Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant get rid of yourprofitclub ads


  • This topic is locked This topic is locked
18 replies to this topic

#1 riotburn

riotburn

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 02 April 2011 - 02:21 AM

My girlfriends computer has the yourprofitclub malware and its getting annoying. I have tried MBAM and avast both in safe mode and not but it doesnt remove it. Below is the RSIT log because DDS wouldn't dl properly. Thank you in advance for any help

Logfile of random's system information tool 1.08 (written by random/random)
Run by Amy at 2011-04-02 03:15:54
Microsoft Windows 7 Professional
System drive C: has 918 GB (96%) free of 954 GB
Total RAM: 4023 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:15:57 AM, on 4/2/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Tenda\W322P&W302P V2.0\UI.exe
C:\Program Files (x86)\Vtune\TBPANEL.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Amy\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Amy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - C:\Program Files (x86)\RegTweaker\key.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [Tenda_UI] C:\Program Files (x86)\Tenda\W322P&W302P V2.0\UI.exe /EndPrevInst /AutoHide
O4 - HKCU\..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8025 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3762412209-2655645485-641804774-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3762412209-2655645485-641804774-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}]
QuickNet BHO - C:\Program Files (x86)\RegTweaker\key.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-02-23 3451496]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Tenda_UI"=C:\Program Files (x86)\Tenda\W322P&W302P V2.0\UI.exe [2010-03-31 2283864]
"TBPanel"=C:\Program Files (x86)\Vtune\TBPanel.exe [2009-10-05 2158592]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Google Update"=C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-15 136176]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll [2009-07-13 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 2 months======

