15.0642 ================================================================================
2010/10/26 09:44:15.0642 Detected object count: 1
2010/10/26 09:46:34.0639 \HardDisk0\MBR - will be cured after reboot
2010/10/26 09:46:34.0639 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/26 10:01:16.0748 Deinitialize success



Thank you a HUGE amount!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:21 PM

Posted 26 October 2010 - 01:58 PM

Yeah, it's nice when the stranglehold gets loosened, eh? :lol:


Run MBRCheck so we can make sure that TDSS has gone now

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


Please now run OTL so we can see what else might be around

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#7 WillQuick

WillQuick
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 27 October 2010 - 03:47 AM

Yeah, it's nice when the stranglehold gets loosened, eh? :lol:


It's absolutely fantastic! :lol:

MBRCheck.exe said it found something; I didn't fix it and here's the log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: VG248AA-ABU p6227uk
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 202):
0x02E17000 \SystemRoot\system32\ntoskrnl.exe
0x033F3000 \SystemRoot\system32\hal.dll
0x00B9B000 \SystemRoot\system32\kdcom.dll
0x00CB9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CFD000 \SystemRoot\system32\PSHED.dll
0x00D11000 \SystemRoot\system32\CLFS.SYS
0x00E60000 \SystemRoot\system32\CI.dll
0x00F20000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FC4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E57000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FD3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00D6F000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FDD000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FEA000 \SystemRoot\System32\drivers\partmgr.sys
0x00DA2000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x01019000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01223000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0122E000 \SystemRoot\system32\drivers\fltmgr.sys
0x0127A000 \SystemRoot\system32\drivers\fileinfo.sys
0x0128E000 \SystemRoot\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS
0x012F5000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0142F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01301000 \SystemRoot\System32\Drivers\msrpc.sys
0x015D2000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0135F000 \SystemRoot\System32\Drivers\cng.sys
0x015EC000 \SystemRoot\System32\drivers\pcw.sys
0x01400000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016EA000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x016D5000 \SystemRoot\system32\DRIVERS\scmndisp.sys
0x01A54000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01AA0000 \SystemRoot\System32\Drivers\spldr.sys
0x01AA8000 \SystemRoot\System32\drivers\rdyboost.sys
0x01AE2000 \SystemRoot\System32\Drivers\mup.sys
0x01AF4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01AFD000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B37000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B4D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04645000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0466F000 \SystemRoot\System32\Drivers\Null.SYS
0x04678000 \SystemRoot\System32\Drivers\Beep.SYS
0x0467F000 \SystemRoot\System32\drivers\vga.sys
0x0468D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x046B2000 \SystemRoot\System32\drivers\watchdog.sys
0x046C2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x046CB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x046D4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x046DD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x046E8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x046F9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04717000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04724000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMTDI.SYS
0x04770000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x047A6000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS
0x047B6000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS
0x02E9D000 \SystemRoot\system32\drivers\afd.sys
0x02F27000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02F6C000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F75000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F9B000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02FB1000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x02FBC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02FCB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02FE6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02E00000 \SystemRoot\system32\drivers\N360x64\0308000.029\SRTSPX64.SYS
0x02E14000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E65000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E71000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03E7C000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101025.001\IDSvia64.sys
0x03EF7000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x03F6D000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x03F92000 \SystemRoot\System32\drivers\discache.sys
0x03FA1000 \SystemRoot\System32\Drivers\dfsc.sys
0x04A31000 \SystemRoot\System32\Drivers\N360x64\0308000.029\ccHPx64.sys
0x04AC4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04AD5000 \SystemRoot\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys
0x04B2C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04B52000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x1007B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10CE9000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x10CEB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x10000000 \SystemRoot\System32\drivers\dxgmms1.sys
0x10046000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04B68000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x10057000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04BBE000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03FBF000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x10DDF000 \SystemRoot\system32\drivers\Iviaspi.sys
0x10DE8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04A00000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x10DF5000 \SystemRoot\system32\DRIVERS\vncmirror.sys
0x04A10000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03E00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03E24000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03E30000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E5F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02E7C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x047D8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0440F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x10DFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x01B8B000 \SystemRoot\system32\DRIVERS\ks.sys
0x01A00000 \SystemRoot\system32\DRIVERS\MarvinBus64.sys
0x01BCE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0509D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x050F7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E44000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05E00000 \SystemRoot\system32\drivers\portcls.sys
0x0510C000 \SystemRoot\system32\drivers\drmk.sys
0x05E3D000 \SystemRoot\system32\drivers\ksthunk.sys
0x0512E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x0514B000 \SystemRoot\System32\drivers\Dxapi.sys
0x05157000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05165000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0517E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05FF8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05187000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x05190000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0441E000 \SystemRoot\system32\DRIVERS\bcmwlhigh664.sys
0x0519D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x051BA000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x051C6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x051E1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x051EF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x020AC000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x022B6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x022C9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x00750000 \SystemRoot\System32\cdd.dll
0x00850000 \SystemRoot\System32\ATMFD.DLL
0x022D7000 \SystemRoot\system32\drivers\luafv.sys
0x022FA000 \SystemRoot\system32\drivers\WudfPf.sys
0x0231B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02330000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02383000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02396000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x044E2000 \SystemRoot\system32\drivers\HTTP.sys
0x023AE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x023CC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02000000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0202D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0207B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08AA8000 \SystemRoot\system32\drivers\peauth.sys
0x08B4E000 \SystemRoot\system32\drivers\regi.sys
0x08B56000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08B61000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08B8E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08BA0000 \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
0x08A00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05000000 \SystemRoot\System32\DRIVERS\srv.sys
0x08A67000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x045AA000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SRTSP64.SYS
0x09A2E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101026.002\EX64.SYS
0x09A00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101026.002\ENG64.SYS
0x0A611000 \SystemRoot\system32\drivers\spsys.sys
0x777A0000 \Windows\System32\ntdll.dll
0x48330000 \Windows\System32\smss.exe
0xFFAC0000 \Windows\System32\apisetschema.dll
0xFF160000 \Windows\System32\autochk.exe
0xFFA40000 \Windows\System32\gdi32.dll
0xFF7E0000 \Windows\System32\iertutil.dll
0xFF790000 \Windows\System32\ws2_32.dll
0xFF770000 \Windows\System32\imagehlp.dll
0x77970000 \Windows\System32\psapi.dll
0xFF760000 \Windows\System32\nsi.dll
0xFF6C0000 \Windows\System32\clbcatq.dll
0xFF5E0000 \Windows\System32\oleaut32.dll
0xFF400000 \Windows\System32\setupapi.dll
0xFF330000 \Windows\System32\usp10.dll
0xFF120000 \Windows\System32\ole32.dll
0xFF0F0000 \Windows\System32\imm32.dll
0xFF0E0000 \Windows\System32\lpk.dll
0xFF000000 \Windows\System32\advapi32.dll
0x776A0000 \Windows\System32\user32.dll
0x77960000 \Windows\System32\normaliz.dll
0xFEF80000 \Windows\System32\difxapi.dll
0xFEEE0000 \Windows\System32\comdlg32.dll
0x77580000 \Windows\System32\kernel32.dll
0xFEDB0000 \Windows\System32\wininet.dll
0xFED10000 \Windows\System32\msvcrt.dll
0xFECC0000 \Windows\System32\Wldap32.dll
0xFDF30000 \Windows\System32\shell32.dll
0xFDE20000 \Windows\System32\msctf.dll
0xFDCA0000 \Windows\System32\urlmon.dll
0xFDC20000 \Windows\System32\shlwapi.dll
0xFDC00000 \Windows\System32\sechost.dll
0xFDAD0000 \Windows\System32\rpcrt4.dll
0xFDA90000 \Windows\System32\wintrust.dll
0xFDA20000 \Windows\System32\KernelBase.dll
0xFD980000 \Windows\System32\comctl32.dll
0xFD960000 \Windows\System32\devobj.dll
0xFD920000 \Windows\System32\cfgmgr32.dll
0xFD7B0000 \Windows\System32\crypt32.dll
0xFD7A0000 \Windows\System32\msasn1.dll
0x75DD0000 \Windows\SysWOW64\normaliz.dll

