Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Host Process Stops working and Closes


  • This topic is locked This topic is locked
9 replies to this topic

#1 Lycanomics

Lycanomics

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 05 February 2011 - 08:31 PM

Hi, been having a really annoying issue today involving one of those "Host process for Windows Services has stopped working and has closed" deals. Thus far I've tried alot of general fixes from complete scans including svc in command prompt and chkdsk at startup, even cleaning out old temp files. Nothing has worked. To compound my frustration, it seems to be linked with an inability to access Windows Update. It appears to have only started today, and what generally happens once it closes is Vista attempts to restart it over, and over again. I'm pretty much out of ideas. I'd really appreciate some help!

Below are some of the most recent error logs taken from Event Viewer.



Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0001624b, process id 0x13dc, application start time 0x01cbc4f13ea95f00


Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected

Thank you for any help!

UPDATE: The is possibly more cause for concern. Apparently I have been blocked from accessing several malware removal and/or internet security sites. This lead me to finger the conficker worm, however recent scans have confirmed that my pc is not infected with it. Hmm. DDS log coming shortly....

BC AdBot (Login to Remove)

 


#2 Lycanomics

Lycanomics
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 05 February 2011 - 08:38 PM

OK, here is the DDS log. Sorry for the length! Attached is the zip file.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Lycan at 17:30:41.35 on Sat 02/05/2011
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1918.803 [GMT -8:00]

AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\aol\1210728131\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Users\Lycan\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wermgr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\spoolsv.exe
C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lycan\Downloads\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ebay.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\lycan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [SpeedBitVideoAccelerator] c:\program files\speedbit video accelerator\VideoAccelerator.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.0\AOL.EXE" -b
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HostManager] c:\program files\common files\aol\1210728131\ee\AOLSoftware.exe
mRun: [Blubster] c:\program files\blubster\Blubster.exe SILENT
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\lycan\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links using BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Download link using &BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll/206
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
Trusted Zone: wolfquest.org\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 93.188.164.35,93.188.160.105
TCP: {2058ABE3-0B7D-4978-A86E-673F575ACF9D} = 93.188.164.35,93.188.160.105
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2010-2-26 3623424]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9bbf3acd1fde0;Google Update Service (gupdate1c9bbf3acd1fde0);c:\program files\google\update\GoogleUpdate.exe [2009-4-12 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 getPlus® Installer;getPlus® Installer;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-7-29 59552]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2011-02-05 03:22:07 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-05 03:15:44 -------- d-----w- c:\users\lycan\appdata\roaming\ErrorSmart
2011-02-05 03:15:38 -------- d-----w- c:\program files\ErrorSmart
2011-02-05 02:57:43 -------- d-----w- C:\06acee3c45d9a543a603e91339b599
2011-02-05 02:35:47 -------- d-----w- c:\program files\CCleaner
2011-02-05 01:47:36 -------- d-----w- c:\program files\SpeedyPC
2011-02-05 01:47:36 -------- d-----w- c:\progra~2\SpeedyPC
2011-01-26 09:12:24 -------- d-----w- c:\program files\East West
2011-01-18 10:38:12 -------- d-----w- c:\program files\AbletonSuite
2011-01-17 22:30:31 831488 ----a-w- c:\windows\system32\MpaDecFilter.ax
2011-01-17 22:30:31 561152 ----a-w- c:\windows\system32\xvidcore.dll
2011-01-17 22:30:31 434176 ----a-w- c:\windows\system32\Mpeg2DecFilter.ax
2011-01-17 22:30:31 376832 ----a-w- c:\windows\system32\AVAide_MpegSplitter.ax
2011-01-17 22:30:31 159744 ----a-w- c:\windows\system32\xvidvfw.dll
2011-01-17 22:30:31 135168 ----a-w- c:\windows\system32\DVDIFOFilter.dll
2011-01-17 22:30:28 -------- d-----w- c:\windows\system32\filters
2011-01-17 22:30:27 -------- d-----w- c:\program files\Aiseesoft Studio
2011-01-17 22:11:10 -------- d-----w- c:\program files\Emicsoft Studio

==================== Find3M ====================

2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST316081 rev.3.CH -> Harddisk0\DR0 ->

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87591EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x86146872; SUB DWORD [EBP-0x4], 0x8614612e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x82494962] -> \Device\Harddisk0\DR0[0x85C10A88]
3 CLASSPNP[0x82A918B3] -> ntkrnlpa!IofCallDriver[0x82494962] -> [0x85594700]
5 acpi[0x807336BC] -> ntkrnlpa!IofCallDriver[0x82494962] -> [0x851ADC90]
[0x864564C0] -> IRP_MJ_CREATE -> 0x87591EC5
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; }
detected disk devices:
\Device\00000053 -> \??\SCSI#Disk&Ven_ST316081&Prod_5AS#4&18252d01&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x850f61f8
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 17:32:57.01 ===============

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:38 AM

Posted 06 February 2011 - 10:48 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

To compound my frustration, it seems to be linked with an inability to access Windows Update.

This symptom is usually a symptom of an infection called TDL3.

This tool below should fix the issue with updating Windows.

Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Edited by SweetTech, 06 February 2011 - 11:38 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 Lycanomics

Lycanomics
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 06 February 2011 - 11:34 AM

Thanky you! OK, here is the log from TDSSKiller. Strangely, the result was not what I expected. It thus far has not solved the issue of Windows Update and/or reestablishing access to internet security/malware sites to download definition updates, but the host process now seems to be working smoothly. Curious. Well, at least one problem is seemingly resolved! :)



