Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble after 'System Check' clean-up


  • This topic is locked This topic is locked
32 replies to this topic

#1 Tim R.

Tim R.

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 24 January 2012 - 11:08 PM

Hello folks, and thanks in advance for your attention. I recently cleaned up an ugly 'System Check' infection according to your very helpful directions, and I'm glad to say the symptoms have stopped and my computer is now functioning as it previously did.

Unfortunately, I appear to have an issue remaining: the System Check icons are still on my desktop and next to my Start button, and it appears to have placed several files (including an .exe) in my C:/Users/All Users folder. These files are named:

KH3asmYrQSvG5G
~KH3asmYrQSvG5G
~KH3asmYrQSvG5Gr
123.exe
nvModes.001
nvModes.dat

Furthermore, when I attempt to click on the offending icons on my desktop and Start bar, Windows Explorer locks up. Rkill and TDSSKiller did not turn up any infected items, and a full scan with MBAM only turned up about 5 infected items.

Below is the DDS report, as instructed. Thank you again for helping me out!

--------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26
Run by Tim at 22:51:17 on 2012-01-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1819 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Aim6]
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [{1963D799-0BFB-D17E-395D-F1E963138040}] C:\Users\Tim\AppData\Roaming\Vobiuz\ytxabip.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [VhlJsMtFWaqDNDe.exe] C:\ProgramData\VhlJsMtFWaqDNDe.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG311v3\wlancfg5.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EE91BC63-EFE9-4EBB-A3D3-65ACBB7AE2D4} : DhcpNameServer = 192.168.2.1
Notify: cryptnet32 - cryptnet32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [VhlJsMtFWaqDNDe.exe] C:\ProgramData\VhlJsMtFWaqDNDe.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ytdqg5ho.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/weather/today/North+Brunswick+NJ+08902
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Morning Coffee: morningCoffee@shaneliesegang - %profile%\extensions\morningCoffee@shaneliesegang
FF - Ext: Research Word: researchword@scott - %profile%\extensions\researchword@scott
FF - Ext: Leet Key: {3335F91D-2AEF-4097-B831-C96C60349822} - %profile%\extensions\{3335F91D-2AEF-4097-B831-C96C60349822}
FF - Ext: Xinha Here!: {5B280457-4290-40c2-9441-EA647775F824} - %profile%\extensions\{5B280457-4290-40c2-9441-EA647775F824}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Farkode™: {F5907E97-1CC5-4ab1-BE9A-94B0D5ED5EEE} - %profile%\extensions\{F5907E97-1CC5-4ab1-BE9A-94B0D5ED5EEE}
FF - Ext: RSS Ticker: {1f91cde0-c040-11da-a94d-0800200c9a66} - %profile%\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
FF - Ext: Remove New Tab Button: remove-new-tab-button@forerunnerdesigns.com - %profile%\extensions\remove-new-tab-button@forerunnerdesigns.com
FF - Ext: PriceBlink: info@priceblink.com - %profile%\extensions\info@priceblink.com
FF - Ext: F.B. Purity - Cleans Up Facebook: fbp@fbpurity.com - %profile%\extensions\fbp@fbpurity.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {808E128D-6D01-41F0-A7AB-299F5760A857} - C:\Users\Tim\AppData\Local\{808E128D-6D01-41F0-A7AB-299F5760A857}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/02/18 03:26:02];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-2-9 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-2-9 116096]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-5-12 24652]
R3 MRV6X64P;Vista 64-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13C.sys --> C:\Windows\system32\DRIVERS\MRVW13C.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-4 133104]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-4 133104]
S3 hxctlflt;hxctlflt;C:\Windows\system32\Drivers\hxctlflt.sys --> C:\Windows\system32\Drivers\hxctlflt.sys [?]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-11-4 28144]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
.
=============== Created Last 30 ================
.
2012-01-25 00:05:17 359314 ----a-w- C:\ProgramData\123.exe
2012-01-17 13:29:45 515968 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-01-17 13:29:45 442368 ----a-w- C:\Windows\System32\winhttp.dll
2012-01-17 13:29:45 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-01-17 13:29:45 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-01-17 13:29:45 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
2012-01-17 13:29:44 94720 ----a-w- C:\Windows\System32\secur32.dll
2012-01-17 13:29:44 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-01-17 13:29:44 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll
2012-01-17 13:29:44 11264 ----a-w- C:\Windows\System32\lsass.exe
.
==================== Find3M ====================
.
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-25 16:25:32 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-18 18:07:45 76800 ----a-w- C:\Windows\System32\packager.dll
2011-11-18 17:47:03 66560 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-08 14:58:31 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-08 14:42:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 15:20:26 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-04 14:54:57 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:51:38.72 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 AM

Posted 27 January 2012 - 01:07 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Tim R.

Tim R.
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 27 January 2012 - 07:46 PM

Hello Gringo! Thanks for helping me out. I ran Unhide.exe with no problems and restarted. I then ran OTL as per your instructions, again with no problems. The OTL log is below.

------------------

OTL logfile created on: 1/27/2012 7:29:34 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tim\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 65.03% Memory free
8.21 Gb Paging File | 6.72 Gb Available in Paging File | 81.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.91 Gb Total Space | 222.72 Gb Free Space | 49.18% Space Free | Partition Type: NTFS
Drive D: | 12.85 Gb Total Space | 1.81 Gb Free Space | 14.07% Space Free | Partition Type: NTFS