Processes (total 77):
0 System Idle Process
4 System
356 C:\Windows\System32\smss.exe
520 csrss.exe
596 C:\Windows\System32\wininit.exe
616 csrss.exe
660 C:\Windows\System32\services.exe
692 C:\Windows\System32\winlogon.exe
700 C:\Windows\System32\lsass.exe
716 C:\Windows\System32\lsm.exe
828 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\nvvsvc.exe
936 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
376 C:\Windows\System32\svchost.exe
532 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\nvvsvc.exe
1192 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\dwm.exe
1372 C:\Windows\explorer.exe
1408 C:\Windows\System32\wlanext.exe
1420 C:\Windows\System32\conhost.exe
1508 C:\Windows\System32\spoolsv.exe
1544 C:\Windows\System32\svchost.exe
1568 C:\Windows\System32\taskhost.exe
1684 C:\Program Files (x86)\ABBYY FineReader 9.0\NetworkLicenseServer.exe
1792 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
1800 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
1824 C:\Program Files (x86)\Print Your Screen\Print Your Screen v1.0 Trial\Print Your Screen v1.0.exe
1564 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2076 C:\Windows\SysWOW64\svchost.exe
2136 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
2304 C:\Program Files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe
2356 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2368 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
2392 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
2480 C:\Windows\System32\svchost.exe
2504 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2652 C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
2736 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
2752 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
2916 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2924 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
2968 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
3008 C:\Windows\System32\svchost.exe
2332 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
3184 WmiPrvSE.exe
3252 C:\Windows\System32\taskeng.exe
3292 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
3344 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
3724 C:\Windows\System32\SearchIndexer.exe
3904 C:\Windows\System32\svchost.exe
3980 WUDFHost.exe
4048 C:\Windows\System32\svchost.exe
3048 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
4716 HP1006MC.EXE
4672 C:\Program Files\Windows Media Player\wmpnetwk.exe
4448 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2348 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
1560 C:\Windows\System32\sppsvc.exe
140 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2872 C:\Windows\servicing\TrustedInstaller.exe
1888 C:\Windows\System32\wuauclt.exe
3332 taskhost.exe
2704 WmiPrvSE.exe
3172 C:\Windows\System32\SearchProtocolHost.exe
2188 C:\Windows\System32\SearchFilterHost.exe
5140 C:\Windows\System32\audiodg.exe
5240 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
5336 C:\Windows\System32\svchost.exe
5484 C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
5516 C:\Windows\System32\dllhost.exe
5672 dllhost.exe
5720 dllhost.exe
5752 C:\Users\Owner\Desktop\MBRCheck.exe
5760 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e5`68800000 (NTFS)