2011/02/06 08:12:58.0272 5404 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/06 08:12:58.0736 5404 ================================================================================
2011/02/06 08:12:58.0736 5404 SystemInfo:
2011/02/06 08:12:58.0736 5404
2011/02/06 08:12:58.0736 5404 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/06 08:12:58.0736 5404 Product type: Workstation
2011/02/06 08:12:58.0736 5404 ComputerName: HOMOLUPISSTUDIO
2011/02/06 08:12:58.0736 5404 UserName: Lycan
2011/02/06 08:12:58.0736 5404 Windows directory: C:\Windows
2011/02/06 08:12:58.0736 5404 System windows directory: C:\Windows
2011/02/06 08:12:58.0736 5404 Processor architecture: Intel x86
2011/02/06 08:12:58.0736 5404 Number of processors: 1
2011/02/06 08:12:58.0736 5404 Page size: 0x1000
2011/02/06 08:12:58.0737 5404 Boot type: Normal boot
2011/02/06 08:12:58.0737 5404 ================================================================================
2011/02/06 08:13:01.0462 5404 Initialize success
2011/02/06 08:13:16.0263 4708 ================================================================================
2011/02/06 08:13:16.0263 4708 Scan started
2011/02/06 08:13:16.0263 4708 Mode: Manual;
2011/02/06 08:13:16.0263 4708 ================================================================================
2011/02/06 08:13:18.0110 4708 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/06 08:13:18.0231 4708 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/02/06 08:13:18.0292 4708 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/02/06 08:13:18.0347 4708 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/02/06 08:13:18.0408 4708 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/02/06 08:13:18.0526 4708 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/02/06 08:13:18.0592 4708 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/02/06 08:13:18.0656 4708 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/06 08:13:18.0941 4708 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/02/06 08:13:18.0989 4708 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/02/06 08:13:19.0046 4708 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/02/06 08:13:19.0111 4708 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/02/06 08:13:19.0135 4708 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/06 08:13:19.0232 4708 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/02/06 08:13:19.0278 4708 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/02/06 08:13:19.0330 4708 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/06 08:13:19.0388 4708 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/02/06 08:13:19.0498 4708 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/06 08:13:19.0561 4708 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/02/06 08:13:19.0616 4708 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/06 08:13:19.0659 4708 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/06 08:13:19.0711 4708 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/06 08:13:19.0766 4708 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/06 08:13:19.0818 4708 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/06 08:13:19.0872 4708 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/06 08:13:19.0934 4708 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/06 08:13:20.0017 4708 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/06 08:13:20.0065 4708 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/06 08:13:20.0123 4708 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/06 08:13:20.0169 4708 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/02/06 08:13:20.0238 4708 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/06 08:13:20.0306 4708 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/02/06 08:13:20.0345 4708 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/02/06 08:13:20.0386 4708 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/02/06 08:13:20.0423 4708 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/02/06 08:13:20.0525 4708 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/06 08:13:20.0614 4708 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/06 08:13:20.0708 4708 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/06 08:13:20.0786 4708 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/06 08:13:20.0866 4708 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/06 08:13:20.0956 4708 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/02/06 08:13:21.0011 4708 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/02/06 08:13:21.0078 4708 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/02/06 08:13:21.0174 4708 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/06 08:13:21.0233 4708 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/06 08:13:21.0292 4708 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/06 08:13:21.0359 4708 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/06 08:13:21.0397 4708 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/06 08:13:21.0441 4708 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/06 08:13:21.0502 4708 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/06 08:13:21.0585 4708 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/06 08:13:21.0618 4708 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/06 08:13:21.0760 4708 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/06 08:13:21.0847 4708 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/06 08:13:21.0889 4708 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/06 08:13:21.0951 4708 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/06 08:13:22.0030 4708 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/02/06 08:13:22.0123 4708 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/02/06 08:13:22.0185 4708 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/02/06 08:13:22.0253 4708 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/02/06 08:13:22.0301 4708 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/02/06 08:13:22.0370 4708 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/06 08:13:22.0415 4708 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/02/06 08:13:22.0474 4708 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/06 08:13:22.0584 4708 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/06 08:13:22.0693 4708 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/02/06 08:13:22.0738 4708 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/06 08:13:22.0792 4708 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/06 08:13:22.0857 4708 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/06 08:13:22.0893 4708 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/06 08:13:22.0930 4708 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/06 08:13:22.0962 4708 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/02/06 08:13:23.0020 4708 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/06 08:13:23.0069 4708 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/06 08:13:23.0099 4708 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/06 08:13:23.0149 4708 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/06 08:13:23.0188 4708 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/06 08:13:23.0293 4708 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/06 08:13:23.0409 4708 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/06 08:13:23.0488 4708 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/06 08:13:23.0542 4708 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/06 08:13:23.0603 4708 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/06 08:13:23.0654 4708 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/06 08:13:23.0710 4708 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/02/06 08:13:23.0764 4708 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/02/06 08:13:23.0817 4708 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/02/06 08:13:23.0876 4708 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/06 08:13:23.0943 4708 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/06 08:13:23.0974 4708 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/06 08:13:24.0020 4708 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/06 08:13:24.0067 4708 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/06 08:13:24.0175 4708 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/02/06 08:13:24.0228 4708 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/02/06 08:13:24.0273 4708 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/02/06 08:13:24.0319 4708 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/06 08:13:24.0376 4708 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/06 08:13:24.0462 4708 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/06 08:13:24.0520 4708 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/06 08:13:24.0575 4708 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/06 08:13:24.0637 4708 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/06 08:13:24.0698 4708 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/02/06 08:13:24.0752 4708 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/02/06 08:13:24.0826 4708 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/06 08:13:24.0871 4708 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/06 08:13:24.0933 4708 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/06 08:13:24.0998 4708 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/06 08:13:25.0069 4708 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/06 08:13:25.0144 4708 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/06 08:13:25.0206 4708 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/06 08:13:25.0239 4708 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/06 08:13:25.0274 4708 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/06 08:13:25.0341 4708 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/06 08:13:25.0431 4708 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/06 08:13:25.0495 4708 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/06 08:13:25.0542 4708 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/06 08:13:25.0613 4708 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/06 08:13:25.0646 4708 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/06 08:13:25.0681 4708 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/06 08:13:25.0757 4708 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/06 08:13:25.0851 4708 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/06 08:13:25.0939 4708 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/02/06 08:13:26.0008 4708 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/06 08:13:26.0058 4708 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/06 08:13:26.0146 4708 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/06 08:13:26.0204 4708 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/06 08:13:26.0226 4708 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/06 08:13:26.0295 4708 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/02/06 08:13:26.0512 4708 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/06 08:13:26.0722 4708 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/02/06 08:13:26.0779 4708 nvrd32 (6f5bb0b40d251351a913b61ba9d64b3f) C:\Windows\system32\drivers\nvrd32.sys