2011-04-02 03:15:55 ----D---- C:\Program Files (x86)\trend micro
2011-04-02 03:15:54 ----D---- C:\rsit
2011-04-02 02:23:37 ----SHD---- C:\$RECYCLE.BIN
2011-04-02 01:55:46 ----D---- C:\Windows\temp
2011-04-02 01:55:44 ----A---- C:\ComboFix.txt
2011-04-02 01:52:28 ----A---- C:\Windows\zip.exe
2011-04-02 01:52:28 ----A---- C:\Windows\SWSC.exe
2011-04-02 01:52:28 ----A---- C:\Windows\SWREG.exe
2011-04-02 01:52:28 ----A---- C:\Windows\sed.exe
2011-04-02 01:52:28 ----A---- C:\Windows\PEV.exe
2011-04-02 01:52:28 ----A---- C:\Windows\NIRCMD.exe
2011-04-02 01:52:28 ----A---- C:\Windows\MBR.exe
2011-04-02 01:52:28 ----A---- C:\Windows\grep.exe
2011-04-02 01:52:05 ----A---- C:\TDSSKiller.2.4.21.0_02.04.2011_01.52.05_log.txt
2011-04-02 01:51:45 ----A---- C:\Windows\SWXCACLS.exe
2011-04-02 01:51:44 ----D---- C:\32788R22FWJFW
2011-04-02 01:28:34 ----A---- C:\TDSSKiller.2.4.21.0_02.04.2011_01.28.34_log.txt
2011-04-02 01:26:31 ----A---- C:\TDSSKiller.2.4.21.0_02.04.2011_01.26.31_log.txt
2011-03-19 03:00:26 ----D---- C:\Program Files (x86)\MSXML 4.0
2011-03-18 07:02:16 ----D---- C:\Users\Amy\AppData\Roaming\HP
2011-03-17 22:46:21 ----D---- C:\ProgramData\HP Product Assistant
2011-03-17 22:46:07 ----D---- C:\Windows\SysWOW64\spool
2011-03-17 22:45:16 ----D---- C:\Program Files (x86)\Common Files\Hewlett-Packard
2011-03-17 22:45:00 ----D---- C:\Program Files (x86)\Common Files\HP
2011-03-17 22:44:07 ----D---- C:\Program Files (x86)\HP
2011-03-17 22:44:06 ----D---- C:\Config.Msi
2011-03-17 22:36:40 ----D---- C:\ProgramData\HP
2011-03-09 02:24:37 ----A---- C:\Windows\SysWOW64\DWrite.dll
2011-03-09 02:24:36 ----A---- C:\Windows\SysWOW64\d2d1.dll
2011-03-09 02:24:35 ----A---- C:\Windows\SysWOW64\sbe.dll
2011-03-09 02:24:35 ----A---- C:\Windows\SysWOW64\EncDec.dll
2011-03-09 02:24:35 ----A---- C:\Windows\SysWOW64\CPFilters.dll
2011-03-09 02:24:34 ----A---- C:\Windows\SysWOW64\mstscax.dll
2011-03-09 02:24:33 ----A---- C:\Windows\SysWOW64\mstsc.exe
2011-03-06 22:30:45 ----D---- C:\Users\Amy\AppData\Roaming\vlc
2011-03-06 12:39:52 ----D---- C:\Windows\ERDNT
2011-03-06 12:39:20 ----D---- C:\Qoobox
2011-03-06 12:31:30 ----A---- C:\Windows\SysWOW64\PARTIZAN.TXT
2011-03-06 12:26:39 ----RASHOT---- C:\Windows\winstart.bat
2011-03-06 12:26:34 ----D---- C:\Program Files (x86)\UnHackMe
2011-03-06 12:19:32 ----A---- C:\Windows\KillJobs.bat
2011-03-06 12:17:40 ----A---- C:\Windows\jt.exe
2011-03-05 13:47:46 ----A---- C:\Windows\ntbtlog.txt
2011-03-05 13:42:41 ----A---- C:\Windows\SysWOW64\aswBoot.exe
2011-03-05 13:42:40 ----D---- C:\ProgramData\AVAST Software
2011-03-02 04:00:50 ----D---- C:\Windows\SysWOW64\Wat
2011-03-01 23:20:42 ----D---- C:\Windows\Sun
2011-03-01 04:13:59 ----A---- C:\Windows\SysWOW64\wcncsvc.dll
2011-03-01 04:09:55 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2011-03-01 04:05:32 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll
2011-03-01 04:05:32 ----A---- C:\Windows\SysWOW64\PresentationHost.exe
2011-03-01 04:05:32 ----A---- C:\Windows\SysWOW64\netfxperf.dll
2011-03-01 04:05:32 ----A---- C:\Windows\SysWOW64\mscoree.dll
2011-03-01 04:05:32 ----A---- C:\Windows\SysWOW64\dfshim.dll
2011-02-28 20:15:05 ----A---- C:\Windows\SysWOW64\mshtml.dll
2011-02-28 20:15:01 ----A---- C:\Windows\SysWOW64\mstime.dll
2011-02-28 20:15:01 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2011-02-28 20:15:01 ----A---- C:\Windows\SysWOW64\iertutil.dll
2011-02-28 20:15:01 ----A---- C:\Windows\SysWOW64\iepeers.dll
2011-02-28 20:15:01 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2011-02-28 20:15:00 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2011-02-28 20:15:00 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2011-02-28 20:15:00 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2011-02-28 20:15:00 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2011-02-28 20:14:26 ----A---- C:\Windows\SysWOW64\kerberos.dll
2011-02-28 20:14:22 ----A---- C:\Windows\SysWOW64\tzres.dll
2011-02-28 20:14:22 ----A---- C:\Windows\SysWOW64\asycfilt.dll
2011-02-28 20:14:09 ----A---- C:\Windows\SysWOW64\t2embed.dll
2011-02-28 20:14:07 ----A---- C:\Windows\SysWOW64\ole32.dll
2011-02-28 20:14:02 ----A---- C:\Windows\SysWOW64\taskschd.dll
2011-02-28 20:14:02 ----A---- C:\Windows\SysWOW64\taskeng.exe
2011-02-28 20:14:02 ----A---- C:\Windows\SysWOW64\taskcomp.dll
2011-02-28 20:14:02 ----A---- C:\Windows\SysWOW64\schtasks.exe
2011-02-28 20:13:57 ----A---- C:\Windows\SysWOW64\StructuredQuery.dll
2011-02-28 20:13:54 ----A---- C:\Windows\SysWOW64\CertEnroll.dll
2011-02-28 20:13:40 ----A---- C:\Windows\SysWOW64\secproc_isv.dll
2011-02-28 20:13:40 ----A---- C:\Windows\SysWOW64\secproc.dll
2011-02-28 20:13:39 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll
2011-02-28 20:13:39 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll
2011-02-28 20:13:39 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2011-02-28 20:13:39 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe
2011-02-28 20:13:39 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe
2011-02-28 20:13:39 ----A---- C:\Windows\SysWOW64\RMActivate.exe
2011-02-28 20:13:20 ----A---- C:\Windows\SysWOW64\shell32.dll
2011-02-28 20:13:16 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2011-02-28 20:13:14 ----A---- C:\Windows\SysWOW64\psisdecd.dll
2011-02-28 20:12:56 ----A---- C:\Windows\SysWOW64\schannel.dll
2011-02-28 20:12:54 ----A---- C:\Windows\SysWOW64\comctl32.dll
2011-02-28 20:12:52 ----A---- C:\Windows\SysWOW64\ieframe.dll
2011-02-28 20:12:51 ----A---- C:\Windows\SysWOW64\urlmon.dll
2011-02-28 20:12:51 ----A---- C:\Windows\SysWOW64\upnp.dll
2011-02-28 20:12:50 ----A---- C:\Windows\SysWOW64\wscapi.dll
2011-02-28 20:12:50 ----A---- C:\Windows\SysWOW64\wininet.dll
2011-02-28 20:12:50 ----A---- C:\Windows\SysWOW64\winhttp.dll
2011-02-28 20:12:50 ----A---- C:\Windows\SysWOW64\WebClnt.dll
2011-02-28 20:12:50 ----A---- C:\Windows\SysWOW64\slwga.dll
2011-02-28 20:12:50 ----A---- C:\Windows\SysWOW64\msxml6.dll
2011-02-28 20:12:50 ----A---- C:\Windows\SysWOW64\msxml3.dll
2011-02-28 20:12:50 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2011-02-28 20:12:50 ----A---- C:\Windows\SysWOW64\ieui.dll
2011-02-28 20:12:50 ----A---- C:\Windows\SysWOW64\davclnt.dll
2011-02-28 20:12:42 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2011-02-28 20:12:40 ----A---- C:\Windows\SysWOW64\explorer.exe
2011-02-28 20:12:40 ----A---- C:\Windows\explorer.exe
2011-02-28 20:12:35 ----A---- C:\Windows\SysWOW64\wow32.dll
2011-02-28 20:12:35 ----A---- C:\Windows\SysWOW64\user.exe
2011-02-28 20:12:35 ----A---- C:\Windows\SysWOW64\setup16.exe
2011-02-28 20:12:35 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2011-02-28 20:12:35 ----A---- C:\Windows\SysWOW64\instnm.exe
2011-02-28 20:12:31 ----A---- C:\Windows\SysWOW64\rtutils.dll
2011-02-28 20:12:19 ----A---- C:\Windows\SysWOW64\XpsPrint.dll
2011-02-28 20:12:18 ----A---- C:\Windows\SysWOW64\XpsGdiConverter.dll
2011-02-28 20:12:06 ----A---- C:\Windows\SysWOW64\d3d10warp.dll
2011-02-28 20:12:05 ----A---- C:\Windows\SysWOW64\mf.dll
2011-02-28 20:12:03 ----A---- C:\Windows\SysWOW64\XpsRasterService.dll
2011-02-28 20:12:03 ----A---- C:\Windows\SysWOW64\WMVDECOD.DLL
2011-02-28 20:12:03 ----A---- C:\Windows\SysWOW64\mfreadwrite.dll
2011-02-28 20:12:03 ----A---- C:\Windows\SysWOW64\ExplorerFrame.dll
2011-02-28 20:12:03 ----A---- C:\Windows\SysWOW64\d3d10_1core.dll
2011-02-28 20:12:03 ----A---- C:\Windows\SysWOW64\d3d10_1.dll
2011-02-28 20:11:48 ----A---- C:\Windows\SysWOW64\webio.dll
2011-02-28 20:11:46 ----A---- C:\Windows\SysWOW64\iccvid.dll
2011-02-28 20:11:44 ----A---- C:\Windows\SysWOW64\jscript.dll
2011-02-28 20:11:43 ----A---- C:\Windows\SysWOW64\vbscript.dll
2011-02-28 20:11:27 ----A---- C:\Windows\SysWOW64\wmpmde.dll
2011-02-28 20:11:26 ----A---- C:\Windows\SysWOW64\tsbyuv.dll
2011-02-28 20:11:26 ----A---- C:\Windows\SysWOW64\quartz.dll
2011-02-28 20:11:26 ----A---- C:\Windows\SysWOW64\msyuv.dll
2011-02-28 20:11:26 ----A---- C:\Windows\SysWOW64\msvidc32.dll
2011-02-28 20:11:26 ----A---- C:\Windows\SysWOW64\msrle32.dll
2011-02-28 20:11:26 ----A---- C:\Windows\SysWOW64\mciavi32.dll
2011-02-28 20:11:26 ----A---- C:\Windows\SysWOW64\iyuv_32.dll
2011-02-28 20:11:26 ----A---- C:\Windows\SysWOW64\avifil32.dll
2011-02-28 20:11:11 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2011-02-28 20:11:11 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2011-02-28 20:11:11 ----A---- C:\Windows\SysWOW64\ntdll.dll
2011-02-28 20:11:01 ----A---- C:\Windows\SysWOW64\atmfd.dll
2011-02-28 20:11:00 ----A---- C:\Windows\SysWOW64\fontsub.dll
2011-02-28 20:11:00 ----A---- C:\Windows\SysWOW64\atmlib.dll
2011-02-28 20:10:50 ----A---- C:\Windows\SysWOW64\sspicli.dll
2011-02-28 20:10:50 ----A---- C:\Windows\SysWOW64\secur32.dll
2011-02-28 20:10:35 ----A---- C:\Windows\SysWOW64\mfc40u.dll
2011-02-28 20:10:35 ----A---- C:\Windows\SysWOW64\mfc40.dll
2011-02-28 20:10:31 ----A---- C:\Windows\SysWOW64\msasn1.dll
2011-02-28 20:10:29 ----A---- C:\Windows\SysWOW64\wmp.dll
2011-02-28 20:10:28 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2011-02-28 20:10:22 ----A---- C:\Windows\SysWOW64\odbc32.dll
2011-02-28 20:10:17 ----A---- C:\Windows\SysWOW64\sscore.dll
2011-02-27 23:37:58 ----A---- C:\Windows\SysWOW64\srvany.exe
2011-02-27 23:27:18 ----D---- C:\Windows\PCHEALTH
2011-02-27 23:27:18 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-02-27 23:26:12 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-02-27 23:25:45 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2011-02-27 23:25:17 ----D---- C:\Program Files (x86)\Microsoft Office
2011-02-27 23:25:11 ----D---- C:\ProgramData\Microsoft Help