PhysicalDrive0 Model Number: WDCWD10EADS-65M2B0, Rev: 01.00A01

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 84A5225C1FD2E0F4257FA030A4BA340D07D74854





Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:




And here are the logs from OTL.exe:

OTL logfile created on: 27/10/2010 09:36:21 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.53 Gb Total Space | 821.79 Gb Free Space | 89.56% Space Free | Partition Type: NTFS
Drive D: | 13.88 Gb Total Space | 2.44 Gb Free Space | 17.60% Space Free | Partition Type: NTFS

Computer Name: HP6227 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe (OsdMaestro)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software))
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezsvc7.dll File not found
SRV:64bit: - (SwOffWeb) -- C:\Program Files\Airytec\Switch Off\swoff.exe (Airytec)
SRV:64bit: - (SwOffScheduler) -- C:\Program Files\Airytec\Switch Off\swoff.exe (Airytec)
SRV:64bit: - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WSWNDA3100) -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (Apache Software Foundation)
SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Program Files (x86)\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software))
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0308000.029\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0308000.029\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\drivers\N360x64\0308000.029\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symtdi.sys (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symfw.sys (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symndisv.sys (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (Iviaspi) -- C:\Windows\SysNative\drivers\iviaspi.sys (InterVideo, Inc.)
DRV:64bit: - (SynasUSB) -- C:\Windows\SysNative\drivers\synUSB64.sys (SIA Syncrosoft)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101026.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101026.048\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101026.048\ENG64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 76.11.221.115:8085

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.7.2
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4
FF - prefs.js..extensions.enabledItems: seoquake-plugin-seolinx@seoquake.com:1.0.2
FF - prefs.js..extensions.enabledItems: seodoctor@prelovac.com:1.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.1.20080801
FF - prefs.js..extensions.enabledItems: toolbar202@toolbar202.com:1.0.2
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.7.5
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.3.8
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.133
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.0.0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11


FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/10/13 14:36:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/21 10:25:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/21 10:25:41 | 000,000,000 | ---D | M]