2011/02/06 08:13:26.0825 4708 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\drivers\nvsmu.sys
2011/02/06 08:13:26.0866 4708 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/02/06 08:13:26.0910 4708 nvstor32 (1a649b87a7b7c1220a2b16b121f2198e) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/02/06 08:13:26.0973 4708 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/02/06 08:13:27.0077 4708 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/02/06 08:13:27.0155 4708 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/06 08:13:27.0198 4708 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/06 08:13:27.0258 4708 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/06 08:13:27.0384 4708 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/06 08:13:27.0413 4708 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/02/06 08:13:27.0479 4708 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/06 08:13:27.0563 4708 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/06 08:13:27.0706 4708 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/06 08:13:27.0766 4708 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/02/06 08:13:27.0874 4708 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/06 08:13:27.0941 4708 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/02/06 08:13:28.0025 4708 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/02/06 08:13:28.0140 4708 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/06 08:13:28.0172 4708 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/06 08:13:28.0197 4708 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/06 08:13:28.0230 4708 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/06 08:13:28.0300 4708 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/06 08:13:28.0352 4708 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/06 08:13:28.0414 4708 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/06 08:13:28.0453 4708 RDPCDD (9a00872ce832edc1eb544c2cf2fc8d7d) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/06 08:13:28.0454 4708 Suspicious file (Forged): C:\Windows\system32\DRIVERS\RDPCDD.sys. Real md5: 9a00872ce832edc1eb544c2cf2fc8d7d, Fake md5: 89e59be9a564262a3fb6c4f4f1cd9899
2011/02/06 08:13:28.0460 4708 RDPCDD - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/06 08:13:28.0539 4708 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/02/06 08:13:28.0560 4708 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/06 08:13:28.0626 4708 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/06 08:13:28.0747 4708 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/06 08:13:28.0819 4708 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/06 08:13:28.0906 4708 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/06 08:13:28.0951 4708 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/06 08:13:28.0985 4708 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/06 08:13:29.0014 4708 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/06 08:13:29.0083 4708 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/02/06 08:13:29.0117 4708 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/06 08:13:29.0153 4708 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/06 08:13:29.0219 4708 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/06 08:13:29.0295 4708 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/02/06 08:13:29.0350 4708 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/02/06 08:13:29.0384 4708 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/02/06 08:13:29.0476 4708 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/06 08:13:29.0552 4708 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/06 08:13:29.0636 4708 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/02/06 08:13:29.0636 4708 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/02/06 08:13:29.0647 4708 sptd - detected Locked file (1)
2011/02/06 08:13:29.0703 4708 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/02/06 08:13:29.0735 4708 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/06 08:13:29.0768 4708 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/06 08:13:29.0831 4708 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/06 08:13:29.0885 4708 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/06 08:13:29.0918 4708 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/06 08:13:29.0952 4708 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/06 08:13:30.0058 4708 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/02/06 08:13:30.0158 4708 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/06 08:13:30.0214 4708 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/06 08:13:30.0255 4708 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/06 08:13:30.0290 4708 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/06 08:13:30.0365 4708 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/06 08:13:30.0427 4708 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/06 08:13:30.0513 4708 TPkd (2f4e8077febfe11199ee3b011a34cd18) C:\Windows\system32\drivers\TPkd.sys
2011/02/06 08:13:30.0569 4708 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/06 08:13:30.0593 4708 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/06 08:13:30.0672 4708 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/06 08:13:30.0730 4708 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/02/06 08:13:30.0789 4708 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/06 08:13:30.0867 4708 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/06 08:13:30.0909 4708 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/02/06 08:13:30.0959 4708 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/06 08:13:30.0995 4708 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/06 08:13:31.0026 4708 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/06 08:13:31.0148 4708 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/02/06 08:13:31.0185 4708 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/06 08:13:31.0224 4708 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/06 08:13:31.0276 4708 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/06 08:13:31.0343 4708 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/06 08:13:31.0368 4708 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/06 08:13:31.0421 4708 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/06 08:13:31.0460 4708 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/06 08:13:31.0504 4708 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/06 08:13:31.0552 4708 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/06 08:13:31.0604 4708 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/06 08:13:31.0651 4708 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/06 08:13:31.0694 4708 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/02/06 08:13:31.0753 4708 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/02/06 08:13:31.0805 4708 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/02/06 08:13:31.0845 4708 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/06 08:13:31.0929 4708 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/06 08:13:31.0997 4708 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/06 08:13:32.0046 4708 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/02/06 08:13:32.0115 4708 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/06 08:13:32.0139 4708 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/06 08:13:32.0159 4708 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/06 08:13:32.0216 4708 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2011/02/06 08:13:32.0282 4708 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/02/06 08:13:32.0353 4708 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/06 08:13:32.0477 4708 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/02/06 08:13:32.0632 4708 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/02/06 08:13:32.0690 4708 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/02/06 08:13:32.0805 4708 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/06 08:13:32.0861 4708 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/06 08:13:32.0968 4708 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/02/06 08:13:33.0152 4708 ================================================================================
2011/02/06 08:13:33.0152 4708 Scan finished
2011/02/06 08:13:33.0152 4708 ================================================================================
2011/02/06 08:13:33.0170 3336 Detected object count: 2
2011/02/06 08:14:18.0089 3336 RDPCDD (9a00872ce832edc1eb544c2cf2fc8d7d) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/06 08:14:18.0089 3336 Suspicious file (Forged): C:\Windows\system32\DRIVERS\RDPCDD.sys. Real md5: 9a00872ce832edc1eb544c2cf2fc8d7d, Fake md5: 89e59be9a564262a3fb6c4f4f1cd9899
2011/02/06 08:14:18.0394 3336 Backup copy found, using it..
2011/02/06 08:14:18.0401 3336 C:\Windows\system32\DRIVERS\RDPCDD.sys - will be cured after reboot
2011/02/06 08:14:18.0401 3336 Rootkit.Win32.TDSS.tdl3(RDPCDD) - User select action: Cure
2011/02/06 08:14:18.0406 3336 Locked file(sptd) - User select action: Skip
2011/02/06 08:17:37.0453 2320 Deinitialize success