Computer Name: TIM-DESKTOP | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\js3250.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (LSI Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys ()
DRV:64bit: - (hxctlflt) -- C:\Windows\SysNative\Drivers\hxctlflt.sys (Guillemot Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (PCD5SRVC{8AAF211B-043E02A9-05040000}) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (MRV6X64P) -- C:\Windows\SysNative\DRIVERS\MRVW13C.sys (Marvell Semiconductor, Inc)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3929208280-1279930963-4119484745-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-3929208280-1279930963-4119484745-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-3929208280-1279930963-4119484745-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3929208280-1279930963-4119484745-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3929208280-1279930963-4119484745-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.weather.com/weather/today/North+Brunswick+NJ+08902"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {F5907E97-1CC5-4ab1-BE9A-94B0D5ED5EEE}:3.0.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.15
FF - prefs.js..extensions.enabledItems: {3335F91D-2AEF-4097-B831-C96C60349822}:1.4.3
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: researchword@scott:1.3.7
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:9
FF - prefs.js..extensions.enabledItems: {5B280457-4290-40c2-9441-EA647775F824}:0.17
FF - prefs.js..extensions.enabledItems: remove-new-tab-button@forerunnerdesigns.com:1.0
FF - prefs.js..extensions.enabledItems: {808E128D-6D01-41F0-A7AB-299F5760A857}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: info@priceblink.com:2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: fbp@fbpurity.com:6.4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{808E128D-6D01-41F0-A7AB-299F5760A857}: C:\Users\Tim\AppData\Local\{808E128D-6D01-41F0-A7AB-299F5760A857} [2010/08/10 11:43:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/21 07:19:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/21 07:19:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/21 17:52:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/12/20 12:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Extensions
[2010/12/20 12:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/27 17:56:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ytdqg5ho.default\extensions
[2011/09/08 06:23:16 | 000,000,000 | ---D | M] (RSS Ticker) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ytdqg5ho.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
[2009/09/26 20:28:00 | 000,000,000 | ---D | M] (Leet Key) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ytdqg5ho.default\extensions\{3335F91D-2AEF-4097-B831-C96C60349822}
[2010/07/04 19:16:57 | 000,000,000 | ---D | M] (Xinha Here!) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ytdqg5ho.default\extensions\{5B280457-4290-40c2-9441-EA647775F824}
[2009/05/15 15:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ytdqg5ho.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2012/01/05 18:36:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ytdqg5ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/01/27 17:56:24 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ytdqg5ho.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/23 16:20:02 | 000,000,000 | ---D | M] (Farkode™) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ytdqg5ho.default\extensions\{F5907E97-1CC5-4ab1-BE9A-94B0D5ED5EEE}
[2012/01/10 22:54:38 | 000,000,000 | ---D | M] (F.B. Purity - Cleans Up Facebook) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ytdqg5ho.default\extensions\fbp@fbpurity.com
[2011/02/06 12:25:48 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ytdqg5ho.default\extensions\info@priceblink.com
[2009/05/12 17:43:41 | 000,000,000 | ---D | M] ("Morning Coffee") -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ytdqg5ho.default\extensions\morningCoffee@shaneliesegang
[2010/03/31 14:06:11 | 000,000,000 | ---D | M] (Remove New Tab Button) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ytdqg5ho.default\extensions\remove-new-tab-button@forerunnerdesigns.com
[2010/09/22 17:33:50 | 000,000,000 | ---D | M] (Research Word) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\ytdqg5ho.default\extensions\researchword@scott
[2012/01/26 20:27:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/22 10:34:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 14:54:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/01 22:20:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/06 19:10:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/25 10:47:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/08/10 11:43:19 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\TIM\APPDATA\LOCAL\{808E128D-6D01-41F0-A7AB-299F5760A857}
[2009/09/02 09:39:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\S-1-5-21-3929208280-1279930963-4119484745-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CamserviceExchange] "C:\Program Files (x86)\Hercules\Dualpix Exchange\XtrCtrl.exe" /startup File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VhlJsMtFWaqDNDe.exe] C:\ProgramData\VhlJsMtFWaqDNDe.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3929208280-1279930963-4119484745-1000..\Run: [{1963D799-0BFB-D17E-395D-F1E963138040}] C:\Users\Tim\AppData\Roaming\Vobiuz\ytxabip.exe File not found
O4 - HKU\S-1-5-21-3929208280-1279930963-4119484745-1000..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-3929208280-1279930963-4119484745-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3929208280-1279930963-4119484745-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE91BC63-EFE9-4EBB-A3D3-65ACBB7AE2D4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\cryptnet32: DllName - (cryptnet32.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Tim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: prevpubw - (C:\Windows\system32\subsinfo.dll) - File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/27 19:27:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2012/01/24 22:49:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tim\Desktop\dds(2).scr
[2012/01/24 20:02:52 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tim\Desktop\123.com
[2012/01/24 19:05:41 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/24 19:05:17 | 000,359,314 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\123.exe
[2012/01/17 08:29:45 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/17 08:29:44 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/11 08:22:45 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 08:22:45 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 08:22:45 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 08:22:45 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 08:22:42 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 08:22:39 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/01/11 08:22:39 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2012/01/11 08:22:39 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcicda.dll
[2012/01/11 08:22:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciwave.dll
[2012/01/11 08:22:39 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciseq.dll
[2012/01/11 08:22:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciseq.dll
[2012/01/11 08:22:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 08:22:38 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/27 19:29:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/27 19:26:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2012/01/27 19:26:18 | 000,036,725 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/27 17:54:52 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 17:54:52 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 07:55:15 | 000,036,725 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/01/27 07:55:02 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/27 07:54:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/25 19:33:20 | 000,046,592 | ---- | M] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/24 23:21:45 | 000,001,870 | ---- | M] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/01/24 23:14:18 | 000,000,344 | ---- | M] () -- C:\ProgramData\123
[2012/01/24 22:49:57 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tim\Desktop\dds(2).scr
[2012/01/24 20:02:30 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tim\Desktop\123.com
[2012/01/24 19:40:15 | 000,000,448 | ---- | M] () -- C:\ProgramData\KH3asmYrQSvG5G
[2012/01/24 19:38:46 | 000,000,296 | ---- | M] () -- C:\ProgramData\~KH3asmYrQSvG5G
[2012/01/24 19:38:46 | 000,000,184 | ---- | M] () -- C:\ProgramData\~KH3asmYrQSvG5Gr
[2012/01/24 19:05:41 | 000,000,607 | ---- | M] () -- C:\Users\Tim\Desktop\System Check.lnk
[2012/01/24 19:05:17 | 000,359,314 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\123.exe
[2012/01/19 21:30:02 | 000,704,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/19 21:30:02 | 000,605,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/19 21:30:02 | 000,104,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/17 18:28:51 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/01/17 14:00:39 | 000,002,188 | ---- | M] () -- C:\Users\Tim\AppData\Local\d3d9caps64.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 23:21:45 | 000,001,870 | ---- | C] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/01/24 23:14:18 | 000,000,344 | ---- | C] () -- C:\ProgramData\123
[2012/01/24 21:47:21 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/01/24 21:47:21 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\AIM 6.lnk
[2012/01/24 21:47:21 | 000,001,804 | ---- | C] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/24 21:47:21 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/24 21:47:21 | 000,000,867 | ---- | C] () -- C:\Users\Public\Desktop\FLV Player.lnk
[2012/01/24 21:47:21 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\Jobulator.lnk
[2012/01/24 21:47:21 | 000,000,258 | ---- | C] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/24 21:47:21 | 000,000,240 | ---- | C] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/24 21:47:20 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
[2012/01/24 21:47:18 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/24 21:47:18 | 000,002,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2012/01/24 21:47:18 | 000,002,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