[2010/06/02 16:07:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/06/02 16:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010/05/28 09:11:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/26 10:30:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b3apx42i.default\extensions
[2010/10/13 14:37:07 | 000,000,000 | ---D | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b3apx42i.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010/10/13 14:37:07 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b3apx42i.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/10/13 14:37:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b3apx42i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/26 10:29:59 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b3apx42i.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/10/13 14:37:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b3apx42i.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
[2010/05/28 09:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b3apx42i.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/09/13 09:34:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b3apx42i.default\extensions\rankchecker@seobook.com
[2010/10/13 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b3apx42i.default\extensions\seo4firefox@seobook.com
[2010/10/22 09:29:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b3apx42i.default\extensions\seodoctor@prelovac.com
[2010/10/13 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b3apx42i.default\extensions\seoquake-plugin-seolinx@seoquake.com
[2010/08/20 17:22:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b3apx42i.default\extensions\toolbar202@toolbar202.com
[2010/10/13 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b3apx42i.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/10/27 09:24:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/21 10:25:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/13 14:36:47 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/13 14:36:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/21 10:25:40 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/10/21 10:25:40 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010/05/28 11:07:12 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/21 10:25:41 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/09/27 09:15:22 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/27 09:15:22 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/09/27 09:15:22 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/27 09:15:22 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/27 09:15:22 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/27 09:15:22 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/09/27 09:15:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/27 09:15:22 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/08 10:43:02 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [OSD] C:\Program Files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe (Corel TW Corp.)
O4 - HKCU..\Run: [IBP] File not found
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{794bff8d-f924-11de-b1e1-4061860deda8}\Shell - "" = AutoRun
O33 - MountPoints2\{794bff8d-f924-11de-b1e1-4061860deda8}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{794bff97-f924-11de-b1e1-4061860deda8}\Shell - "" = AutoRun
O33 - MountPoints2\{794bff97-f924-11de-b1e1-4061860deda8}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{794bffa5-f924-11de-b1e1-4061860deda8}\Shell - "" = AutoRun
O33 - MountPoints2\{794bffa5-f924-11de-b1e1-4061860deda8}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/27 09:31:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/10/26 10:50:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Workspace Macro
[2010/10/26 10:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Workspace Macro 4.6
[2010/10/26 10:30:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\iMacros
[2010/10/25 12:15:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\submit articles attachment
[2010/10/25 09:50:38 | 001,317,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
[2010/10/21 13:27:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\video
[2010/10/21 11:27:38 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll
[2010/10/21 11:27:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Simply Super Software
[2010/10/21 11:27:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Simply Super Software
[2010/10/21 11:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/10/21 11:27:16 | 010,609,336 | ---- | C] (Simply Super Software ) -- C:\Users\Owner\Desktop\trj682.exe
[2010/10/21 11:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Guarder
[2010/10/21 11:20:12 | 001,683,954 | ---- | C] ( ) -- C:\Users\Owner\Desktop\Trojan_Guarder.exe
[2010/10/20 17:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Airytec
[2010/10/20 16:43:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\purchase-websites
[2010/10/14 09:38:52 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 09:38:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 09:38:51 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 09:38:47 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/14 09:38:43 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 09:38:41 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 09:38:41 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 09:38:39 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 09:38:39 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 09:38:11 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 09:38:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 09:38:10 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 09:38:10 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 09:38:10 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 09:38:09 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 09:38:09 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 09:38:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 09:38:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 09:38:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 09:38:08 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 09:38:08 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 09:38:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 09:38:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 09:37:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/14 09:37:54 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 09:37:53 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 09:37:53 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 09:37:52 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/13 15:54:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ABBYY
[2010/10/13 15:12:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\bleeping
[2010/10/13 12:51:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/13 12:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/13 12:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/10/13 12:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/13 10:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 9.0
[2010/10/13 10:42:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ABBYY
[2010/10/13 10:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2010/10/13 10:39:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New folder (3)
[2010/10/13 09:57:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\scanned stuff
[2010/10/13 09:51:09 | 000,932,864 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpgt4070.dll
[2010/10/13 09:51:09 | 000,808,960 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpxp4070.dll
[2010/10/12 17:06:04 | 000,027,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Ctl3dv2.dll
[2010/10/12 17:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SimpleOCR
[2010/10/11 11:11:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\cattrainingtip
[2010/10/08 13:14:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\squidoo
[2010/10/07 14:25:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\trafficplustemp
[2010/10/05 10:12:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TrafficAnarchy
[2010/10/01 17:03:25 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Norton Support
[2010/09/28 17:01:12 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop\misc files
[2010/09/28 10:07:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Print_Your_Screen
[2010/09/27 12:03:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\popup
[2008/12/23 10:32:46 | 000,184,320 | ---- | C] ( ) -- C:\Windows\SysWow64\SgE.interop.MSXML2.dll