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:38 AM

Posted 06 February 2011 - 11:39 AM

Hello Lycanomics,

Strangely, the result was not what I expected. It thus far has not solved the issue of Windows Update and/or reestablishing access to internet security/malware sites to download definition updates, but the host process now seems to be working smoothly. Curious. Well, at least one problem is seemingly resolved!

hmm.. that's interesting as the TDSSKiller scan found an infection, and appears to have solved it.

I must point out the following:

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.




Do you have the OTL logs?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 Lycanomics

Lycanomics
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 06 February 2011 - 11:46 AM

OK, here are the OTL reports. Again, thank for your help!


OTL logfile created on: 2/6/2011 8:38:41 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Lycan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.19 Gb Total Space | 19.17 Gb Free Space | 13.67% Space Free | Partition Type: NTFS
Drive D: | 8.86 Gb Total Space | 1.20 Gb Free Space | 13.54% Space Free | Partition Type: NTFS

Computer Name: HOMOLUPISSTUDIO | User Name: Lycan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/06 08:38:09 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Lycan\Desktop\OTL.exe
PRC - [2011/02/06 08:12:34 | 001,360,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lycan\Desktop\tdsskiller\TDSSKiller.exe
PRC - [2011/01/07 19:35:52 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/14 03:39:46 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Lycan\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/05/14 05:55:58 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/04/20 14:32:20 | 001,607,272 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
PRC - [2010/04/20 14:32:20 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/04/20 14:32:20 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2010/04/12 14:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/26 09:52:24 | 001,234,216 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/02/26 08:19:54 | 003,623,424 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/11 22:20:48 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/07/03 10:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/20 18:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 03:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/11/10 04:12:08 | 000,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\shellmon.exe
PRC - [2006/11/10 04:11:58 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\waol.exe
PRC - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/09/25 16:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1210728131\ee\aolsoftware.exe


========== Modules (SafeList) ==========

MOD - [2011/02/06 08:38:09 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Lycan\Desktop\OTL.exe
MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/04 18:04:28 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/04/20 14:32:20 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 08:19:54 | 003,623,424 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/19 13:14:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/03/16 16:45:14 | 000,059,552 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Installer) getPlus®
SRV - [2008/01/20 18:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/12/16 20:04:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/02 13:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/04/10 20:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/07/03 16:03:48 | 002,152,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/22 13:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/20 18:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 18:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 18:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 18:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 18:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 18:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 18:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 18:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 18:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 18:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 18:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 18:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 18:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 18:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 18:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 18:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 18:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 18:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 18:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 18:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 18:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 18:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 18:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 18:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 18:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/07 07:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/12/07 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/11/17 11:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 07:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 12:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1277242936-3510254915-2159929779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
IE - HKU\S-1-5-21-1277242936-3510254915-2159929779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1277242936-3510254915-2159929779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1277242936-3510254915-2159929779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
IE - HKU\S-1-5-21-1277242936-3510254915-2159929779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1277242936-3510254915-2159929779-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1277242936-3510254915-2159929779-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1277242936-3510254915-2159929779-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1277242936-3510254915-2159929779-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/05/13 16:53:40 | 000,001,204 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1277242936-3510254915-2159929779-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe (MP2P Technologies.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1210728131\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1277242936-3510254915-2159929779-1000..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\AOL.EXE (AOL, LLC.)
O4 - HKU\S-1-5-21-1277242936-3510254915-2159929779-1000..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O4 - HKU\S-1-5-21-1277242936-3510254915-2159929779-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Lycan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all links using BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Download link using &BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1277242936-3510254915-2159929779-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1277242936-3510254915-2159929779-1000\..Trusted Domains: wolfquest.org ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.35,93.188.160.105
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lycan\Searches\Pictures\Wolves!\wolf-pack-howling-med.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lycan\Searches\Pictures\Wolves!\wolf-pack-howling-med.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/27 05:19:46 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4a4de82c-2591-11dd-b283-001e8cdfcdb1}\Shell - "" = AutoRun
O33 - MountPoints2\{4a4de82c-2591-11dd-b283-001e8cdfcdb1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/06 08:38:10 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Lycan\Desktop\OTL.exe
[2011/02/06 08:12:33 | 000,000,000 | ---D | C] -- C:\Users\Lycan\Desktop\tdsskiller
[2011/02/04 21:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet
[2011/02/04 19:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/04 19:15:44 | 000,000,000 | ---D | C] -- C:\Users\Lycan\AppData\Roaming\ErrorSmart
[2011/02/04 19:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ErrorSmart
[2011/02/04 19:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\ErrorSmart
[2011/02/04 18:57:43 | 000,000,000 | ---D | C] -- C:\06acee3c45d9a543a603e91339b599
[2011/02/04 18:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/02/04 18:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/02/04 17:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC
[2011/02/04 17:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedyPC
[2011/02/04 17:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC
[2011/01/26 01:13:06 | 000,000,000 | ---D | C] -- C:\Users\Lycan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\East West EWQLSO Gold Edition
[2011/01/26 01:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\East West EWQLSO Gold Edition
[2011/01/26 01:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\East West
[2011/01/18 02:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbletonSuite
[2011/01/18 02:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\AbletonSuite
[2011/01/17 14:33:09 | 000,000,000 | ---D | C] -- C:\Users\Lycan\Documents\Aiseesoft Studio
[2011/01/17 14:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
[2011/01/17 14:30:31 | 000,831,488 | ---- | C] (Gabest) -- C:\Windows\System32\MpaDecFilter.ax
[2011/01/17 14:30:31 | 000,434,176 | ---- | C] (Gabest) -- C:\Windows\System32\Mpeg2DecFilter.ax
[2011/01/17 14:30:31 | 000,376,832 | ---- | C] (Gabest) -- C:\Windows\System32\AVAide_MpegSplitter.ax
[2011/01/17 14:30:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\filters
[2011/01/17 14:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Aiseesoft Studio
[2011/01/17 14:11:22 | 000,000,000 | ---D | C] -- C:\Users\Lycan\Documents\Emicsoft Studio
[2011/01/17 14:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emicsoft
[2011/01/17 14:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\Emicsoft Studio