2011-02-27 23:25:00 ----RD---- C:\MSOCache
2011-02-27 21:33:53 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-02-27 21:33:24 ----D---- C:\Users\Amy\AppData\Roaming\DAEMON Tools Lite
2011-02-27 21:33:24 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-02-27 21:32:39 ----D---- C:\Windows\Prefetch
2011-02-27 21:32:11 ----ASH---- C:\pagefile.sys
2011-02-27 21:32:10 ----SHD---- C:\System Volume Information
2011-02-27 21:32:10 ----ASH---- C:\hiberfil.sys
2011-02-27 21:31:28 ----D---- C:\Windows\Panther
2011-02-27 19:45:30 ----D---- C:\Users\Amy\AppData\Roaming\Azureus
2011-02-27 19:45:10 ----D---- C:\Program Files (x86)\Vuze
2011-02-27 19:43:42 ----D---- C:\Users\Amy\AppData\Roaming\Macromedia
2011-02-27 19:43:38 ----D---- C:\Users\Amy\AppData\Roaming\Adobe
2011-02-27 19:42:03 ----D---- C:\Users\Amy\AppData\Roaming\Mozilla
2011-02-27 19:32:00 ----A---- C:\Windows\SysWOW64\wintrust.dll
2011-02-27 19:31:59 ----A---- C:\Windows\SysWOW64\cabview.dll
2011-02-27 19:19:58 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2011-02-27 19:19:18 ----D---- C:\Users\Amy\AppData\Roaming\Malwarebytes
2011-02-27 19:19:18 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2011-02-27 19:19:17 ----D---- C:\ProgramData\Malwarebytes
2011-02-27 19:19:15 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-27 19:18:55 ----D---- C:\Program Files (x86)\Common Files\Adobe
2011-02-27 19:18:55 ----D---- C:\Program Files (x86)\Adobe
2011-02-27 19:18:45 ----D---- C:\ProgramData\Adobe
2011-02-27 19:17:48 ----D---- C:\Users\Amy\AppData\Roaming\Digsby
2011-02-27 19:17:48 ----D---- C:\ProgramData\Digsby
2011-02-27 19:17:41 ----D---- C:\Program Files (x86)\Digsby
2011-02-27 19:17:11 ----D---- C:\Program Files (x86)\VideoLAN
2011-02-27 19:16:53 ----D---- C:\ProgramData\Sun
2011-02-27 19:16:53 ----D---- C:\Program Files (x86)\Common Files\Java
2011-02-27 19:16:47 ----A---- C:\Windows\SysWOW64\javaws.exe
2011-02-27 19:16:47 ----A---- C:\Windows\SysWOW64\javaw.exe
2011-02-27 19:16:47 ----A---- C:\Windows\SysWOW64\java.exe
2011-02-27 19:16:47 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2011-02-27 19:16:45 ----D---- C:\Program Files (x86)\Java
2011-02-27 19:16:14 ----D---- C:\Windows\SysWOW64\Macromed
2011-02-27 19:16:11 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-02-27 19:06:41 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-02-27 19:06:41 ----A---- C:\Windows\SysWOW64\results.txt
2011-02-27 19:06:29 ----D---- C:\ProgramData\NVIDIA
2011-02-27 19:06:07 ----D---- C:\Windows\SysWOW64\AGEIA
2011-02-27 19:06:07 ----D---- C:\Program Files (x86)\AGEIA Technologies
2011-02-27 19:05:47 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-02-27 19:04:43 ----A---- C:\Windows\SysWOW64\XAudio2_5.dll
2011-02-27 19:04:43 ----A---- C:\Windows\SysWOW64\xactengine3_5.dll
2011-02-27 19:04:42 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll
2011-02-27 19:04:42 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll
2011-02-27 19:04:42 ----A---- C:\Windows\SysWOW64\d3dx10_42.dll
2011-02-27 19:04:42 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll
2011-02-27 19:04:42 ----A---- C:\Windows\SysWOW64\d3dcsx_42.dll
2011-02-27 19:04:42 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll
2011-02-27 19:04:42 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll
2011-02-27 19:04:41 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll
2011-02-27 19:04:41 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll
2011-02-27 19:04:41 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll
2011-02-27 19:04:41 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll
2011-02-27 19:04:41 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll
2011-02-27 19:04:41 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll
2011-02-27 19:04:41 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll
2011-02-27 19:04:41 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll
2011-02-27 19:04:41 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll
2011-02-27 19:04:41 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2011-02-27 19:04:41 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2011-02-27 19:04:41 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2011-02-27 19:04:40 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll
2011-02-27 19:04:40 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2011-02-27 19:04:40 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll
2011-02-27 19:04:40 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2011-02-27 19:04:40 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2011-02-27 19:04:40 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2011-02-27 19:04:40 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2011-02-27 19:04:40 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2011-02-27 19:04:40 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2011-02-27 19:04:40 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2011-02-27 19:04:39 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2011-02-27 19:04:39 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2011-02-27 19:04:39 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2011-02-27 19:04:39 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2011-02-27 19:04:39 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2011-02-27 19:04:39 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2011-02-27 19:04:39 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2011-02-27 19:04:39 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2011-02-27 19:04:39 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2011-02-27 19:04:39 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2011-02-27 19:04:38 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2011-02-27 19:04:38 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2011-02-27 19:04:38 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2011-02-27 19:04:38 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2011-02-27 19:04:38 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2011-02-27 19:04:38 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2011-02-27 19:04:38 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2011-02-27 19:04:37 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2011-02-27 19:04:37 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2011-02-27 19:04:37 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2011-02-27 19:04:37 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2011-02-27 19:04:37 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2011-02-27 19:04:37 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2011-02-27 19:04:37 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2011-02-27 19:04:37 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2011-02-27 19:04:37 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2011-02-27 19:04:37 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2011-02-27 19:04:36 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2011-02-27 19:04:36 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2011-02-27 19:04:36 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2011-02-27 19:04:36 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2011-02-27 19:04:36 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2011-02-27 19:04:36 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll
2011-02-27 19:04:36 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2011-02-27 19:04:36 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2011-02-27 19:04:35 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2011-02-27 19:04:35 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2011-02-27 19:04:35 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2011-02-27 19:04:35 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2011-02-27 19:04:34 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2011-02-27 19:04:34 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2011-02-27 19:04:34 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2011-02-27 19:04:34 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2011-02-27 19:04:34 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2011-02-27 19:04:34 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2011-02-27 19:04:33 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2011-02-27 19:04:33 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2011-02-27 19:04:33 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2011-02-27 19:03:03 ----D---- C:\Program Files (x86)\Vtune
2011-02-27 19:03:03 ----A---- C:\Windows\SysWOW64\drivers\TBPanelx64.sys
2011-02-27 18:57:34 ----SHD---- C:\Windows\Installer
2011-02-27 18:57:09 ----D---- C:\Program Files (x86)\Tenda
2011-02-27 18:56:48 ----D---- C:\Users\Amy\AppData\Roaming\InstallShield
2011-02-27 18:55:12 ----D---- C:\Windows\SysWOW64\RTCOM
2011-02-27 18:55:05 ----HD---- C:\Program Files (x86)\Temp
2011-02-27 18:55:03 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2011-02-27 18:54:11 ----D---- C:\Program Files (x86)\Realtek
2011-02-27 18:54:10 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-02-27 18:53:27 ----D---- C:\Program Files (x86)\Intel
2011-02-27 18:53:27 ----A---- C:\Windows\SysWOW64\CSVer.dll
2011-02-27 18:53:22 ----D---- C:\Intel
2011-02-27 18:52:49 ----RA---- C:\Windows\SysWOW64\drivers\BIOS64.sys
2011-02-27 18:40:01 ----D---- C:\Users\Amy\AppData\Roaming\Identities
2011-02-27 18:39:52 ----SD---- C:\Users\Amy\AppData\Roaming\Microsoft
2011-02-27 18:39:52 ----D---- C:\Users\Amy\AppData\Roaming\Media Center Programs
2011-02-27 18:39:43 ----D---- C:\Recovery
2011-02-27 18:39:09 ----D---- C:\Windows\SoftwareDistribution