========== Files - Modified Within 30 Days ==========

[2010/10/27 09:32:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/27 09:32:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/27 09:31:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/10/27 09:30:39 | 000,080,384 | ---- | M] () -- C:\Users\Owner\Desktop\MBRCheck.exe
[2010/10/27 09:30:22 | 001,195,656 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0308000.029\Cat.DB
[2010/10/27 09:26:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/27 09:25:18 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/10/27 09:24:13 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/27 09:23:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/27 09:23:45 | 529,854,463 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/26 16:50:53 | 000,727,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/26 16:50:53 | 000,627,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/26 16:50:53 | 000,111,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/26 12:15:01 | 001,611,134 | ---- | M] () -- C:\Users\Owner\Desktop\howtosubmits.ZIP
[2010/10/26 10:49:56 | 000,001,037 | ---- | M] () -- C:\Users\Owner\Desktop\Workspace Macro 4.6.lnk
[2010/10/26 10:48:57 | 001,805,964 | ---- | M] () -- C:\Users\Owner\Desktop\WrkSpc-Macro-setup460.exe
[2010/10/26 09:40:10 | 001,317,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
[2010/10/26 09:39:24 | 001,207,508 | ---- | M] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2010/10/22 17:36:02 | 000,312,046 | ---- | M] () -- C:\Users\Owner\Documents\webmaster.docx
[2010/10/22 09:22:18 | 449,366,924 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/21 11:27:22 | 010,609,336 | ---- | M] (Simply Super Software ) -- C:\Users\Owner\Desktop\trj682.exe
[2010/10/21 11:20:23 | 000,001,023 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Trojan Guarder.lnk
[2010/10/21 11:20:23 | 000,001,005 | ---- | M] () -- C:\Users\Owner\Desktop\Trojan Guarder.lnk
[2010/10/21 11:20:16 | 001,683,954 | ---- | M] ( ) -- C:\Users\Owner\Desktop\Trojan_Guarder.exe
[2010/10/21 10:18:51 | 184,761,329 | ---- | M] () -- C:\Users\Owner\Desktop\purchase-websites.zip
[2010/10/20 17:22:35 | 001,032,192 | ---- | M] () -- C:\Users\Owner\Documents\horses.msam
[2010/10/20 16:37:20 | 000,000,483 | ---- | M] () -- C:\Users\Owner\Desktop\settings.inc.php
[2010/10/20 16:36:48 | 000,006,047 | ---- | M] () -- C:\Users\Owner\Desktop\config.inc.php
[2010/10/19 14:58:43 | 000,018,924 | ---- | M] () -- C:\Users\Owner\Desktop\horse tack analysis.csv
[2010/10/19 13:33:51 | 000,019,456 | ---- | M] () -- C:\Users\Owner\Documents\kitten food.msam
[2010/10/18 17:26:48 | 000,024,576 | ---- | M] () -- C:\Users\Owner\Documents\roller pigeon.msam
[2010/10/15 17:24:05 | 000,091,136 | ---- | M] () -- C:\Users\Owner\Documents\pigeon feed.msam
[2010/10/14 16:23:01 | 000,000,375 | ---- | M] () -- C:\Windows\Brownie.ini
[2010/10/14 15:59:47 | 000,655,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/12 17:36:09 | 000,435,200 | ---- | M] () -- C:\Users\Owner\Documents\free college grant.msam
[2010/10/12 17:08:56 | 000,000,309 | ---- | M] () -- C:\Windows\SoftWriting.ini
[2010/10/12 17:06:04 | 000,001,037 | ---- | M] () -- C:\Users\Owner\Desktop\SimpleOCR.lnk
[2010/10/12 13:55:26 | 000,101,376 | ---- | M] () -- C:\Users\Owner\Documents\lego.msam
[2010/10/11 16:56:10 | 000,544,768 | ---- | M] () -- C:\Users\Owner\Documents\archery.msam
[2010/10/08 16:55:22 | 000,029,696 | ---- | M] () -- C:\Users\Owner\Documents\web site traffic 2.msam
[2010/10/07 17:28:26 | 000,182,272 | ---- | M] () -- C:\Users\Owner\Documents\john and kate plus 8.msam
[2010/10/06 17:28:23 | 000,058,368 | ---- | M] () -- C:\Users\Owner\Documents\screen shot pc.msam
[2010/10/01 17:07:53 | 132,775,551 | ---- | M] () -- C:\Users\Owner\Desktop\TwitterMarketingSecret.zip
[2010/10/01 10:23:31 | 000,039,936 | ---- | M] () -- C:\Users\Owner\Documents\screen shot.msam
[2010/10/01 09:27:34 | 002,343,079 | ---- | M] () -- C:\Users\Owner\Desktop\j.mp3
[2010/09/30 17:22:09 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/09/30 17:20:59 | 000,281,600 | ---- | M] () -- C:\Users\Owner\Documents\terry pratchett.msam
[2010/09/28 17:00:34 | 000,284,672 | ---- | M] () -- C:\Users\Owner\Documents\printing your screen.msam
[2010/09/28 10:07:02 | 000,002,673 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Print Your Screen v1.0.lnk
[2010/09/27 17:09:50 | 000,440,320 | ---- | M] () -- C:\Users\Owner\Documents\pigeon racing 2.msam