========== Files - Modified Within 30 Days ==========

[2011/02/06 08:38:09 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Lycan\Desktop\OTL.exe
[2011/02/06 08:36:37 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{621F8B85-49C0-4E3D-A101-58B09AE55016}.job
[2011/02/06 08:24:31 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/06 08:24:31 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/06 08:24:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/06 08:21:48 | 000,002,453 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2011/02/06 08:20:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/06 08:20:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/06 08:20:15 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/06 08:19:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/06 08:12:15 | 001,246,371 | ---- | M] () -- C:\Users\Lycan\Desktop\tdsskiller.zip
[2011/02/05 17:38:03 | 000,006,035 | ---- | M] () -- C:\Users\Lycan\Documents\Attach.zip
[2011/02/04 21:45:07 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
[2011/02/04 21:29:41 | 000,000,036 | ---- | M] () -- C:\Users\Lycan\AppData\Local\housecall.guid.cache
[2011/02/04 19:23:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/02/04 19:15:46 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\ErrorSmart Scheduled Scan.job
[2011/02/04 19:15:38 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\ErrorSmart.lnk
[2011/02/04 18:55:27 | 002,128,896 | ---- | M] () -- C:\Users\Lycan\AppData\Local\cooliris-win-ie-release-1.11.7.31969.en-US.msi
[2011/02/04 18:44:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1277242936-3510254915-2159929779-1000UA.job
[2011/02/04 18:39:50 | 000,005,280 | ---- | M] () -- C:\Users\Lycan\Documents\cc_20110204_183947.reg
[2011/02/04 18:39:31 | 000,006,982 | ---- | M] () -- C:\Users\Lycan\Documents\cc_20110204_183927.reg
[2011/02/04 18:37:45 | 000,282,966 | ---- | M] () -- C:\Users\Lycan\Documents\cc_20110204_183642.reg
[2011/02/04 18:35:48 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/04 17:47:39 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Program Check.job
[2011/02/04 17:47:39 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SpeedyPC.job
[2011/02/04 17:47:37 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\SpeedyPC.lnk
[2011/02/04 13:18:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/04 04:44:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1277242936-3510254915-2159929779-1000Core.job
[2011/01/30 23:54:14 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011/01/28 18:45:27 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLycan.job
[2011/01/26 01:13:36 | 000,000,897 | ---- | M] () -- C:\Users\Lycan\Desktop\EWQLSO Gold Edition.lnk
[2011/01/26 00:49:02 | 000,155,136 | ---- | M] () -- C:\Users\Lycan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/18 02:51:54 | 000,000,995 | ---- | M] () -- C:\Users\Lycan\Application Data\Microsoft\Internet Explorer\Quick Launch\Live 8.0.1.lnk
[2011/01/18 02:51:41 | 000,000,971 | ---- | M] () -- C:\Users\Lycan\Desktop\Live 8.0.1.lnk
[2011/01/17 14:30:33 | 000,001,205 | ---- | M] () -- C:\Users\Lycan\Desktop\Aiseesoft Mod Video Converter.lnk
[2011/01/17 14:11:13 | 000,001,114 | ---- | M] () -- C:\Users\Lycan\Desktop\Emicsoft Mod Converter.lnk
[2011/01/13 15:45:36 | 000,002,048 | ---- | M] () -- C:\Users\Lycan\Desktop\Google Chrome.lnk
[2011/01/13 15:45:36 | 000,002,010 | ---- | M] () -- C:\Users\Lycan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/02/06 08:12:13 | 001,246,371 | ---- | C] () -- C:\Users\Lycan\Desktop\tdsskiller.zip
[2011/02/05 17:38:03 | 000,006,035 | ---- | C] () -- C:\Users\Lycan\Documents\Attach.zip
[2011/02/04 21:29:41 | 000,000,036 | ---- | C] () -- C:\Users\Lycan\AppData\Local\housecall.guid.cache
[2011/02/04 20:11:22 | 000,000,392 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{621F8B85-49C0-4E3D-A101-58B09AE55016}.job
[2011/02/04 19:23:42 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/02/04 19:22:11 | 000,001,774 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/02/04 19:15:46 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\ErrorSmart Scheduled Scan.job
[2011/02/04 19:15:38 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\ErrorSmart.lnk
[2011/02/04 18:39:49 | 000,005,280 | ---- | C] () -- C:\Users\Lycan\Documents\cc_20110204_183947.reg
[2011/02/04 18:39:29 | 000,006,982 | ---- | C] () -- C:\Users\Lycan\Documents\cc_20110204_183927.reg
[2011/02/04 18:36:47 | 000,282,966 | ---- | C] () -- C:\Users\Lycan\Documents\cc_20110204_183642.reg
[2011/02/04 18:35:48 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/04 17:47:39 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Program Check.job