======List of files/folders modified in the last 2 months======

2011-04-02 03:15:55 ----RD---- C:\Program Files (x86)
2011-04-02 02:58:44 ----D---- C:\Windows\SysWOW64\drivers
2011-04-02 02:58:43 ----D---- C:\Windows\SysWOW64
2011-04-02 02:55:58 ----D---- C:\Windows\System32
2011-04-02 02:55:58 ----D---- C:\Windows\inf
2011-04-02 02:53:59 ----A---- C:\Windows\win.ini
2011-04-02 01:55:46 ----D---- C:\Windows
2011-04-02 01:54:48 ----A---- C:\Windows\system.ini
2011-04-02 01:53:51 ----D---- C:\Windows\AppPatch
2011-04-02 01:53:50 ----D---- C:\Program Files (x86)\Common Files
2011-03-20 03:00:32 ----D---- C:\Windows\winsxs
2011-03-17 22:46:25 ----RSD---- C:\Windows\Fonts
2011-03-17 22:46:21 ----D---- C:\ProgramData
2011-03-17 22:45:23 ----D---- C:\Windows\twain_32
2011-03-17 22:43:19 ----RD---- C:\Program Files
2011-03-15 20:58:47 ----D---- C:\Windows\Tasks
2011-03-06 14:31:56 ----D---- C:\Windows\registration
2011-03-06 14:31:53 ----RD---- C:\Users
2011-03-06 12:27:40 ----SD---- C:\ProgramData\Microsoft
2011-03-04 08:46:44 ----RSD---- C:\Windows\assembly
2011-03-04 08:46:44 ----D---- C:\Windows\Microsoft.NET
2011-03-03 04:01:01 ----D---- C:\Windows\SysWOW64\en-US
2011-03-01 08:08:33 ----D---- C:\Windows\rescache
2011-03-01 04:30:52 ----D---- C:\Program Files (x86)\Internet Explorer
2011-03-01 04:30:50 ----D---- C:\Windows\SysWOW64\migration
2011-03-01 04:30:50 ----D---- C:\Windows\ehome
2011-03-01 04:30:50 ----D---- C:\Program Files (x86)\Windows Mail
2011-03-01 04:30:47 ----D---- C:\Program Files (x86)\Windows Media Player
2011-02-27 23:28:22 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2011-02-27 23:28:13 ----D---- C:\Windows\ShellNew
2011-02-27 23:27:30 ----D---- C:\Program Files (x86)\MSBuild
2011-02-27 21:37:03 ----D---- C:\Windows\debug
2011-02-27 21:32:35 ----D---- C:\Windows\CSC
2011-02-27 20:41:54 ----D---- C:\Windows\Logs
2011-02-27 19:06:24 ----D---- C:\Windows\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 BIOS;BIOS; \??\C:\Windows\system32\drivers\BIOS64.sys [2006-10-31 14136]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R3 Cardex;Cardex; \??\C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [2007-03-16 15648]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S2 TBPanel;TBPanel; C:\Windows\SysWOW64\drivers\TBPanel.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-02-23 42184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 KMService;KMService; C:\Windows\system32\srvany.exe [2011-02-27 8192]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

EDIT: Please be patient. There are over 250 unanswered topics in this forum at present and the current average wait time to receive help is 5-6 days. ~BP

Edited by Budapest, 03 April 2011 - 04:15 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:41 AM

Posted 06 April 2011 - 09:21 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 riotburn

riotburn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 06 April 2011 - 10:17 PM

Thank you for getting back. The computer is running Windows 7 64bit, I believe its home premium.