========== Files Created - No Company Name ==========

[2010/10/27 09:30:29 | 000,080,384 | ---- | C] () -- C:\Users\Owner\Desktop\MBRCheck.exe
[2010/10/26 12:15:01 | 001,611,134 | ---- | C] () -- C:\Users\Owner\Desktop\howtosubmits.ZIP
[2010/10/26 10:49:56 | 000,001,037 | ---- | C] () -- C:\Users\Owner\Desktop\Workspace Macro 4.6.lnk
[2010/10/26 10:48:30 | 001,805,964 | ---- | C] () -- C:\Users\Owner\Desktop\WrkSpc-Macro-setup460.exe
[2010/10/26 09:37:30 | 001,207,508 | ---- | C] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2010/10/22 17:36:02 | 000,312,046 | ---- | C] () -- C:\Users\Owner\Documents\webmaster.docx
[2010/10/21 11:27:38 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2010/10/21 11:27:38 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar3.dll
[2010/10/21 11:27:38 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2010/10/21 11:27:38 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2010/10/21 11:20:23 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Trojan Guarder.lnk
[2010/10/21 11:20:23 | 000,001,005 | ---- | C] () -- C:\Users\Owner\Desktop\Trojan Guarder.lnk
[2010/10/21 10:17:03 | 184,761,329 | ---- | C] () -- C:\Users\Owner\Desktop\purchase-websites.zip
[2010/10/20 16:37:19 | 000,000,483 | ---- | C] () -- C:\Users\Owner\Desktop\settings.inc.php
[2010/10/20 16:36:47 | 000,006,047 | ---- | C] () -- C:\Users\Owner\Desktop\config.inc.php
[2010/10/19 14:58:43 | 000,018,924 | ---- | C] () -- C:\Users\Owner\Desktop\horse tack analysis.csv
[2010/10/19 13:37:22 | 001,032,192 | ---- | C] () -- C:\Users\Owner\Documents\horses.msam
[2010/10/19 13:30:26 | 000,019,456 | ---- | C] () -- C:\Users\Owner\Documents\kitten food.msam
[2010/10/18 16:16:52 | 000,024,576 | ---- | C] () -- C:\Users\Owner\Documents\roller pigeon.msam
[2010/10/15 14:05:24 | 000,091,136 | ---- | C] () -- C:\Users\Owner\Documents\pigeon feed.msam
[2010/10/12 17:06:04 | 000,001,037 | ---- | C] () -- C:\Users\Owner\Desktop\SimpleOCR.lnk
[2010/10/12 17:06:04 | 000,000,309 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2010/10/12 13:55:45 | 000,435,200 | ---- | C] () -- C:\Users\Owner\Documents\free college grant.msam
[2010/10/12 13:10:41 | 000,101,376 | ---- | C] () -- C:\Users\Owner\Documents\lego.msam
[2010/10/11 11:38:28 | 000,544,768 | ---- | C] () -- C:\Users\Owner\Documents\archery.msam
[2010/10/08 12:32:00 | 000,029,696 | ---- | C] () -- C:\Users\Owner\Documents\web site traffic 2.msam
[2010/10/07 17:06:16 | 000,182,272 | ---- | C] () -- C:\Users\Owner\Documents\john and kate plus 8.msam
[2010/10/06 11:44:31 | 000,058,368 | ---- | C] () -- C:\Users\Owner\Documents\screen shot pc.msam
[2010/10/01 17:07:46 | 132,775,551 | ---- | C] () -- C:\Users\Owner\Desktop\TwitterMarketingSecret.zip
[2010/10/01 09:33:58 | 000,039,936 | ---- | C] () -- C:\Users\Owner\Documents\screen shot.msam
[2010/10/01 09:26:32 | 002,343,079 | ---- | C] () -- C:\Users\Owner\Desktop\j.mp3
[2010/09/30 12:15:46 | 000,281,600 | ---- | C] () -- C:\Users\Owner\Documents\terry pratchett.msam
[2010/09/28 10:07:02 | 000,002,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Print Your Screen v1.0.lnk
[2010/09/28 09:43:55 | 000,284,672 | ---- | C] () -- C:\Users\Owner\Documents\printing your screen.msam
[2010/09/27 16:13:38 | 000,440,320 | ---- | C] () -- C:\Users\Owner\Documents\pigeon racing 2.msam
[2010/07/28 13:31:18 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/07/28 13:21:37 | 000,000,197 | ---- | C] () -- C:\Windows\SysWow64\MPUI.ini
[2010/07/09 16:40:44 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/07/09 16:40:44 | 000,002,145 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/05/25 13:42:49 | 000,004,873 | ---- | C] () -- C:\ProgramData\vsrenaae.pyv
[2010/05/07 12:25:15 | 000,734,870 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/20 16:23:27 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2010/04/17 17:47:01 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/03/24 19:51:58 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/03/24 19:51:58 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/03/24 19:51:40 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2150N.INI
[2010/03/24 19:51:40 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010/03/24 19:51:08 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/03/24 19:47:00 | 000,000,375 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/01/11 21:59:10 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/12/28 20:11:45 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2009/12/28 20:06:22 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/12/28 20:06:22 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/12/28 20:06:22 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/12/28 20:06:22 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/12/28 20:06:22 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/12/28 20:06:22 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009/12/26 15:01:45 | 000,000,129 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/26 15:01:44 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/12/22 18:00:35 | 000,000,019 | ---- | C] () -- C:\Users\Owner\AppData\Local\Run.ini
[2009/07/24 12:33:22 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\SGList32.dll
[2009/07/24 12:33:16 | 000,278,528 | ---- | C] () -- C:\Windows\SysWow64\SGTool32.dll
[2009/07/24 12:33:12 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\SGIntl32.dll
[2009/07/24 12:33:10 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\SGDt32.dll
[2009/07/24 12:33:08 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SGHelp32.dll
[2009/07/24 12:33:04 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\SGSchemeXml.dll
[2009/07/24 12:32:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\SGSchemeXP.dll
[2009/07/24 12:32:52 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\SGSchemeDefault.dll
[2009/07/24 12:32:48 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\SGSchemeManager.dll
[2009/07/24 12:32:40 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\SGCom32.dll
[2009/07/24 12:32:06 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\SGSTDREG.dll
[2009/07/24 12:32:00 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\SGRegister.dll
[2009/07/24 12:31:58 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\SGWebBrowser.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/12/23 10:33:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\SgELauncher.dll
[2008/12/23 10:33:26 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\SgEData.dll
[2008/12/22 11:28:06 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\SageFolderBrowser.dll
[2008/12/01 16:36:12 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\SGCtrlEx.dll
[2008/12/01 16:36:06 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\SGTBAR32.DLL
[2008/12/01 16:36:02 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\SGSTAT32.DLL
[2008/12/01 16:36:02 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\SGLOGO32.DLL
[2008/12/01 16:36:00 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\SGJPEG32.dll
[2008/12/01 16:35:56 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\SGCDLG32.DLL
[2008/12/01 16:35:36 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\SGAPPBAR.DLL
[2008/12/01 16:35:34 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\SG3D32.DLL
[2007/07/26 12:01:50 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll
[2006/11/01 17:41:24 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\SGLCH32.DLL
[2006/11/01 17:41:16 | 001,712,128 | ---- | C] () -- C:\Windows\SysWow64\SGRep32.dll
[2002/04/16 12:27:54 | 000,000,005 | ---- | C] () -- C:\Windows\SysWow64\CdI5T.drv
[1998/03/26 02:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\SgHmZLib.dll