[2011/02/04 17:47:39 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\SpeedyPC.job
[2011/02/04 17:47:37 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\SpeedyPC.lnk
[2011/01/26 01:13:36 | 000,000,897 | ---- | C] () -- C:\Users\Lycan\Desktop\EWQLSO Gold Edition.lnk
[2011/01/17 14:30:33 | 000,001,205 | ---- | C] () -- C:\Users\Lycan\Desktop\Aiseesoft Mod Video Converter.lnk
[2011/01/17 14:30:31 | 000,561,152 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/17 14:30:31 | 000,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/01/17 14:30:31 | 000,135,168 | ---- | C] () -- C:\Windows\System32\DVDIFOFilter.dll
[2011/01/17 14:11:13 | 000,001,114 | ---- | C] () -- C:\Users\Lycan\Desktop\Emicsoft Mod Converter.lnk
[2010/09/25 18:53:07 | 000,000,000 | ---- | C] () -- C:\Users\Lycan\AppData\Roaming\.NANotifyHere
[2010/06/28 16:21:29 | 006,580,224 | ---- | C] () -- C:\Windows\System32\PSP MicroWarmer.dll
[2010/06/28 16:21:28 | 006,618,624 | ---- | C] () -- C:\Windows\System32\PSP VintageWarmer2.dll
[2010/06/28 16:21:27 | 006,611,456 | ---- | C] () -- C:\Windows\System32\PSP VintageWarmer.dll
[2010/01/10 14:41:13 | 002,128,896 | ---- | C] () -- C:\Users\Lycan\AppData\Local\cooliris-win-ie-release-1.11.7.31969.en-US.msi
[2010/01/05 23:25:43 | 000,000,032 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010/01/03 20:34:39 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2009/12/24 12:46:32 | 001,215,054 | ---- | C] () -- C:\Users\Lycan\AppData\Local\cooliris-win-ie-release-1.11.6.31225.en-US.msi
[2009/12/16 20:49:30 | 000,000,000 | -H-- | C] () -- C:\Users\Lycan\AppData\Roaming\.10F1F49228CEB20A.sys
[2009/12/02 20:44:18 | 000,520,267 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2009/11/08 02:52:54 | 000,000,680 | ---- | C] () -- C:\Users\Lycan\AppData\Local\d3d9caps.dat
[2009/10/18 15:50:53 | 000,678,638 | ---- | C] () -- C:\Users\Lycan\AppData\Local\cooliris-win-ie-release-1.11.5.29501.en-US.msi
[2009/10/08 14:40:11 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/09/16 13:47:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/28 22:12:42 | 000,000,163 | ---- | C] () -- C:\Users\Lycan\AppData\Roaming\PLGComp.ini
[2009/07/29 18:32:01 | 002,119,680 | ---- | C] () -- C:\Users\Lycan\AppData\Local\cooliris-win-ie-release-1.11.2.27471.en-US.msi
[2009/07/29 18:31:09 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/07/29 18:31:09 | 000,000,088 | RHS- | C] () -- C:\ProgramData\B3445C3A95.sys
[2009/07/24 18:58:26 | 000,000,108 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2009/06/30 16:35:03 | 002,118,144 | ---- | C] () -- C:\Users\Lycan\AppData\Local\cooliris-win-ie-release-1.11.0.26762.en-US.msi
[2009/04/15 21:07:34 | 002,545,152 | ---- | C] () -- C:\Users\Lycan\AppData\Local\cooliris-win-ie-release-1.10.0.24532.en-US.msi
[2009/04/05 21:01:09 | 002,367,488 | ---- | C] () -- C:\Users\Lycan\AppData\Local\cooliris-win-ie-release-1.9.2.22788.en-US.msi
[2008/12/22 19:46:36 | 002,351,616 | ---- | C] () -- C:\Users\Lycan\AppData\Local\cooliris-win-ie-release-1.9.1.17582.msi
[2008/11/26 15:55:45 | 002,327,552 | ---- | C] () -- C:\Users\Lycan\AppData\Local\cooliris-win-ie-release-1.9.0.16396.msi
[2008/11/10 15:37:30 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2008/10/19 03:00:50 | 000,005,100 | ---- | C] () -- C:\ProgramData\kaevcwgh.slj
[2008/08/02 12:26:08 | 000,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/06/24 13:03:08 | 000,001,955 | ---- | C] () -- C:\Windows\tabled32.ini
[2008/06/12 13:08:22 | 000,001,590 | ---- | C] () -- C:\Windows\tefview.ini
[2008/05/28 21:34:48 | 000,004,670 | ---- | C] () -- C:\Users\Lycan\AppData\Roaming\wklnhst.dat
[2008/05/25 13:03:37 | 000,155,136 | ---- | C] () -- C:\Users\Lycan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/27 05:20:00 | 000,000,068 | ---- | C] () -- C:\Windows\System32\Compaq_Demo.ini
[2008/02/27 05:08:28 | 000,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/02/27 04:56:59 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/02/27 04:56:59 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/03 07:53:03 | 000,069,632 | ---- | C] () -- C:\Windows\System32\com.fxpansion.fxshared.dll
[2002/03/16 16:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000106.DLL
[2000/07/22 15:49:46 | 000,431,104 | ---- | C] () -- C:\Windows\System32\VFCodec.dll
[1999/11/11 02:39:00 | 000,481,792 | ---- | C] () -- C:\Windows\System32\RFFTW2dll.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:68F4226F
@Alternate Data Stream - 1013 bytes -> C:\Users\Lycan\AppData\Local\gKYhQeQD8AVF4B:1GOwH9uYNt65QLgsv9xp5yFqEYgVY