OTL Report:

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {2ea8ca89-28c8-f468-356e-e621021aa713}:4.6.7.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51



[2011/03/06 13:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Extensions
[2011/04/02 19:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\birnjg7o.default\extensions
[2011/03/06 14:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\birnjg7o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/06 13:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\w60qct3a.default\extensions
[2011/04/05 07:51:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/01 04:48:54 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{2ea8ca89-28c8-f468-356e-e621021aa713}
[2011/02/27 19:16:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/17 22:47:06 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/02/27 19:16:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/03 19:55:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-3762412209-2655645485-641804774-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3762412209-2655645485-641804774-1000..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKU\S-1-5-21-3762412209-2655645485-641804774-1000..\Run: [Tenda_UI] C:\Program Files (x86)\Tenda\W322P&W302P V2.0\UI.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\##aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3762412209-2655645485-641804774-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3762412209-2655645485-641804774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3762412209-2655645485-641804774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:41 AM

Posted 07 April 2011 - 04:47 AM

Hi,

it seems you only posted part of the log, could you please repost the entire log.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 riotburn

riotburn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 07 April 2011 - 05:35 PM

sorry about that here it is:

OTL logfile created on: 4/7/2011 6:29:31 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Amy\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 896.07 Gb Free Space | 96.20% Space Free | Partition Type: NTFS

Computer Name: AMY-PC | User Name: Amy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/06 20:52:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
PRC - [2011/03/26 19:26:09 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 11:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/31 20:02:42 | 002,283,864 | ---- | M] () -- C:\Program Files (x86)\Tenda\W322P&W302P V2.0\UI.exe
PRC - [2009/10/05 19:05:12 | 002,158,592 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe


========== Modules (SafeList) ==========

MOD - [2011/04/06 20:52:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
MOD - [2011/02/23 11:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/02/27 23:37:37 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/27 21:33:59 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/02/23 10:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/02/05 21:15:44 | 000,920,864 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2006/10/31 03:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV - [2007/03/16 11:11:20 | 000,015,648 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)
DRV - [2006/10/31 03:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========




IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3762412209-2655645485-641804774-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3762412209-2655645485-641804774-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 A6 90 70 05 F1 CB 01 [binary data]
IE - HKU\S-1-5-21-3762412209-2655645485-641804774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {2ea8ca89-28c8-f468-356e-e621021aa713}:4.6.7.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51



[2011/03/06 13:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Extensions
[2011/04/02 19:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\birnjg7o.default\extensions
[2011/03/06 14:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\birnjg7o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/06 13:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\w60qct3a.default\extensions
[2011/04/05 07:51:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/01 04:48:54 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{2ea8ca89-28c8-f468-356e-e621021aa713}
[2011/02/27 19:16:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/17 22:47:06 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/02/27 19:16:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/03 19:55:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-3762412209-2655645485-641804774-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3762412209-2655645485-641804774-1000..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKU\S-1-5-21-3762412209-2655645485-641804774-1000..\Run: [Tenda_UI] C:\Program Files (x86)\Tenda\W322P&W302P V2.0\UI.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\##aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3762412209-2655645485-641804774-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3762412209-2655645485-641804774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3762412209-2655645485-641804774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/06 20:52:06 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2011/04/05 22:02:54 | 080,298,280 | ---- | C] (Apple Inc.) -- C:\Users\Amy\Desktop\iTunesSetup.exe
[2011/04/03 19:55:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/03 19:51:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/03 19:51:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/02 03:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2011/04/02 03:15:54 | 000,000,000 | ---D | C] -- C:\rsit
[2011/04/02 01:55:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/02 01:52:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/02 01:52:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/02 01:52:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/02 01:26:16 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Amy\Desktop\TDSSKiller.exe
[2011/03/19 03:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/03/18 07:02:16 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\HP
[2011/03/17 22:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/03/17 22:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/03/17 22:46:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011/03/17 22:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/03/17 22:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/03/17 22:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/03/17 22:44:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/03/17 22:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/03/17 22:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/03/17 22:36:20 | 000,861,184 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpowiav1.dll
[2011/03/17 22:36:20 | 000,730,624 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpotscl1.dll
[2011/03/17 22:36:20 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2011/03/17 22:36:20 | 000,498,176 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpovst01.dll
[2011/03/15 21:02:07 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/15 20:58:46 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\Google
[2011/03/15 20:58:37 | 000,568,688 | ---- | C] (Google Inc.) -- C:\Users\Amy\Desktop\ChromeSetup.exe
[2011/03/09 02:24:37 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/03/09 02:24:36 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/03/09 02:24:36 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/03/09 02:24:36 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/03/09 02:24:35 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/03/09 02:24:35 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/03/09 02:24:35 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/03/09 02:24:35 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/03/09 02:24:35 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/03/09 02:24:35 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/03/09 02:24:35 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/09 02:24:35 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/03/09 02:24:34 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/03/09 02:24:34 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/09 02:24:33 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/03/09 02:24:33 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe

========== Files - Modified Within 30 Days ==========

[2011/04/07 18:20:33 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3762412209-2655645485-641804774-1000UA.job
[2011/04/07 18:20:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/07 07:31:27 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/07 07:31:27 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/06 21:03:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3762412209-2655645485-641804774-1000Core.job
[2011/04/06 20:52:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2011/04/05 22:12:51 | 080,298,280 | ---- | M] (Apple Inc.) -- C:\Users\Amy\Desktop\iTunesSetup.exe
[2011/04/04 22:27:40 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/04 22:27:40 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/04 22:27:40 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/03 19:55:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/03 19:55:22 | 3163,906,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/03 19:50:59 | 004,312,954 | R--- | M] () -- C:\Users\Amy\Desktop\ComboFix.exe
[2011/04/02 12:55:22 | 000,133,632 | ---- | M] () -- C:\Users\Amy\Desktop\RKUnhookerLE.EXE
[2011/04/02 03:15:42 | 000,339,991 | ---- | M] () -- C:\Users\Amy\Desktop\RSIT.exe
[2011/03/26 19:21:53 | 000,416,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/26 15:03:37 | 000,002,385 | ---- | M] () -- C:\Users\Amy\Desktop\Google Chrome.lnk
[2011/03/18 17:32:28 | 000,010,407 | ---- | M] () -- C:\Users\Amy\Desktop\HP Installation Failure 28.hta
[2011/03/17 22:47:11 | 000,221,231 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011/03/17 22:46:56 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/03/17 22:46:19 | 000,001,315 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/03/17 22:46:13 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/03/17 22:45:50 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/03/17 22:31:15 | 380,301,136 | ---- | M] () -- C:\Users\Amy\Desktop\AIO_CDB_NonNet_Full_Win_WW_130_141(2).exe
[2011/03/15 20:58:37 | 000,568,688 | ---- | M] (Google Inc.) -- C:\Users\Amy\Desktop\ChromeSetup.exe
[2011/03/13 19:19:47 | 001,020,756 | ---- | M] () -- C:\Users\Amy\Desktop\SPRINT_VVM-signed.zip
[2011/03/13 01:06:29 | 005,817,989 | ---- | M] () -- C:\Users\Amy\Desktop\gapps-gb-20110307-signed.zip
[2011/03/13 01:00:32 | 001,845,231 | ---- | M] () -- C:\Users\Amy\Desktop\com.android.vending-2.apk
[2011/03/12 23:56:09 | 087,340,585 | R--- | M] () -- C:\Users\Amy\Desktop\update-cm-7.0.0-RC2-Supersonic-signed.zip
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Amy\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2011/04/02 12:55:19 | 000,133,632 | ---- | C] () -- C:\Users\Amy\Desktop\RKUnhookerLE.EXE
[2011/04/02 03:15:41 | 000,339,991 | ---- | C] () -- C:\Users\Amy\Desktop\RSIT.exe
[2011/04/02 01:52:28 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/02 01:52:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/02 01:52:28 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/02 01:52:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/02 01:52:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/18 17:32:28 | 000,010,407 | ---- | C] () -- C:\Users\Amy\Desktop\HP Installation Failure 28.hta
[2011/03/17 22:46:56 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/03/17 22:46:31 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/03/17 22:46:19 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/03/17 22:46:13 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/03/17 22:45:50 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/03/17 22:41:14 | 000,221,231 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/03/17 22:41:14 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/03/17 22:23:38 | 380,301,136 | ---- | C] () -- C:\Users\Amy\Desktop\AIO_CDB_NonNet_Full_Win_WW_130_141(2).exe
[2011/03/15 21:02:08 | 000,002,385 | ---- | C] () -- C:\Users\Amy\Desktop\Google Chrome.lnk
[2011/03/15 20:58:47 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3762412209-2655645485-641804774-1000UA.job
[2011/03/15 20:58:46 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3762412209-2655645485-641804774-1000Core.job
[2011/03/13 19:19:46 | 001,020,756 | ---- | C] () -- C:\Users\Amy\Desktop\SPRINT_VVM-signed.zip
[2011/03/13 01:06:25 | 005,817,989 | ---- | C] () -- C:\Users\Amy\Desktop\gapps-gb-20110307-signed.zip
[2011/03/13 01:00:29 | 001,845,231 | ---- | C] () -- C:\Users\Amy\Desktop\com.android.vending-2.apk
[2011/03/12 23:56:09 | 087,340,585 | R--- | C] () -- C:\Users\Amy\Desktop\update-cm-7.0.0-RC2-Supersonic-signed.zip
[2011/02/27 23:37:58 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/02/27 19:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/27 19:19:58 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/27 18:59:06 | 000,000,829 | ---- | C] () -- C:\Users\Amy\AppData\Local\RT2860_{44E4DA74-FB92-4264-98CE-4C08E105A440}_sta
[2011/02/27 18:59:06 | 000,000,825 | ---- | C] () -- C:\Users\Amy\AppData\Local\RT2860_{44E4DA74-FB92-4264-98CE-4C08E105A440}_prof
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:41 AM

Posted 07 April 2011 - 06:02 PM

Hi,

please run a scan with gooredfix next:
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 riotburn

riotburn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 08 April 2011 - 11:55 PM

Results from goored scan, though it seems short:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 00:54 on 09/04/2011 (Amy)
Firefox version 3.6.16 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{2ea8ca89-28c8-f468-356e-e621021aa713} [08:48 01/03/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:08 06/03/2011]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [23:16 27/02/2011]

C:\Users\Amy\Application Data\Mozilla\Firefox\Profiles\birnjg7o.default\extensions\
{ba14329e-9550-4989-b3f2-9732e92d17cc} [23:43 27/02/2011]

C:\Users\Amy\Application Data\Mozilla\Firefox\Profiles\w60qct3a.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [02:47 18/03/2011]

-=E.O.F=-

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:41 AM

Posted 09 April 2011 - 09:27 AM

Hi,

it seems gooredfix didn't see the infection, please run this script then:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    FF - prefs.js..extensions.enabledItems: {2ea8ca89-28c8-f468-356e-e621021aa713}:4.6.7.4
    [2011/03/01 04:48:54 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{2ea8ca89-28c8-f468-356e-e621021aa713}
    :files
    C:\Windows\tasks\at*.job
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 riotburn

riotburn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 09 April 2011 - 11:38 AM

Report from Fix:
========== OTL ==========
C:\Program Files (x86)\Mozilla Firefox\extensions\{2ea8ca89-28c8-f468-356e-e621021aa713}\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{2ea8ca89-28c8-f468-356e-e621021aa713}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{2ea8ca89-28c8-f468-356e-e621021aa713} folder moved successfully.
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.

OTL by OldTimer - Version 3.2.22.3 log created on 04092011_123305

Report from Scan:

OTL logfile created on: 4/9/2011 12:33:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Amy\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 895.96 Gb Free Space | 96.19% Space Free | Partition Type: NTFS

Computer Name: AMY-PC | User Name: Amy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Amy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Tenda\W322P&W302P V2.0\UI.exe ()
PRC - C:\Program Files (x86)\Vtune\TBPANEL.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Amy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\mssprxy.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (BIOS) -- C:\Windows\SysNative\drivers\BIOS64.sys (BIOSTAR Group)
DRV - (Cardex) -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys (Windows ® Server 2003 DDK provider)
DRV - (BIOS) -- C:\Windows\SysWOW64\drivers\BIOS64.sys (BIOSTAR Group)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 A6 90 70 05 F1 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/17 22:47:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/02 19:47:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/26 19:26:12 | 000,000,000 | ---D | M]