========== LOP Check ==========

[2010/06/22 16:05:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Airytec
[2010/07/28 13:12:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft
[2010/06/22 08:49:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2010/07/27 14:27:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CherryPickerLive
[2010/07/26 11:34:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FaceWizard
[2010/10/26 17:17:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FileZilla
[2010/10/13 14:37:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\G-Lock Software
[2010/10/13 14:37:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GlarySoft
[2010/03/31 12:16:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Good Keywords v2
[2010/08/23 12:11:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Helios
[2010/08/02 17:04:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IBP
[2010/03/31 13:58:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Keyword Strategy Studio Pro
[2010/07/01 11:32:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/09/06 15:24:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MP3SkypeRecorder
[2010/10/13 14:37:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2010/07/09 16:41:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\proDAD
[2010/10/13 14:37:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Serif
[2010/10/21 11:27:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Simply Super Software
[2010/10/26 16:31:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2010/10/05 10:42:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TrafficAnarchy
[2010/05/19 09:36:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ubot
[2010/10/13 14:37:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ulead Systems
[2010/10/14 16:43:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/01/04 16:45:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Vodafone
[2009/12/28 19:07:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2010/03/29 23:33:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2010/07/21 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xilisoft Corporation
[2009/12/24 19:26:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\_MDLogs
[2010/10/27 09:25:18 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/09/30 17:22:09 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/07/02 13:15:42 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8CE646EE

< End of report >




OTL Extras logfile created on: 27/10/2010 09:36:21 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.53 Gb Total Space | 821.79 Gb Free Space | 89.56% Space Free | Partition Type: NTFS
Drive D: | 13.88 Gb Total Space | 2.44 Gb Free Space | 17.60% Space Free | Partition Type: NTFS