< End of report >



EXTRAS


OTL Extras logfile created on: 2/6/2011 8:38:41 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Lycan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.19 Gb Total Space | 19.17 Gb Free Space | 13.67% Space Free | Partition Type: NTFS
Drive D: | 8.86 Gb Total Space | 1.20 Gb Free Space | 13.54% Space Free | Partition Type: NTFS

Computer Name: HOMOLUPISSTUDIO | User Name: Lycan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1277242936-3510254915-2159929779-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Lycan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7D89EE33-83DE-4EF8-A0FF-B8776F982117}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{804C0BF1-5114-4803-BCA3-1D697F4934D4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E172EAB9-670A-4F69-83EE-4B42A811DAEC}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E31760D8-87B2-4576-BEF5-C8D4B6B52C92}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02DFAF26-61F6-41E2-B33E-4EAF865C3239}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{056273F1-6D69-4A72-AE7F-D17296A4F51B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{0DFB01FD-6B7A-4230-8E8A-AE69A6FA583A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{27C31B81-664F-435C-8AC7-469EA91BC263}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3C32C1E4-9771-4F76-996E-544FC961E213}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{4A649618-2B52-4A3F-A395-D5109BCE65F9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{52B95AAE-8355-46B8-9722-7570313EBD8E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{54EC8505-5ACE-469E-A105-22AFA7BA35D6}" = protocol=6 | dir=in | app=c:\program files\blubster\blubster.exe |
"{576AE06C-4F1E-4E7A-945A-1453F5A680D5}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{721BF63C-8B67-43AD-B47D-24938CEC03C6}" = protocol=17 | dir=in | app=c:\program files\blubster\blubster.exe |
"{7E68DFBC-E4D9-4920-9559-00279969A273}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{7ED9CF4D-5163-4E65-8A73-9761CE30437B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{825DF31D-1A10-4005-B01E-2A44235752E0}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{91005796-F378-4087-8847-5EACA2C468F3}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{92BF464A-6C7C-4909-AC3C-27B462E4E2C1}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{98CADC65-6311-457A-A352-7F652D847E8D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{9C055A58-AE24-46C5-9D56-56EF27A43E6D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{A382B071-8C31-4063-8F8A-53315AF786A9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AE399684-D5EB-4E98-9119-B71C37A6C4BA}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{C0195703-024E-45AC-B41A-394EEDE1AA5E}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{C907BC9D-2B57-430D-8B50-FB05566DBE57}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C921242B-F760-40A2-9A3B-04324FF0AA66}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{D020448F-C579-4047-BAC8-7CB0A2287AAF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{D332EEDF-A4CC-44A3-9C8E-79D11A46AC35}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D344FA80-439E-401E-A2C4-C1F76A905AA4}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E1637C4B-21C4-4C7F-9CE2-56027CACED41}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{E2170C69-FE19-44BC-AD2C-A728E9D860D9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{EF932550-25C2-4F2F-8FD8-A76B144900D2}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{FF48053C-32D1-4308-8552-1FEC4452FC59}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe |
"TCP Query User{80925B45-2FA4-4F32-AAD9-C94AB6BABECC}C:\windows\system32\winsock32.exe" = protocol=6 | dir=in | app=c:\windows\system32\winsock32.exe |
"UDP Query User{0B9C38EF-28DD-486A-9641-C782AD234BB9}C:\windows\system32\winsock32.exe" = protocol=17 | dir=in | app=c:\windows\system32\winsock32.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{21E77392-C30A-4AA2-8CA7-5728316939D6}" = AmpliTube X-GEAR
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}" = EZXPercussion
"{2CDB2DCD-1153-4ED4-9D0A-606231CEFE9A}" = LightScribe Template Designs - Art Pack 1
"{2D314071-26CD-47EA-A01E-82FADDE951C5}" = LiquidInstrument Standalone 1.1
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36F0FA39-2875-4EFD-977C-C405A5E4A403}" = LiquidInstrumentDXi2 1.1
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{430399DC-98BC-4A7F-8F8E-77981CABAE05}" = EZXVintage
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus® for Corel
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5701A652-0DCF-40FE-8040-5C09368EEFD6}" = TubeTilla
"{5866520C-8857-4986-833A-039F4584C3F7}" = Toontrack solo
"{5DD152A8-BFB3-439E-90CD-5C00C2116E23}" = AmpliTube 3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65AA5B18-A330-4F35-BCDF-EA85EC888906}" = AVOX Evo VST
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66BA35B0-1911-47EF-B170-1DCFFDA362F1}" = AmpliTube Jimi Hendrix
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7373184D-8E8F-4308-912A-3901071FA1AD}" = LightScribe Applications
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Session IO Driver
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7C07E6E7-F71A-474C-B304-DA2DA87A4768}" = LiquidInstrumentRTAS 1.1
"{7F2B6338-4C07-49A0-BDF0-AD92E3124A7E}" = Compaq Demo
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8094F7AE-CA21-4AF2-A256-BC918CE0E796}" = EZXClaustrophobic
"{82DF9225-13EC-41BD-BE31-AAB121B38166}" = EZXNashville
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8679D366-D73F-4303-92F7-853B13C1F424}" = Microangelo On Display
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9EDEF5B1-B740-4DFF-AC16-E2428E1713E8}" = AmpliTube Metal
"{9FBE5718-E2EB-4F22-B387-D3801C46B8DF}" = WolfQuest
"{A2453C21-B185-437A-933D-EAFC19D0E2D2}" = LiquidInstrumentVst 1.1
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5C16084-032F-4A6D-B19A-2E700421F9FB}" = Microsoft WorldWide Telescope
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B178BACA-880B-4D20-85F9-522F7F2DECBE}" = AmpliTube Fender
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B433D6F2-FC3F-4D63-9D1F-3119572064C2}" = AmpliTube 2 Live
"{B80954EE-5CA9-4202-BB8C-0DC3E332F47F}" = Native Instruments Kontakt 3
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 Driver
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD01F17A-33FF-4EF5-B6CE-C27E01F0A29E}" = ErrorSmart
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1976CB8-C1B7-4E5A-B66D-3C355520303C}" = LiquidInstrumentVst 1.1
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF1D7323-8A0A-49C7-83B0-088DB90721E2}" = AmpegSVX
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}" = EZXTwisted
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE72186D-A4A5-4504-839C-B14FC3432DA1}" = LightScribe Template Designs - Fantasy Pack 1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC847A65-2A8C-3255-B4C7-E6D2A9B84618}" = Cooliris for Internet Explorer
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Aiseesoft Mod Video Converter_is1" = Aiseesoft Mod Video Converter
"AKAI professional VST Collection v1.0" = AKAI professional VST Collection v1.0
"Akamai" = Akamai NetSession Interface
"Antares Autotune Evo VST RTAS_is1" = Antares Autotune Evo VST RTAS v6.0.9
"Antares Harmony Engine VST RTAS_is1" = Antares Harmony Engine VST RTAS v1.0
"Antares Tube v1.0" = Antares Tube v1.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"AVIcodec" = AVIcodec (remove only)
"AviSynth" = AviSynth 2.5
"BitComet" = BitComet 1.25
"Bitcomet Ultra Accelerator" = Bitcomet Ultra Accelerator
"Blubster" = Blubster 2.6.9
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Chromatia Tuner_is1" = Chromatia Tuner v3.4
"Clic*Pic Gallery Creator" = Clic*Pic Gallery Creator
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"db audioware Sidechain Compressor VST v1.1.0" = db audioware Sidechain Compressor VST v1.1.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD2SVCD Software Bundle_is1" = DVD2SVCD 1.2.3 Build 1
"East West EWQLSO Gold Edition" = East West EWQLSO Gold Edition
"Edirol HQ Orchestral v1.01" = Edirol HQ Orchestral v1.01
"Emicsoft Mod Converter_is1" = Emicsoft Mod Converter
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"FabFilter Timeless VST RTAS_is1" = FabFilter Timeless VST RTAS v2.00
"Fender FUSE" = Fender FUSE 2.0.0.462
"FLV Direct Player" = FLV Direct Player
"Free Metronome" = Free Metronome V.1.00
"Free MP3 WMA WAV Converter_is1" = Free MP3 WMA WAV Converter v2.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"FreeAlpha 3" = FreeAlpha 3
"Garritan Personal Orchestra" = Garritan Personal Orchestra
"Google Updater" = Google Updater
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"In-Tune Multi-Instrument Tuner v1.97_is1" = In-Tune Multi-Instrument Tuner v1.97
"iZotope Ozone 4_is1" = iZotope Ozone 4
"iZotope RX_is1" = iZotope RX
"LinPlug Organ 3 Demo" = LinPlug Organ 3 Demo
"Live 7.0.7" = Live 7.0.7
"Live 8.0.1" = Live 8.0.1
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.3 build 6
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MySpaceIM" = MySpaceIM
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Kontakt 3" = Native Instruments Kontakt 3
"Native Instruments Rig Kontrol 3 Driver" = Native Instruments Rig Kontrol 3 Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Session IO Driver" = Native Instruments Session IO Driver
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Picasa 3" = Picasa 3
"PitchPerfect" = PitchPerfect Uninstall
"Prism" = Prism Video Converter
"PSP VintageWarmer2 2.5.1 32bit" = PSP VintageWarmer2 2.5.1 32bit
"REAPER" = REAPER
"Shuangs WAV to MP3 Converter_is1" = Shuangs WAV to MP3 Converter 2.2
"Smart Defrag_is1" = Smart Defrag
"SoftSkies" = SoftSkies
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedyPC" = SpeedyPC
"Steinberg VoiceMachine v1.0" = Steinberg VoiceMachine v1.0
"Switch" = Switch
"TeraCopy_is1" = TeraCopy 2.12
"ViewpointMediaPlayer" = Viewpoint Media Player
"WhiteCap" = WhiteCap
"WildTangent CDA" = WildTangent Web Driver
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1277242936-3510254915-2159929779-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"184466066.fuse.fender.com" = Fender FUSE
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"LinPlug SaxLab 2 Demo" = LinPlug SaxLab 2 Demo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/2/2011 6:25:14 AM | Computer Name = HomoLupisStudio | Source = SPP | ID = 16387
Description =