[2012/01/24 21:47:18 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2012/01/24 21:47:18 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/01/24 21:47:18 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PictureMover.lnk
[2012/01/24 21:47:18 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk
[2012/01/24 21:47:18 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2012/01/24 21:47:18 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/24 21:47:18 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/24 21:47:18 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2012/01/24 21:47:18 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/24 21:47:18 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2012/01/24 21:47:18 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/01/24 21:47:18 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2012/01/24 21:47:18 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/24 21:47:18 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/01/24 21:47:18 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/01/24 21:47:18 | 000,000,918 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012/01/24 21:47:18 | 000,000,806 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jobulator.lnk
[2012/01/24 21:47:18 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2012/01/24 21:47:18 | 000,000,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2012/01/24 19:05:42 | 000,000,296 | ---- | C] () -- C:\ProgramData\~KH3asmYrQSvG5G
[2012/01/24 19:05:42 | 000,000,184 | ---- | C] () -- C:\ProgramData\~KH3asmYrQSvG5Gr
[2012/01/24 19:05:41 | 000,000,607 | ---- | C] () -- C:\Users\Tim\Desktop\System Check.lnk
[2012/01/24 19:05:38 | 000,000,448 | ---- | C] () -- C:\ProgramData\KH3asmYrQSvG5G
[2011/08/07 15:19:33 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/01 20:29:20 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010/09/06 16:45:29 | 000,000,680 | ---- | C] () -- C:\Users\Tim\AppData\Local\d3d9caps.dat
[2010/09/05 20:11:41 | 000,036,725 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/09/05 19:35:32 | 000,036,725 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/06/04 15:12:00 | 000,000,245 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/04/30 22:01:56 | 000,000,020 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\wzmjhy.dat
[2010/04/24 11:59:32 | 000,000,552 | ---- | C] () -- C:\Users\Tim\AppData\Local\d3d8caps.dat
[2010/04/18 11:25:51 | 000,000,120 | ---- | C] () -- C:\Users\Tim\AppData\Local\Tzobupali.dat
[2010/04/18 11:25:51 | 000,000,000 | ---- | C] () -- C:\Users\Tim\AppData\Local\Dcetereweri.bin
[2010/04/18 11:24:10 | 000,000,020 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\kcmdte.dat
[2009/09/18 09:08:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/18 09:07:40 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/18 09:07:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/16 10:04:18 | 000,000,407 | ---- | C] () -- C:\Windows\SysWow64\gmsblist.dll
[2009/05/17 11:01:19 | 000,000,056 | ---- | C] () -- C:\Windows\sierra.ini
[2009/05/16 13:39:52 | 000,046,592 | ---- | C] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/12 19:49:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/05/10 19:49:13 | 000,002,188 | ---- | C] () -- C:\Users\Tim\AppData\Local\d3d9caps64.dat
[2009/02/18 05:58:09 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009/02/18 05:58:09 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2009/02/18 05:28:48 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >
[2006/11/02 10:36:07 | 000,001,677 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Default Programs.lnk
[2009/12/27 13:14:16 | 000,000,442 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\desktop.ini
[2009/02/18 06:37:52 | 000,001,880 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Juno Offer!.lnk
[2009/02/18 06:37:32 | 000,001,886 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\NetZero Offer!.lnk
[2009/05/10 19:14:08 | 000,001,440 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Snapfish Photos - FREE - 1st 30 Prints.lnk
[2009/12/27 13:14:16 | 000,001,661 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Windows Update.lnk
[2009/05/13 09:36:19 | 000,000,918 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Acrobat.com.lnk
[2011/04/24 09:44:33 | 000,002,425 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
[2009/12/27 18:35:15 | 000,001,830 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2008/01/20 22:21:58 | 000,001,754 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\desktop.ini
[2009/02/18 06:37:00 | 000,002,113 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\eBay.lnk
[2009/02/18 06:36:44 | 000,002,107 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
[2009/02/18 06:31:48 | 000,001,903 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\HP Total Care Advisor.lnk
[2011/05/04 14:04:04 | 000,000,806 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Jobulator.lnk
[2006/11/02 10:35:26 | 000,001,630 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
[2009/05/10 19:15:52 | 000,001,924 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2009/06/12 07:56:18 | 000,001,060 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
[2009/02/18 06:36:55 | 000,000,182 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Pandora Internet Radio.url
[2009/02/18 06:27:37 | 000,001,922 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\PictureMover.lnk
[2006/11/02 10:36:34 | 000,001,770 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Windows Calendar.lnk
[2006/11/02 10:36:21 | 000,001,852 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Windows Collaboration.lnk
[2006/11/02 10:29:25 | 000,001,743 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Windows Contacts.lnk
[2006/11/02 10:35:16 | 000,001,757 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Windows Defender.lnk
[2006/11/02 10:36:18 | 000,001,803 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
[2011/10/24 07:24:54 | 000,001,243 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Windows Live ID.lnk
[2006/11/02 10:35:32 | 000,000,604 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Windows Live.lnk
[2008/01/20 22:20:56 | 000,001,743 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Windows Mail.lnk
[2006/11/02 10:34:06 | 000,001,768 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
[2006/11/02 10:34:34 | 000,001,950 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Windows Photo Gallery.lnk
[2011/01/08 20:02:48 | 000,000,817 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\7-Zip\7-Zip File Manager.lnk
[2011/01/08 20:02:48 | 000,000,822 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\7-Zip\7-Zip Help.lnk
[2006/11/02 10:34:01 | 000,001,614 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2008/01/20 22:21:03 | 000,001,574 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Desktop.ini
[2006/11/02 10:35:25 | 000,001,638 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
[2006/11/02 10:34:08 | 000,001,637 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\NetworkProjection.lnk
[2008/01/20 22:21:03 | 000,001,637 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2008/01/20 22:20:49 | 000,001,597 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2006/11/02 10:36:29 | 000,001,778 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sidebar.lnk
[2006/11/02 10:35:02 | 000,001,741 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
[2008/01/20 22:20:37 | 000,001,641 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
[2006/11/02 10:36:23 | 000,001,737 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
[2008/01/20 22:20:43 | 000,001,875 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
[2006/11/02 10:34:20 | 000,000,370 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Desktop.ini
[2006/11/02 10:34:20 | 000,001,866 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
[2006/11/02 10:33:51 | 000,001,619 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
[2006/11/02 10:34:01 | 000,001,643 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2008/01/20 22:21:44 | 000,001,158 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Desktop.ini
[2008/01/20 22:20:55 | 000,001,674 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
[2006/11/02 10:33:18 | 000,001,652 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2006/11/02 10:34:38 | 000,001,813 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\migwiz.lnk
[2008/01/20 22:21:44 | 000,001,650 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2006/11/02 10:32:52 | 000,001,630 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2006/11/02 10:31:56 | 000,001,676 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
[2010/09/15 19:37:08 | 000,000,216 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\desktop.ini
[2010/09/15 19:36:49 | 000,001,989 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
[2010/09/15 19:37:08 | 000,002,073 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
[2010/09/15 19:37:08 | 000,002,073 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
[2010/09/15 19:36:49 | 000,001,899 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
[2008/01/20 22:20:56 | 000,001,694 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2006/11/02 10:31:05 | 000,001,686 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2008/01/20 22:21:58 | 000,001,582 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2006/11/02 10:31:56 | 000,001,714 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2006/11/02 10:31:45 | 000,001,690 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
[2006/11/02 10:28:23 | 000,001,679 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
[2008/01/20 22:20:48 | 000,001,627 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Reliability and Performance Monitor.lnk
[2008/01/20 22:20:59 | 000,001,688 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
[2006/11/02 10:28:23 | 000,001,646 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
[2006/11/02 10:31:56 | 000,001,670 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
[2008/01/20 22:21:53 | 000,001,650 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
[2010/09/15 19:36:49 | 000,002,741 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