Computer Name: HP6227 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.reg[@ = Regedit.Document] -- c:\Winnt\Regedit.exe File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.reg [@ = Regedit.Document] -- c:\Winnt\Regedit.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA4F08D1-4578-461E-890A-6F9606F26131}" = AMD64Bit
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"Airytec Switch Off" = Airytec Switch Off
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"RealVNC_is1" = VNC Personal Edition P4.5.1
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VNCPrinter_is1" = VNC Printer Driver 1.6.0
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4
"_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW® Graphics Suite X4 - Extra Content
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{018E037F-AD60-4632-AAF7-688A4B26BD0D}" = KeywordCorral
"{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking
"{05C907B3-B42E-435F-AC23-CE5C0DCE828D}" = Print Your Screen v1.0 License Generator
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A1CAF84-CDC8-477F-997F-800AB090EA46}" = Serif Premium Template Pack 1 for WebPlus
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1CED286D-B45F-46BB-8EF4-73924C0FC970}_is1" = Website Submitter 3.0.0.0
"{1F1C4668-7767-4109-9B5E-19AD056F2CA0}" = MP3 Skype Recorder
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{40FC81EA-21F7-44FB-A6F2-A4D6328F4C4F}" = CorelDRAW Graphics Suite X4 - Lang SU
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C9B0900-90C6-45E5-8D3E-86129974A53D}" = Enhanced Multimedia Keyboard Solution(USB)
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = DVD Copy
"{4E097EB0-0674-4CAD-B73F-2A3179BB477A}_is1" = Press Release Submitter 3.0.0.1
"{5431746A-60A3-4529-8A07-A7B726FF35A5}" = CommentKahuna
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{60103DBD-B2E6-4C64-A409-36C856029364}_is1" = Article Spinner 3.0.2.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}" = Microsoft Expression Web 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6834B8AE-D23B-4B26-A919-6515844CF2BA}" = CorelDRAW Graphics Suite X4 - Lang PL
"{6B74A93E-81E7-51C6-6F87-7E0D3CC57BF6}" = Market Samurai
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6B8B0-C4E8-4EEA-9BEB-645EC1F079A3}_is1" = Article Submitter 3.0.4.0
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7CE12FDF-B758-46A5-A8CD-785EDFDC5B84}" = Workspace Macro 4.6
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW Graphics Suite X4 - Extra Content
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}" = Serif WebPlus X2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90206544-8DAA-416E-8D78-A6A3352BC10B}" = PressBot
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}" = Serif WebPlus X4 Resources
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4
"{9CB43A29-9E60-43F7-927C-2196137ED7E0}_is1" = Feed Submitter 3.0.0.0
"{9CDA415B-974B-4384-8CA6-9327D5B4270B}" = CorelDRAW Graphics Suite X4 - Lang SV
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{A6F66861-30A4-4DEB-BA1C-D463B869B978}_is1" = Website Popularity 2.9.0.0
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4ACB4BA-00E7-4760-A61D-74D61A21EB2A}" = Backlink Submitter
"{B5D51FCD-CCC5-4310-8F80-4DFC67B507DC}" = PR Ninja
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CA8D31CA-B337-4B11-8D25-D8D638E13D17}" = Print Your Screen v1.0 Trial
"{CABEA449-F7B3-49DE-BFC4-240C4AEB20B1}" = Brother HL-2150N
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"{E9980014-BE11-4891-A5F4-0F2917B856BC}" = Microsoft Expression Design 3
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F41A9EE5-A6A8-5647-63D0-F0A5D744612A}" = CherryPicker
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6249ABF-F16D-4AF3-8755-4D62F799C238}" = Google AdWords Editor
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F73340A9-8AA9-49C4-937E-E271B837056C}" = Microsoft Expression Encoder 3
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Any Video Converter_is1" = Any Video Converter 3.0.7
"AOL Toolbar" = AOL Toolbar 5.0
"Audacity_is1" = Audacity 1.2.6
"Box Shot 3D" = Box Shot 3D
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"CherryPickerLive" = CherryPicker
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Design_6.0.1739.0" = Microsoft Expression Design 3
"EasyBits Magic Desktop" = Magic Desktop
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"Fast Blog Finder_is1" = Fast Blog Finder 2.60
"FileZilla Client" = FileZilla Client 3.3.2.1
"FLV Player" = FLV Player 2.0 (build 25)
"Glary Utilities_is1" = Glary Utilities 2.23.0.923
"Good Keywords v2.01_is1" = Good Keywords v2.01.100107
"Good Keywords v3_is1" = Good Keywords v3 072809
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP LaserJet P1500 series" = HP LaserJet P1500 series
"HP Remote Solution" = HP Remote Solution
"IBP11_is1" = IBP 11.6
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = Corel DVD Copy 6
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"Keyword Strategy Studio Pro_is1" = Keyword Strategy Studio Pro v2010.030210
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"N360" = Norton 360
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"SENuke_is1" = SENuke
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SimpleOCR 3.1" = SimpleOCR 3.1
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spotify" = Spotify
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Syncrosoft License Control" = Syncrosoft License Control
"TheBestSpinner" = TheBestSpinner
"Tipplers" = Tipplers
"Tipplers7 1" = Tipplers7 1
"Trojan Guarder_is1" = Trojan Guarder 6.92
"uTorrent" = µTorrent
"WampServer 2_is1" = WampServer 2.0
"WaveLabLite" = WaveLab LE 6
"Web_3.0.3813.0" = Microsoft Expression Web 3
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xilisoft FLV Converter" = Xilisoft FLV Converter

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"com.poweredbypulse.profile-0-rb-10081" = MobiOne 1.0 M9

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


You're an amazing human being, thank you!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:21 PM

Posted 27 October 2010 - 05:16 PM

You're an amazing human being


Nah, I'm not. But thanks :thumbup2:

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 76.11.221.115:8085
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8CE646EE
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next please run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#9 WillQuick

WillQuick
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 28 October 2010 - 06:23 AM

Hi m0le,

The OTL log is here:

========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
ADS C:\ProgramData\Temp:8CE646EE deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.17.1 log created on 10282010_104409


Here's the MBAM scan log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4308

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28/10/2010 12:06:12
mbam-log-2010-10-28 (12-06-12).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 424817
Time elapsed: 1 hour(s), 13 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files (x86)\Trojan Guarder\bttom.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Users\Owner\Documents\SEO\senuke\fix\loader.exe (Trojan.Kates) -> Quarantined and deleted successfully.


Ahh, I feel giddy! My computer's running like a bloody dream now!

How am I looking?

Will

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:21 PM

Posted 28 October 2010 - 06:49 PM

One more tool to clear out anything not looked for by the "Big Boys"

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#11 WillQuick

WillQuick
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 29 October 2010 - 07:07 AM

Hi m0le,

The scan took about 5 hours and when it was done it had found this:

C:\Users\Owner\AppData\Local\Temp\jar_cache9033211306115983086.tmp a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined

Thanks again for all your help,

Will

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:21 PM

Posted 29 October 2010 - 03:00 PM

Nothing special there. Just a temp file. One thing to say to you WillQuick...

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


1. Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

2. In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the
password or provide confirmation.

3. Click the System Protection tab, and then click Create.

4. In the System Protection dialog box, type a description, and then click Create.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#13 WillQuick

WillQuick
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 01 November 2010 - 08:21 AM

Thanks for all your help, m0le. You've really saved my bacon!

All the best,

Will

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:21 PM

Posted 01 November 2010 - 04:57 PM

You're welcome, Will :thumbup2:
Posted Image
m0le is a proud member of UNITE

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:21 PM

Posted 02 November 2010 - 08:05 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users