[2011/03/06 13:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Extensions
[2011/03/06 13:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/02 19:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\birnjg7o.default\extensions
[2011/03/06 14:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\birnjg7o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/06 13:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\w60qct3a.default\extensions
[2011/04/09 12:33:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/26 19:26:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/02/27 19:16:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/17 22:47:06 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/03/26 19:26:08 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2011/03/26 19:26:08 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2011/02/27 19:16:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/26 19:26:10 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2011/01/30 11:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2011/03/26 19:26:10 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011/03/26 19:26:10 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2011/03/26 19:26:10 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/03/26 19:26:10 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2011/03/26 19:26:10 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2011/03/26 19:26:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2011/03/26 19:26:10 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/04/03 19:55:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (QuickNet BHO) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [Tenda_UI] C:\Program Files (x86)\Tenda\W322P&W302P V2.0\UI.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/09 12:33:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/09 00:54:14 | 000,000,000 | ---D | C] -- C:\Users\Amy\Desktop\GooredFix Backups
[2011/04/09 00:53:31 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Amy\Desktop\GooredFix.exe
[2011/04/06 20:52:06 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2011/04/05 22:02:54 | 080,298,280 | ---- | C] (Apple Inc.) -- C:\Users\Amy\Desktop\iTunesSetup.exe
[2011/04/03 19:55:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/03 19:51:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/03 19:51:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/02 03:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2011/04/02 03:15:54 | 000,000,000 | ---D | C] -- C:\rsit
[2011/04/02 01:55:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/02 01:52:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/02 01:52:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/02 01:52:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/02 01:26:16 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Amy\Desktop\TDSSKiller.exe
[2011/03/19 03:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/03/18 07:02:16 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\HP
[2011/03/17 22:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/03/17 22:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/03/17 22:46:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011/03/17 22:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/03/17 22:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/03/17 22:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/03/17 22:44:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/03/17 22:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/03/17 22:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/03/17 22:36:20 | 000,861,184 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpowiav1.dll
[2011/03/17 22:36:20 | 000,730,624 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpotscl1.dll
[2011/03/17 22:36:20 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2011/03/17 22:36:20 | 000,498,176 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpovst01.dll
[2011/03/15 21:02:07 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/15 20:58:46 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\Google
[2011/03/15 20:58:37 | 000,568,688 | ---- | C] (Google Inc.) -- C:\Users\Amy\Desktop\ChromeSetup.exe

========== Files - Modified Within 30 Days ==========

[2011/04/09 12:12:16 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3762412209-2655645485-641804774-1000UA.job
[2011/04/09 12:12:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/09 00:53:32 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Amy\Desktop\GooredFix.exe
[2011/04/08 21:58:41 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3762412209-2655645485-641804774-1000Core.job
[2011/04/07 07:31:27 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/07 07:31:27 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/06 20:52:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe
[2011/04/05 22:12:51 | 080,298,280 | ---- | M] (Apple Inc.) -- C:\Users\Amy\Desktop\iTunesSetup.exe
[2011/04/04 22:27:40 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/04 22:27:40 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/04 22:27:40 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/03 19:55:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/03 19:55:22 | 3163,906,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/03 19:50:59 | 004,312,954 | R--- | M] () -- C:\Users\Amy\Desktop\ComboFix.exe
[2011/04/02 12:55:22 | 000,133,632 | ---- | M] () -- C:\Users\Amy\Desktop\RKUnhookerLE.EXE
[2011/04/02 03:15:42 | 000,339,991 | ---- | M] () -- C:\Users\Amy\Desktop\RSIT.exe
[2011/03/26 19:21:53 | 000,416,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/26 15:03:37 | 000,002,385 | ---- | M] () -- C:\Users\Amy\Desktop\Google Chrome.lnk
[2011/03/18 17:32:28 | 000,010,407 | ---- | M] () -- C:\Users\Amy\Desktop\HP Installation Failure 28.hta
[2011/03/17 22:47:11 | 000,221,231 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011/03/17 22:46:56 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/03/17 22:46:19 | 000,001,315 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/03/17 22:46:13 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/03/17 22:45:50 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/03/17 22:31:15 | 380,301,136 | ---- | M] () -- C:\Users\Amy\Desktop\AIO_CDB_NonNet_Full_Win_WW_130_141(2).exe
[2011/03/15 20:58:37 | 000,568,688 | ---- | M] (Google Inc.) -- C:\Users\Amy\Desktop\ChromeSetup.exe
[2011/03/13 19:19:47 | 001,020,756 | ---- | M] () -- C:\Users\Amy\Desktop\SPRINT_VVM-signed.zip
[2011/03/13 01:06:29 | 005,817,989 | ---- | M] () -- C:\Users\Amy\Desktop\gapps-gb-20110307-signed.zip
[2011/03/13 01:00:32 | 001,845,231 | ---- | M] () -- C:\Users\Amy\Desktop\com.android.vending-2.apk
[2011/03/12 23:56:09 | 087,340,585 | R--- | M] () -- C:\Users\Amy\Desktop\update-cm-7.0.0-RC2-Supersonic-signed.zip

========== Files Created - No Company Name ==========

[2011/04/02 12:55:19 | 000,133,632 | ---- | C] () -- C:\Users\Amy\Desktop\RKUnhookerLE.EXE
[2011/04/02 03:15:41 | 000,339,991 | ---- | C] () -- C:\Users\Amy\Desktop\RSIT.exe
[2011/04/02 01:52:28 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/02 01:52:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/02 01:52:28 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/02 01:52:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/02 01:52:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/18 17:32:28 | 000,010,407 | ---- | C] () -- C:\Users\Amy\Desktop\HP Installation Failure 28.hta
[2011/03/17 22:46:56 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/03/17 22:46:31 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/03/17 22:46:19 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/03/17 22:46:13 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/03/17 22:45:50 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/03/17 22:41:14 | 000,221,231 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/03/17 22:41:14 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/03/17 22:23:38 | 380,301,136 | ---- | C] () -- C:\Users\Amy\Desktop\AIO_CDB_NonNet_Full_Win_WW_130_141(2).exe
[2011/03/15 21:02:08 | 000,002,385 | ---- | C] () -- C:\Users\Amy\Desktop\Google Chrome.lnk
[2011/03/15 20:58:47 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3762412209-2655645485-641804774-1000UA.job
[2011/03/15 20:58:46 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3762412209-2655645485-641804774-1000Core.job
[2011/03/13 19:19:46 | 001,020,756 | ---- | C] () -- C:\Users\Amy\Desktop\SPRINT_VVM-signed.zip
[2011/03/13 01:06:25 | 005,817,989 | ---- | C] () -- C:\Users\Amy\Desktop\gapps-gb-20110307-signed.zip
[2011/03/13 01:00:29 | 001,845,231 | ---- | C] () -- C:\Users\Amy\Desktop\com.android.vending-2.apk
[2011/03/12 23:56:09 | 087,340,585 | R--- | C] () -- C:\Users\Amy\Desktop\update-cm-7.0.0-RC2-Supersonic-signed.zip
[2011/02/27 23:37:58 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/02/27 19:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/27 19:19:58 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/27 18:59:06 | 000,000,829 | ---- | C] () -- C:\Users\Amy\AppData\Local\RT2860_{44E4DA74-FB92-4264-98CE-4C08E105A440}_sta
[2011/02/27 18:59:06 | 000,000,825 | ---- | C] () -- C:\Users\Amy\AppData\Local\RT2860_{44E4DA74-FB92-4264-98CE-4C08E105A440}_prof
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

Extras file:
OTL Extras logfile created on: 4/9/2011 12:33:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Amy\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 895.96 Gb Free Space | 96.19% Space Free | Partition Type: NTFS