[2009/05/12 19:26:34 | 000,001,830 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\AIM\AIM 6.lnk
[2009/05/12 19:26:34 | 000,000,918 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\AIM\Uninstall AIM.lnk
[2009/05/12 19:26:34 | 000,000,044 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\AIM\Visit AIM.com.url
[2011/06/08 13:44:17 | 000,001,045 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\Check for Updates.lnk
[2011/06/24 00:38:15 | 000,001,047 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\Codec Settings.lnk
[2011/06/24 00:38:18 | 000,001,286 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\DivX Support.lnk
[2011/06/24 00:38:18 | 000,001,286 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\Post DivX® video to your website.lnk
[2011/06/08 13:44:17 | 000,001,057 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\Register.lnk
[2011/06/24 00:38:18 | 000,001,304 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\Why Buy DivX Pro.lnk
[2008/01/20 22:20:45 | 000,000,598 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Extras and Upgrades\Desktop.ini
[2006/11/02 10:36:17 | 000,001,817 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Extras and Upgrades\Windows Anytime Upgrade.lnk
[2008/01/20 22:20:45 | 000,000,592 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Extras and Upgrades\Windows Marketplace.lnk
[2008/01/20 22:20:45 | 000,000,604 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Extras and Upgrades\Windows Web.lnk
[2010/01/10 19:07:21 | 000,000,890 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\FLV Player\FLV Player website.lnk
[2010/01/10 19:07:21 | 000,000,885 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\FLV Player\FLV Player.lnk
[2010/01/10 19:07:21 | 000,000,651 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\FLV Player\Uninstall.lnk
[2009/02/18 06:36:37 | 000,002,097 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Games\- My HP Game Console -.lnk
[2009/02/18 06:36:38 | 000,001,856 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Games\- Visit My HP Games website -.lnk
[2006/11/02 10:35:34 | 000,001,846 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
[2008/01/20 22:20:48 | 000,000,688 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Games\Desktop.ini
[2006/11/02 10:34:02 | 000,001,896 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
[2008/01/20 22:20:48 | 000,000,226 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
[2006/11/02 10:35:29 | 000,001,864 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2006/11/02 10:35:02 | 000,001,914 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Games\InkBall.lnk
[2006/11/02 10:34:28 | 000,001,878 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
[2006/11/02 10:35:41 | 000,001,940 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2006/11/02 10:36:28 | 000,001,947 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Games\PurblePlace.lnk
[2006/11/02 10:34:02 | 000,001,910 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2006/11/02 10:35:35 | 000,002,000 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2009/08/16 10:03:53 | 000,000,788 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\GSAK\Folder Finder.lnk
[2009/08/16 10:03:52 | 000,000,810 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\GSAK\GSAK.lnk
[2009/08/16 10:03:53 | 000,000,754 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\GSAK\Help File.lnk
[2009/08/16 10:03:53 | 000,000,793 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\GSAK\Macro Editor.lnk
[2009/08/16 10:03:53 | 000,000,049 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\GSAK\Support forum.url
[2009/08/16 10:03:53 | 000,000,778 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\GSAK\Uninstall GSAK.lnk
[2009/08/16 10:03:53 | 000,000,045 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\GSAK\Web site.url
[2009/02/18 06:27:46 | 000,002,018 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\HP\HP Update.lnk
[2009/02/18 06:26:02 | 000,002,035 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\HP\HP MediaSmart\HP MediaSmart DVD.lnk
[2009/02/18 06:26:16 | 000,001,928 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\HP\HP MediaSmart\HP MediaSmart Help.lnk
[2009/02/18 06:24:57 | 000,002,161 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\HP\HP MediaSmart\HP MediaSmart Music.lnk
[2009/02/18 06:24:57 | 000,002,161 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\HP\HP MediaSmart\HP MediaSmart Photo.lnk
[2010/04/01 19:45:43 | 000,001,980 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\HP\HP MediaSmart\HP MediaSmart TV.lnk
[2009/02/18 06:24:57 | 000,002,161 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\HP\HP MediaSmart\HP MediaSmart Video.lnk
[2009/05/10 19:14:44 | 000,001,033 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Intel® Matrix Storage Manager\Intel® Matrix Storage Console.lnk
[2011/02/14 17:55:14 | 000,002,010 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
[2011/02/14 17:55:14 | 000,001,714 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
[2009/02/18 06:26:41 | 000,000,246 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\desktop.ini
[2009/02/18 06:26:41 | 000,002,112 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk
[2007/08/22 06:21:18 | 000,000,964 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\LabelPrint.lnk
[2009/02/18 06:26:41 | 000,002,029 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\LightScribe Control Panel.lnk
[2009/02/18 06:26:41 | 000,002,279 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\LightScribe Website.lnk
[2009/02/18 06:26:41 | 000,002,222 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling\Quick Demo.lnk
[2006/11/02 10:36:19 | 000,001,699 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
[2006/11/02 10:36:19 | 000,000,616 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Desktop.ini
[2006/11/02 10:30:37 | 000,001,624 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Problem Reports and Solutions.lnk
[2006/11/02 10:36:04 | 000,001,604 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
[2012/01/01 23:12:31 | 000,000,968 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk
[2012/01/01 23:12:31 | 000,000,968 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk
[2012/01/01 23:12:31 | 000,000,992 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk
[2012/01/01 23:12:31 | 000,001,137 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk
[2010/06/04 15:11:53 | 000,001,981 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microprose\Risk II\Play Risk II on the ZONE.lnk
[2010/06/04 15:11:53 | 000,002,069 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microprose\Risk II\Read Me.lnk
[2010/06/04 15:12:00 | 000,001,921 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microprose\Risk II\Register Risk II.lnk
[2010/06/04 15:11:54 | 000,001,888 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microprose\Risk II\Risk II.lnk
[2010/06/04 15:11:53 | 000,001,805 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microprose\Risk II\Uninstall Risk II.lnk
[2011/10/24 07:25:16 | 000,001,154 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games for Windows Marketplace\Games for Windows Marketplace.lnk
[2010/04/24 11:58:06 | 000,000,127 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Impossible Creatures\IC Stats.url
[2010/04/24 11:58:06 | 000,002,066 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Impossible Creatures\ICConfig.exe.lnk
[2010/04/24 11:58:06 | 000,002,050 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Impossible Creatures\Impossible Creatures Readme.lnk
[2010/04/24 11:58:06 | 000,002,018 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Impossible Creatures\Impossible Creatures.lnk
[2010/04/24 11:58:06 | 000,002,101 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Impossible Creatures\Mission Editor.exe.lnk
[2010/04/24 11:58:06 | 000,000,114 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Impossible Creatures\Relic Developers Network.url
[2010/04/24 11:58:06 | 000,002,084 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Impossible Creatures\Uninstall Impossible Creatures.lnk
[2010/03/12 11:54:48 | 000,002,627 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
[2009/05/10 20:20:12 | 000,002,603 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
[2009/05/10 20:20:12 | 000,002,629 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
[2012/01/22 16:43:16 | 000,002,669 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
[2009/05/10 20:20:12 | 000,002,631 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
[2009/05/10 20:20:12 | 000,002,611 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2009/05/10 20:20:12 | 000,002,511 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
[2009/05/10 20:20:12 | 000,002,609 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
[2009/05/10 20:20:12 | 000,002,589 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
[2011/10/13 07:17:39 | 000,002,176 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
[2009/05/10 19:15:40 | 000,001,934 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
[2009/05/10 19:15:40 | 000,001,968 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
[2009/05/10 19:15:40 | 000,001,982 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
[2009/05/10 19:15:40 | 000,002,024 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
[2010/12/16 09:46:09 | 000,002,613 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
[2009/06/12 07:56:18 | 000,001,066 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
[2009/05/10 19:15:40 | 000,002,026 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
[2009/05/12 19:51:14 | 000,000,080 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\MozBackup\Homepage.url
[2009/05/12 19:51:14 | 000,001,768 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\MozBackup\MozBackup.lnk
[2009/06/19 12:37:56 | 000,003,656 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\MozBackup\OneNote Table Of Contents.onetoc2
[2009/05/12 19:51:14 | 000,000,092 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\MozBackup\Support.url
[2009/05/12 19:51:14 | 000,001,768 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\MozBackup\Uninstall.lnk
[2010/03/31 13:59:27 | 000,001,820 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk
[2010/03/31 13:59:27 | 000,001,798 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox.lnk