Error - 1/2/2011 6:25:14 AM | Computer Name = HomoLupisStudio | Source = System Restore | ID = 8193
Description =

Error - 1/2/2011 6:25:14 AM | Computer Name = HomoLupisStudio | Source = System Restore | ID = 8210
Description =

Error - 1/4/2011 4:10:33 AM | Computer Name = HomoLupisStudio | Source = Windows Search Service | ID = 3013
Description =

Error - 1/4/2011 4:10:34 AM | Computer Name = HomoLupisStudio | Source = Windows Search Service | ID = 3013
Description =

Error - 1/4/2011 7:16:45 AM | Computer Name = HomoLupisStudio | Source = Windows Search Service | ID = 3013
Description =

Error - 1/4/2011 7:16:45 AM | Computer Name = HomoLupisStudio | Source = Windows Search Service | ID = 3013
Description =

Error - 1/4/2011 8:07:21 AM | Computer Name = HomoLupisStudio | Source = Windows Search Service | ID = 3013
Description =

Error - 1/4/2011 8:07:22 AM | Computer Name = HomoLupisStudio | Source = Windows Search Service | ID = 3013
Description =

Error - 1/4/2011 10:05:09 PM | Computer Name = HomoLupisStudio | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/6/2011 12:25:51 PM | Computer Name = HomoLupisStudio | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection
with the server could not be established

Error - 2/6/2011 12:25:51 PM | Computer Name = HomoLupisStudio | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection
with the server could not be established

Error - 2/6/2011 12:25:51 PM | Computer Name = HomoLupisStudio | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection
with the server could not be established

Error - 2/6/2011 12:25:51 PM | Computer Name = HomoLupisStudio | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection
with the server could not be established

Error - 2/6/2011 12:25:51 PM | Computer Name = HomoLupisStudio | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection
with the server could not be established

Error - 2/6/2011 12:33:15 PM | Computer Name = HomoLupisStudio | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efd Error description:
A connection with the server could not be established

Error - 2/6/2011 12:33:34 PM | Computer Name = HomoLupisStudio | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: HomoLupisStudio\Lycan Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection
with the server could not be established

Error - 2/6/2011 12:33:34 PM | Computer Name = HomoLupisStudio | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: HomoLupisStudio\Lycan Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection
with the server could not be established

Error - 2/6/2011 12:33:34 PM | Computer Name = HomoLupisStudio | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: HomoLupisStudio\Lycan Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection
with the server could not be established

Error - 2/6/2011 12:33:34 PM | Computer Name = HomoLupisStudio | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: HomoLupisStudio\Lycan Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efd Error description: A connection
with the server could not be established


< End of report >

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:38 AM

Posted 06 February 2011 - 11:56 AM

Hello Lycanomics,

Lets see how things are running after running these scans below.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.35,93.188.160.105
    O33 - MountPoints2\{4a4de82c-2591-11dd-b283-001e8cdfcdb1}\Shell - "" = AutoRun
    O33 - MountPoints2\{4a4de82c-2591-11dd-b283-001e8cdfcdb1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    [2009/12/16 20:49:30 | 000,000,000 | -H-- | C] () -- C:\Users\Lycan\AppData\Roaming\.10F1F49228CEB20A.sys
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:68F4226F
    @Alternate Data Stream - 1013 bytes -> C:\Users\Lycan\AppData\Local\gKYhQeQD8AVF4B:1GOwH9uYNt65QLgsv9xp5yFqEYgVY
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 Lycanomics

Lycanomics
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 06 February 2011 - 05:20 PM

Thank you. Here's the OTL Log. I'll run ComboFix this evening.


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Health Check Scheduler deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a4de82c-2591-11dd-b283-001e8cdfcdb1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a4de82c-2591-11dd-b283-001e8cdfcdb1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a4de82c-2591-11dd-b283-001e8cdfcdb1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a4de82c-2591-11dd-b283-001e8cdfcdb1}\ not found.
File F:\LaunchU3.exe -a not found.
C:\Users\Lycan\AppData\Roaming\.10F1F49228CEB20A.sys moved successfully.
ADS C:\ProgramData\TEMP:68F4226F deleted successfully.
ADS C:\Users\Lycan\AppData\Local\gKYhQeQD8AVF4B:1GOwH9uYNt65QLgsv9xp5yFqEYgVY deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lycan\Desktop\cmd.bat deleted successfully.
C:\Users\Lycan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lycan
->Temp folder emptied: 115345048 bytes
->Temporary Internet Files folder emptied: 149948157 bytes
->Java cache emptied: 143887658 bytes
->Google Chrome cache emptied: 297689893 bytes
->Apple Safari cache emptied: 21341184 bytes
->Flash cache emptied: 726766 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 183501137 bytes
RecycleBin emptied: 50263578 bytes

Total Files Cleaned = 918.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lycan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02062011_140251

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:38 AM

Posted 07 February 2011 - 09:33 AM

Hello Lycanomics,

I'll await your next reply with the ComboFix log.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:38 AM

Posted 11 February 2011 - 12:45 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users