Computer Name: AMY-PC | User Name: Amy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66331CF9-054E-40FB-BBD2-FD8945EF7D9F}" = W322P&W302P V2.0
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digsby" = Digsby
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"VLC media player" = VLC media player 1.1.7
"Vtune_is1" = Vtune 7.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/30/2011 9:11:11 PM | Computer Name = Amy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hpqdirec.exe, version: 130.0.44.62, time
stamp: 0x4a0c0922 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time
stamp: 0x4cc7ab86 Exception code: 0xc0000005 Fault offset: 0x0003bb30 Faulting process
id: 0xf54 Faulting application start time: 0x01cbef3aea5bd1be Faulting application
path: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqdirec.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: c3773240-5b33-11e0-be29-00306767db5d

Error - 4/2/2011 1:15:28 AM | Computer Name = Amy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AvastUI.exe, version: 6.0.999.0, time stamp:
0x4d6520d4 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp:
0x4cc7ab86 Exception code: 0xc015000f Fault offset: 0x00084441 Faulting process id:
0xc14 Faulting application start time: 0x01cbec0d17033ee5 Faulting application path:
C:\Program Files\AVAST Software\Avast\AvastUI.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 390526d3-5ce8-11e0-be29-00306767db5d

Error - 4/2/2011 1:15:33 AM | Computer Name = Amy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AvastUI.exe, version: 6.0.999.0, time stamp:
0x4d6520d4 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp:
0x4cc7ab86 Exception code: 0xc0150010 Fault offset: 0x000845fb Faulting process id:
0xc14 Faulting application start time: 0x01cbec0d17033ee5 Faulting application path:
C:\Program Files\AVAST Software\Avast\AvastUI.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 3b882303-5ce8-11e0-be29-00306767db5d

Error - 4/2/2011 1:52:34 AM | Computer Name = Amy-PC | Source = VSS | ID = 18
Description =

Error - 4/2/2011 1:52:34 AM | Computer Name = Amy-PC | Source = VSS | ID = 8193
Description =

Error - 4/2/2011 1:52:34 AM | Computer Name = Amy-PC | Source = System Restore | ID = 8193
Description =

Error - 4/4/2011 9:27:32 PM | Computer Name = Amy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 1.9.2.4095,
time stamp: 0x4d852c62 Faulting module name: ntdll.dll, version: 6.1.7600.16695,
time stamp: 0x4cc7ab86 Exception code: 0xc0000005 Fault offset: 0x00022262 Faulting
process id: 0xfe0 Faulting application start time: 0x01cbf32ae8ce5b96 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: e0452328-5f23-11e0-870a-00306767db5d

Error - 4/9/2011 8:53:37 AM | Computer Name = Amy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.4095, time
stamp: 0x4d852c95 Faulting module name: df524d29.dll, version: 0.0.0.0, time stamp:
0x4d5a8666 Exception code: 0xc0000409 Fault offset: 0x0004aca7 Faulting process id:
0x16cc Faulting application start time: 0x01cbf6723d453de6 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\extensions\{2ea8ca89-28c8-f468-356e-e621021aa713}\components\df524d29.dll
Report
Id: 621b3876-62a8-11e0-870a-00306767db5d

Error - 4/9/2011 8:53:39 AM | Computer Name = Amy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 1.9.2.4095,
time stamp: 0x4d852c62 Faulting module name: ntdll.dll, version: 6.1.7600.16695,
time stamp: 0x4cc7ab86 Exception code: 0xc0000005 Fault offset: 0x00022262 Faulting
process id: 0x10f0 Faulting application start time: 0x01cbf672404ea2a8 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 6359361a-62a8-11e0-870a-00306767db5d

Error - 4/9/2011 9:23:10 AM | Computer Name = Amy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.4095, time
stamp: 0x4d852c95 Faulting module name: df524d29.dll, version: 0.0.0.0, time stamp:
0x4d5a8666 Exception code: 0xc0000409 Fault offset: 0x0004aca7 Faulting process id:
0x1260 Faulting application start time: 0x01cbf6b92cb7776a Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\extensions\{2ea8ca89-28c8-f468-356e-e621021aa713}\components\df524d29.dll
Report
Id: 830f9269-62ac-11e0-870a-00306767db5d

[ System Events ]
Error - 4/2/2011 2:51:51 AM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7000
Description = The TBPanel service failed to start due to the following error: %%2

Error - 4/2/2011 2:51:52 AM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Partizan

Error - 4/2/2011 5:15:19 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 4/3/2011 7:50:32 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
time(s).

Error - 4/3/2011 7:50:32 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/3/2011 7:53:15 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/3/2011 7:54:29 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/3/2011 7:54:33 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/3/2011 7:54:43 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 4/3/2011 7:55:35 PM | Computer Name = Amy-PC | Source = Service Control Manager | ID = 7000
Description = The TBPanel service failed to start due to the following error: %%2


< End of report >

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:41 AM

Posted 09 April 2011 - 04:23 PM

Hi,

did the fix the ads, or are you still getting popups?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 riotburn

riotburn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 09 April 2011 - 10:27 PM

Yea I believe its gone. No ads all day. Thanks! that was a really annoying one because it would also make avast give a popup warning and sound with each webapge visited.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:41 AM

Posted 10 April 2011 - 05:28 AM

Hi,

I'm happy to hear that. Please run a scan with Eset to check for leftovers:
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 riotburn

riotburn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 10 April 2011 - 06:33 PM

There was no link, but at the website it says the online scanner is currently unavailable. I found a link the 7.0 scanner but got an error at the end of it downloading the database.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:41 AM

Posted 11 April 2011 - 05:04 AM

Hi,

sorry please try using Eset instead:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 riotburn

riotburn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 12 April 2011 - 09:09 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=150a4cf21e30c34f9567da91605226c4
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-13 01:24:31
# local_time=2011-04-12 09:24:31 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 3700 3700 0 0
# compatibility_mode=5893 16776574 100 94 3267739 54200907 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=42
# found=0
# cleaned=0
# scan_time=414
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=150a4cf21e30c34f9567da91605226c4
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-13 02:03:00
# local_time=2011-04-12 10:03:00 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 4167 4167 0 0
# compatibility_mode=5893 16776574 100 94 3268206 54201374 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=185245
# found=2
# cleaned=0
# scan_time=2255
C:\Users\Amy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\d215211453 Win32/Adware.Primawega.AJ application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\04092011_123305\C_Program Files (x86)\Mozilla Firefox\extensions\{2ea8ca89-28c8-f468-356e-e621021aa713}\components\df524d29.dll a variant of Win32/Adware.Primawega.AJ application (unable to clean) 00000000000000000000000000000000 I




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users