[2009/05/12 19:49:11 | 000,001,886 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Mozilla Thunderbird\Mozilla Thunderbird (Safe Mode).lnk
[2009/05/12 19:49:11 | 000,001,864 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Mozilla Thunderbird\Mozilla Thunderbird.lnk
[2009/02/18 06:27:03 | 000,001,199 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\muvee\Create instant home movies.lnk
[2009/02/18 06:27:03 | 000,000,186 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\muvee\desktop.ini
[2009/02/18 06:27:03 | 000,001,497 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\muvee\Quick Tour.lnk
[2009/02/18 06:36:37 | 000,002,097 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\- My HP Game Console -.lnk
[2009/02/18 06:36:37 | 000,002,147 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Agatha Christie - Death on the Nile.lnk
[2009/02/18 06:36:37 | 000,002,051 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Bejeweled 2 Deluxe.lnk
[2009/02/18 06:36:37 | 000,002,155 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Big City Adventures San Francisco.lnk
[2009/02/18 06:36:37 | 000,002,067 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Blackhawk Striker 2.lnk
[2009/02/18 06:36:37 | 000,002,051 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Blasterball 3.lnk
[2009/02/18 06:36:37 | 000,002,095 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Build-a-lot 2.lnk
[2009/02/18 06:36:37 | 000,002,035 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Chuzzle Deluxe.lnk
[2009/02/18 06:36:37 | 000,002,171 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Diner Dash Hometown Hero.lnk
[2009/02/18 06:36:37 | 000,002,107 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Dream Chronicles 2.lnk
[2009/02/18 06:36:37 | 000,002,097 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Family Feud 3.lnk
[2009/02/18 06:36:37 | 000,001,983 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\FATE.lnk
[2009/02/18 06:36:37 | 000,002,139 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Jewel Quest Solitaire 2.lnk
[2009/02/18 06:36:37 | 000,002,131 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\JoJo's Fashion Show.lnk
[2009/02/18 06:36:37 | 000,002,063 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Luxor 3.lnk
[2009/02/18 06:36:37 | 000,002,127 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Mystery P.I. - The Vegas Heist.lnk
[2009/02/18 06:36:37 | 000,002,059 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Peggle.lnk
[2009/02/18 06:36:37 | 000,002,019 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Penguins!.lnk
[2009/02/18 06:36:37 | 000,002,115 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Poker Superstars III.lnk
[2009/02/18 06:36:37 | 000,002,019 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Polar Bowler.lnk
[2009/02/18 06:36:37 | 000,002,015 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Polar Golfer.lnk
[2009/02/18 06:36:37 | 000,002,027 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Polar Pool.lnk
[2009/02/18 06:36:37 | 000,002,027 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Slingo Deluxe.lnk
[2009/02/18 06:36:37 | 000,002,139 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\The Hidden Object Game Show.lnk
[2009/02/18 06:36:37 | 000,002,103 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\The Price is Right.lnk
[2009/02/18 06:36:37 | 000,002,113 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Tradewinds Legends.lnk
[2009/02/18 06:36:37 | 000,002,175 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Virtual Villagers - A New Home.lnk
[2009/02/18 06:36:37 | 000,002,233 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Virtual Villagers - The Secret City.lnk
[2009/02/18 06:36:37 | 000,002,047 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Wedding Dash.lnk
[2009/02/18 06:36:37 | 000,002,127 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Wheel of Fortune 2.lnk
[2009/02/18 06:36:37 | 000,002,011 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\My HP Games\Zuma Deluxe.lnk
[2009/12/25 11:09:41 | 000,001,651 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\NETGEAR WG311v3 Smart Wizard\NETGEAR Smart Wizard.lnk
[2009/12/25 11:09:41 | 000,001,977 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\NETGEAR WG311v3 Smart Wizard\Uninstall NETGEAR WG311v3 Software.lnk
[2009/05/10 19:14:06 | 000,000,071 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Online Services\desktop.ini
[2009/05/10 19:13:52 | 000,001,979 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Online Services\Get Online.lnk
[2009/02/18 06:37:52 | 000,001,768 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Online Services\United States\Juno Dial-up.lnk
[2009/02/18 06:36:49 | 000,002,099 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Online Services\United States\MSN.lnk
[2009/02/18 06:37:32 | 000,001,816 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Online Services\United States\Netzero Dial-up.lnk
[2009/02/18 06:39:39 | 000,000,620 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\PC Help & Tools\desktop.ini
[2009/02/18 06:29:07 | 000,001,906 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\PC Help & Tools\Hardware Diagnostic Tools.lnk
[2009/02/18 06:00:44 | 000,000,981 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\PC Help & Tools\HP support information.lnk
[2009/02/18 06:39:39 | 000,001,874 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\PC Help & Tools\Recovery Disc Creation.lnk
[2009/02/18 06:39:39 | 000,001,864 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\PC Help & Tools\Recovery Manager.lnk
[2011/02/14 17:53:08 | 000,001,802 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2011/02/14 17:53:08 | 000,001,812 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2011/02/14 17:53:08 | 000,001,802 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2011/02/14 17:53:08 | 000,001,729 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2009/05/17 11:01:15 | 000,001,373 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Sierra\Half-Life\AT&T WorldNet.lnk
[2009/05/17 11:01:13 | 000,000,688 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Sierra\Half-Life\Half-Life Readme.lnk
[2009/05/17 11:01:13 | 000,001,510 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Sierra\Half-Life\Half-Life.lnk
[2009/05/17 11:01:13 | 000,000,676 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Sierra\Half-Life\Register Half-Life.lnk
[2009/05/17 11:01:13 | 000,000,688 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Sierra\Half-Life\Sierra Website.lnk
[2009/05/17 11:01:13 | 000,000,912 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Sierra\Half-Life\Team Fortress Manual.lnk
[2009/05/17 11:01:13 | 000,001,528 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Sierra\Half-Life\Team Fortress.lnk
[2009/05/17 11:01:13 | 000,000,690 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Sierra\Half-Life\Uninstall Half-Life.lnk
[2008/01/20 22:21:58 | 000,000,174 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Startup\desktop.ini
[2009/12/25 11:09:48 | 000,002,001 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
[2009/05/28 11:40:24 | 000,001,912 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Steam\Steam Support Center.lnk
[2010/05/07 17:51:10 | 000,000,848 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Steam\Steam.lnk
[2007/04/18 14:36:30 | 000,001,657 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Try Microsoft Office for 60 days\Install Office Trial.lnk
[2007/04/17 09:23:28 | 000,001,562 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Try Microsoft Office for 60 days\Try Microsoft Office for 60 days.lnk
[2010/09/14 11:21:30 | 000,001,236 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Ubisoft\Far Cry\Configure Far Cry.lnk
[2010/09/14 11:21:30 | 000,001,174 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Ubisoft\Far Cry\CryEngine Sandbox.lnk
[2010/09/14 11:21:30 | 000,001,174 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Ubisoft\Far Cry\Play Far Cry.lnk
[2010/09/14 11:21:30 | 000,001,319 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Ubisoft\Far Cry\Register Far Cry.lnk
[2010/09/14 11:21:30 | 000,001,309 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Ubisoft\Far Cry\Uninstall Far Cry.lnk
[2010/09/14 11:21:30 | 000,001,005 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Ubisoft\Far Cry\View Far Cry's User Manual.lnk
[2010/09/14 11:21:30 | 000,000,851 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Ubisoft\Far Cry\View Readme.lnk
[2010/09/14 11:21:30 | 000,000,851 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\Ubisoft\Far Cry\Visit Far Cry's Website.lnk
[2009/05/10 19:14:47 | 000,001,589 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\User Guides\Safety & Comfort Guide.lnk
[2009/05/10 19:14:47 | 000,001,613 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\1\Programs\User Guides\Upgrading and Servicing Guide.lnk
[2009/05/12 19:26:34 | 000,001,836 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\2\AIM 6.lnk
[2010/09/15 16:33:30 | 000,000,221 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\2\desktop.ini
[2010/09/15 16:33:30 | 000,000,975 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2010/03/31 13:59:27 | 000,001,804 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\2\Mozilla Firefox.lnk
[2009/05/12 19:49:11 | 000,001,870 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\2\Mozilla Thunderbird.lnk
[2008/01/20 22:20:45 | 000,000,258 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\2\Shows Desktop.lnk
[2012/01/24 19:05:41 | 000,000,631 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\2\System Check.lnk
[2008/01/20 22:20:45 | 000,000,240 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\2\Window Switcher.lnk
[2009/05/12 19:26:34 | 000,001,812 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\4\AIM 6.lnk
[2009/05/15 15:28:00 | 000,000,508 | -HS- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\4\desktop.ini
[2010/01/10 19:07:21 | 000,000,867 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\4\FLV Player.lnk
[2011/05/04 14:04:04 | 000,000,794 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\4\Jobulator.lnk
[2010/03/31 13:59:27 | 000,001,780 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\4\Mozilla Firefox.lnk
[2009/05/12 19:49:11 | 000,001,846 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\smtmp\4\Mozilla Thunderbird.lnk

< End of report >

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 AM

Posted 27 January 2012 - 10:13 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Tim R.

Tim R.
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 27 January 2012 - 10:54 PM

I have run the custom script you provided. The report is below. The computer appears to be running well, though the 'System Check' icon is still on my desktop and I am unable to remove it.

---------------------

========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Tim\Desktop\cmd.bat deleted successfully.
C:\Users\Tim\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\Users\Tim\AppData\Local\Temp\smtmp\2\AIM 6.lnk
C:\Users\Tim\AppData\Local\Temp\smtmp\2\desktop.ini
C:\Users\Tim\AppData\Local\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
C:\Users\Tim\AppData\Local\Temp\smtmp\2\Mozilla Firefox.lnk
C:\Users\Tim\AppData\Local\Temp\smtmp\2\Mozilla Thunderbird.lnk
C:\Users\Tim\AppData\Local\Temp\smtmp\2\Shows Desktop.lnk
C:\Users\Tim\AppData\Local\Temp\smtmp\2\System Check.lnk
C:\Users\Tim\AppData\Local\Temp\smtmp\2\Window Switcher.lnk
8 File(s) copied
C:\Users\Tim\Desktop\cmd.bat deleted successfully.
C:\Users\Tim\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Tim\Desktop\cmd.bat deleted successfully.
C:\Users\Tim\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Tim\Desktop\cmd.bat deleted successfully.
C:\Users\Tim\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 01272012_223907

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 AM

Posted 28 January 2012 - 01:45 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O3 - HKU\S-1-5-21-3929208280-1279930963-4119484745-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [CamserviceExchange] "C:\Program Files (x86)\Hercules\Dualpix Exchange\XtrCtrl.exe" /startup File not found
    O4 - HKLM..\Run: [VhlJsMtFWaqDNDe.exe] C:\ProgramData\VhlJsMtFWaqDNDe.exe File not found
    O4 - HKU\S-1-5-21-3929208280-1279930963-4119484745-1000..\Run: [{1963D799-0BFB-D17E-395D-F1E963138040}] C:\Users\Tim\AppData\Roaming\Vobiuz\ytxabip.exe File not found
    O4 - HKU\S-1-5-21-3929208280-1279930963-4119484745-1000..\Run: [Aim6] File not found
    O4 - HKU\S-1-5-21-3929208280-1279930963-4119484745-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
    O20 - Winlogon\Notify\cryptnet32: DllName - (cryptnet32.dll) - File not found
    O36 - AppCertDlls: prevpubw - (C:\Windows\system32\subsinfo.dll) - File not found
    FF - prefs.js..extensions.enabledItems: {808E128D-6D01-41F0-A7AB-299F5760A857}:1.9.1
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{808E128D-6D01-41F0-A7AB-299F5760A857}: C:\Users\Tim\AppData\Local\{808E128D-6D01-41F0-A7AB-299F5760A857} [2010/08/10 11:43:19 | 000,000,000 | ---D | M]
    [2010/08/10 11:43:19 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\TIM\APPDATA\LOCAL\{808E128D-6D01-41F0-A7AB-299F5760A857}
    [2012/01/24 19:05:41 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2012/01/24 19:05:41 | 000,000,607 | ---- | M] () -- C:\Users\Tim\Desktop\System Check.lnk
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Tim R.

Tim R.
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 28 January 2012 - 11:40 PM

That appears to have worked very well! After running the latest script you provided, the 'System Check' icon has been removed from my desktop. The computer seems to be doing well. Here is the OTL report.

---------------

All processes killed
========== OTL ==========
Registry key

HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\

deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3929208280-1279930963-4119484745-1000

\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-

40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1

-9AC6-E06B23A1BA4C}\ not found.
64bit-Registry value

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Camservic

eExchange deleted successfully.
Registry value

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VhlJsMtFW

aqDNDe.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3929208280-1279930963-4119484745-1000

\Software\Microsoft\Windows\CurrentVersion\Run\\{1963D799-0BFB-D17E-395D-

F1E963138040} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1963D799-0BFB-D17E

-395D-F1E963138040}\ not found.
Registry value HKEY_USERS\S-1-5-21-3929208280-1279930963-4119484745-1000

\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3929208280-1279930963-4119484745-1000

\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted

successfully.
Starting removal of ActiveX control {40F576AD-8680-4F9E-9490-99D069CD665F}
C:\Windows\Downloaded Program Files\sysreqlabdetect.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store

Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted

successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E

-9490-99D069CD665F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-

9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed

Components\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E

-9490-99D069CD665F}\ not found.
64bit-Registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted

successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted

successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\\GinaDLL:MrvGINA.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify\cryptnet32\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session

Manager\AppCertDlls\\prevpubw deleted successfully.
Prefs.js: {808E128D-6D01-41F0-A7AB-299F5760A857}:1.9.1 removed from

extensions.enabledItems
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{808E128D-

6D01-41F0-A7AB-299F5760A857}: C:\Users\Tim\AppData\Local\{808E128D-6D01-

41F0-A7AB-299F5760A857} not found.
C:\USERS\TIM\APPDATA\LOCAL\{808E128D-6D01-41F0-A7AB-299F5760A857}

\chrome\content folder moved successfully.
C:\USERS\TIM\APPDATA\LOCAL\{808E128D-6D01-41F0-A7AB-299F5760A857}\chrome

folder moved successfully.
C:\USERS\TIM\APPDATA\LOCAL\{808E128D-6D01-41F0-A7AB-299F5760A857} folder

moved successfully.
C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System

Check folder moved successfully.
C:\Users\Tim\Desktop\System Check.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tim\Desktop\cmd.bat deleted successfully.
C:\Users\Tim\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56507 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tim
->Temp folder emptied: 612784038 bytes
->Temporary Internet Files folder emptied: 174100037 bytes
->Java cache emptied: 57647001 bytes
->FireFox cache emptied: 134769669 bytes
->Flash cache emptied: 378069 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 438248667 bytes
%systemroot%

\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary

Internet Files folder emptied: 53100 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,352.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Tim
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tim
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be

moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01282012_232624

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be

moved on reboot.

Registry entries deleted on Reboot...

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 AM

Posted 28 January 2012 - 11:52 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Tim R.

Tim R.
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 29 January 2012 - 11:10 PM

I'm sorry, it appears I've run into a problem! I was able to download and begin Combofix as you described, but as it began to run, I received an error: "You need administrative privileges to run this tool". Combofix then closed itself. I tried this several times, with the same result, even when right-clicking and selecting "Run as administrator" from the menu. (I did check to make sure my account is set to admin, which it is.)

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 AM

Posted 29 January 2012 - 11:28 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Tim R.

Tim R.
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 30 January 2012 - 11:17 PM

This may sound very strange, but I was unable to run Combofix even in Safe Mode. Shortly after starting, it gave me the same "You need administrative privileges to run this tool" error message that I had gotten in normal mode, and then closed itself.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 AM

Posted 30 January 2012 - 11:51 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Tim R.

Tim R.
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 31 January 2012 - 11:13 PM

Thank you, and sorry for the trouble with the last few steps. I have run TDSSKiller and it says there were no threats found, and no reboot was required. Below is the report.

---------------

23:10:02.0800 2992 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
23:10:03.0096 2992 ============================================================
23:10:03.0096 2992 Current date / time: 2012/01/31 23:10:03.0096
23:10:03.0096 2992 SystemInfo:
23:10:03.0096 2992
23:10:03.0096 2992 OS Version: 6.0.6002 ServicePack: 2.0
23:10:03.0096 2992 Product type: Workstation
23:10:03.0096 2992 ComputerName: TIM-DESKTOP
23:10:03.0096 2992 UserName: Tim
23:10:03.0096 2992 Windows directory: C:\Windows
23:10:03.0096 2992 System windows directory: C:\Windows
23:10:03.0096 2992 Running under WOW64
23:10:03.0096 2992 Processor architecture: Intel x64
23:10:03.0096 2992 Number of processors: 2
23:10:03.0096 2992 Page size: 0x1000
23:10:03.0096 2992 Boot type: Normal boot
23:10:03.0096 2992 ============================================================
23:10:03.0455 2992 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:10:03.0470 2992 \Device\Harddisk0\DR0:
23:10:03.0470 2992 MBR used
23:10:03.0470 2992 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x389D35B5
23:10:03.0470 2992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x389D35F4, BlocksNum 0x19B164D
23:10:03.0564 2992 Initialize success
23:10:03.0564 2992 ============================================================
23:10:05.0982 3628 ============================================================
23:10:05.0982 3628 Scan started
23:10:05.0982 3628 Mode: Manual;
23:10:05.0982 3628 ============================================================
23:10:06.0512 3628 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
23:10:06.0528 3628 ACPI - ok
23:10:06.0590 3628 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
23:10:06.0590 3628 adp94xx - ok
23:10:06.0637 3628 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
23:10:06.0637 3628 adpahci - ok
23:10:06.0653 3628 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
23:10:06.0653 3628 adpu160m - ok
23:10:06.0684 3628 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
23:10:06.0684 3628 adpu320 - ok
23:10:06.0778 3628 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
23:10:06.0793 3628 AFD - ok
23:10:06.0871 3628 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
23:10:06.0902 3628 AgereSoftModem - ok
23:10:06.0949 3628 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
23:10:06.0949 3628 agp440 - ok
23:10:06.0980 3628 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
23:10:06.0980 3628 aic78xx - ok
23:10:07.0012 3628 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
23:10:07.0012 3628 aliide - ok
23:10:07.0043 3628 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
23:10:07.0043 3628 amdide - ok
23:10:07.0058 3628 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
23:10:07.0058 3628 AmdK8 - ok
23:10:07.0105 3628 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
23:10:07.0105 3628 arc - ok
23:10:07.0121 3628 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
23:10:07.0121 3628 arcsas - ok
23:10:07.0168 3628 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
23:10:07.0168 3628 AsyncMac - ok
23:10:07.0199 3628 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
23:10:07.0199 3628 atapi - ok
23:10:07.0246 3628 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
23:10:07.0246 3628 blbdrive - ok
23:10:07.0292 3628 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
23:10:07.0292 3628 bowser - ok
23:10:07.0308 3628 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
23:10:07.0324 3628 BrFiltLo - ok
23:10:07.0339 3628 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
23:10:07.0339 3628 BrFiltUp - ok
23:10:07.0355 3628 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
23:10:07.0355 3628 Brserid - ok
23:10:07.0386 3628 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
23:10:07.0386 3628 BrSerWdm - ok
23:10:07.0402 3628 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
23:10:07.0402 3628 BrUsbMdm - ok
23:10:07.0417 3628 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
23:10:07.0417 3628 BrUsbSer - ok
23:10:07.0433 3628 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
23:10:07.0433 3628 BTHMODEM - ok
23:10:07.0464 3628 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
23:10:07.0464 3628 cdfs - ok
23:10:07.0480 3628 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
23:10:07.0480 3628 cdrom - ok
23:10:07.0511 3628 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
23:10:07.0511 3628 circlass - ok
23:10:07.0558 3628 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
23:10:07.0558 3628 CLFS - ok
23:10:07.0604 3628 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
23:10:07.0604 3628 cmdide - ok
23:10:07.0620 3628 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
23:10:07.0620 3628 Compbatt - ok
23:10:07.0651 3628 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
23:10:07.0651 3628 crcdisk - ok
23:10:07.0714 3628 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
23:10:07.0714 3628 DfsC - ok
23:10:07.0776 3628 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
23:10:07.0776 3628 disk - ok
23:10:07.0838 3628 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
23:10:07.0838 3628 drmkaud - ok
23:10:07.0870 3628 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
23:10:07.0885 3628 DXGKrnl - ok
23:10:07.0916 3628 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
23:10:07.0916 3628 E1G60 - ok
23:10:07.0963 3628 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
23:10:07.0963 3628 Ecache - ok
23:10:07.0994 3628 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
23:10:07.0994 3628 elxstor - ok
23:10:08.0026 3628 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
23:10:08.0041 3628 ErrDev - ok
23:10:08.0104 3628 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
23:10:08.0104 3628 exfat - ok
23:10:08.0135 3628 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
23:10:08.0150 3628 fastfat - ok
23:10:08.0166 3628 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
23:10:08.0166 3628 fdc - ok
23:10:08.0213 3628 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
23:10:08.0213 3628 FileInfo - ok
23:10:08.0244 3628 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
23:10:08.0244 3628 Filetrace - ok
23:10:08.0260 3628 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:10:08.0260 3628 flpydisk - ok
23:10:08.0306 3628 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
23:10:08.0306 3628 FltMgr - ok
23:10:08.0369 3628 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
23:10:08.0369 3628 Fs_Rec - ok
23:10:08.0400 3628 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
23:10:08.0400 3628 gagp30kx - ok
23:10:08.0431 3628 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:10:08.0431 3628 GEARAspiWDM - ok
23:10:08.0494 3628 grmnusb (38f92e8510b8faec9bbb9e31724236dc) C:\Windows\system32\drivers\grmnusb.sys
23:10:08.0494 3628 grmnusb - ok
23:10:08.0540 3628 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
23:10:08.0556 3628 HdAudAddService - ok
23:10:08.0603 3628 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:10:08.0634 3628 HDAudBus - ok
23:10:08.0665 3628 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
23:10:08.0665 3628 HidBth - ok
23:10:08.0696 3628 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
23:10:08.0696 3628 HidIr - ok
23:10:08.0728 3628 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
23:10:08.0728 3628 HidUsb - ok
23:10:08.0774 3628 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
23:10:08.0790 3628 HpCISSs - ok
23:10:08.0868 3628 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
23:10:08.0884 3628 HTTP - ok
23:10:08.0946 3628 hxctlflt (4b7423fcc37664954460ac3e71752b62) C:\Windows\system32\Drivers\hxctlflt.sys
23:10:08.0946 3628 hxctlflt - ok
23:10:09.0008 3628 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
23:10:09.0008 3628 i2omp - ok
23:10:09.0071 3628 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
23:10:09.0071 3628 i8042prt - ok
23:10:09.0149 3628 iaStor (5979854e6fda990107e3170327022117) C:\Windows\system32\drivers\iastor.sys
23:10:09.0164 3628 iaStor - ok
23:10:09.0180 3628 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
23:10:09.0196 3628 iaStorV - ok
23:10:09.0414 3628 igfx (0bf3c74edf8056617de75054a4825767) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:10:09.0586 3628 igfx - ok
23:10:09.0617 3628 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
23:10:09.0632 3628 iirsp - ok
23:10:09.0695 3628 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
23:10:09.0726 3628 IntcAzAudAddService - ok
23:10:09.0757 3628 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
23:10:09.0757 3628 intelide - ok
23:10:09.0773 3628 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
23:10:09.0773 3628 intelppm - ok
23:10:09.0820 3628 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:10:09.0820 3628 IpFilterDriver - ok
23:10:09.0835 3628 IpInIp - ok
23:10:09.0851 3628 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
23:10:09.0866 3628 IPMIDRV - ok
23:10:09.0882 3628 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
23:10:09.0882 3628 IPNAT - ok
23:10:09.0898 3628 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
23:10:09.0898 3628 IRENUM - ok
23:10:09.0929 3628 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
23:10:09.0929 3628 isapnp - ok
23:10:09.0960 3628 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
23:10:09.0960 3628 iScsiPrt - ok
23:10:09.0976 3628 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
23:10:09.0976 3628 iteatapi - ok
23:10:10.0007 3628 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
23:10:10.0007 3628 iteraid - ok
23:10:10.0022 3628 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
23:10:10.0038 3628 kbdclass - ok
23:10:10.0054 3628 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
23:10:10.0054 3628 kbdhid - ok
23:10:10.0100 3628 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
23:10:10.0116 3628 KSecDD - ok
23:10:10.0132 3628 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
23:10:10.0132 3628 ksthunk - ok
23:10:10.0178 3628 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
23:10:10.0178 3628 lltdio - ok
23:10:10.0225 3628 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
23:10:10.0225 3628 LSI_FC - ok
23:10:10.0241 3628 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
23:10:10.0256 3628 LSI_SAS - ok
23:10:10.0272 3628 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
23:10:10.0272 3628 LSI_SCSI - ok
23:10:10.0288 3628 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
23:10:10.0303 3628 luafv - ok
23:10:10.0334 3628 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
23:10:10.0334 3628 megasas - ok
23:10:10.0787 3628 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
23:10:10.0802 3628 MegaSR - ok
23:10:10.0834 3628 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
23:10:10.0834 3628 Modem - ok
23:10:10.0865 3628 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
23:10:10.0865 3628 monitor - ok
23:10:10.0880 3628 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
23:10:10.0880 3628 mouclass - ok
23:10:10.0896 3628 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
23:10:10.0896 3628 mouhid - ok
23:10:10.0912 3628 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
23:10:10.0912 3628 MountMgr - ok
23:10:10.0927 3628 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
23:10:10.0927 3628 mpio - ok
23:10:10.0943 3628 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
23:10:10.0943 3628 mpsdrv - ok
23:10:10.0958 3628 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
23:10:10.0958 3628 Mraid35x - ok
23:10:11.0021 3628 MRV6X64P (bb56a50c1b9b352b3fc52a0e2931572a) C:\Windows\system32\DRIVERS\MRVW13C.sys
23:10:11.0021 3628 MRV6X64P - ok
23:10:11.0052 3628 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
23:10:11.0052 3628 MRxDAV - ok
23:10:11.0114 3628 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:10:11.0114 3628 mrxsmb - ok
23:10:11.0177 3628 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:10:11.0177 3628 mrxsmb10 - ok
23:10:11.0192 3628 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:10:11.0192 3628 mrxsmb20 - ok
23:10:11.0208 3628 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
23:10:11.0208 3628 msahci - ok
23:10:11.0239 3628 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
23:10:11.0239 3628 msdsm - ok
23:10:11.0270 3628 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
23:10:11.0270 3628 Msfs - ok
23:10:11.0286 3628 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
23:10:11.0286 3628 msisadrv - ok
23:10:11.0317 3628 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
23:10:11.0317 3628 MSKSSRV - ok
23:10:11.0348 3628 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
23:10:11.0348 3628 MSPCLOCK - ok
23:10:11.0380 3628 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
23:10:11.0380 3628 MSPQM - ok
23:10:11.0411 3628 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
23:10:11.0411 3628 MsRPC - ok
23:10:11.0442 3628 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
23:10:11.0442 3628 mssmbios - ok
23:10:11.0458 3628 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
23:10:11.0458 3628 MSTEE - ok
23:10:11.0473 3628 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
23:10:11.0473 3628 Mup - ok
23:10:11.0520 3628 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
23:10:11.0520 3628 NativeWifiP - ok
23:10:11.0567 3628 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
23:10:11.0582 3628 NDIS - ok
23:10:11.0614 3628 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
23:10:11.0614 3628 NdisTapi - ok
23:10:11.0629 3628 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
23:10:11.0629 3628 Ndisuio - ok
23:10:11.0660 3628 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
23:10:11.0676 3628 NdisWan - ok
23:10:11.0692 3628 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
23:10:11.0692 3628 NDProxy - ok
23:10:11.0723 3628 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
23:10:11.0723 3628 NetBIOS - ok
23:10:11.0754 3628 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
23:10:11.0754 3628 netbt - ok
23:10:11.0801 3628 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
23:10:11.0801 3628 nfrd960 - ok
23:10:11.0832 3628 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
23:10:11.0832 3628 Npfs - ok
23:10:11.0863 3628 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
23:10:11.0863 3628 nsiproxy - ok
23:10:11.0957 3628 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
23:10:11.0988 3628 Ntfs - ok
23:10:12.0035 3628 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
23:10:12.0035 3628 Null - ok
23:10:12.0316 3628 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:10:12.0550 3628 nvlddmkm - ok
23:10:12.0581 3628 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
23:10:12.0581 3628 nvraid - ok
23:10:12.0612 3628 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
23:10:12.0612 3628 nvstor - ok
23:10:12.0628 3628 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
23:10:12.0628 3628 nv_agp - ok
23:10:12.0643 3628 NwlnkFlt - ok
23:10:12.0643 3628 NwlnkFwd - ok
23:10:12.0690 3628 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
23:10:12.0690 3628 ohci1394 - ok
23:10:12.0721 3628 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
23:10:12.0721 3628 Parport - ok
23:10:12.0768 3628 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
23:10:12.0768 3628 partmgr - ok
23:10:12.0862 3628 PCD5SRVC{8AAF211B-043E02A9-05040000} (b906e5ed01f291bcfb9ffb6af453f53e) C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms
23:10:12.0877 3628 PCD5SRVC{8AAF211B-043E02A9-05040000} - ok
23:10:12.0908 3628 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
23:10:12.0908 3628 pci - ok
23:10:12.0924 3628 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
23:10:12.0924 3628 pciide - ok
23:10:12.0955 3628 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
23:10:12.0971 3628 pcmcia - ok
23:10:13.0002 3628 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
23:10:13.0018 3628 PEAUTH - ok
23:10:13.0080 3628 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
23:10:13.0080 3628 PptpMiniport - ok
23:10:13.0096 3628 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
23:10:13.0096 3628 Processor - ok
23:10:13.0142 3628 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
23:10:13.0142 3628 Ps2 - ok
23:10:13.0189 3628 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
23:10:13.0189 3628 PSched - ok
23:10:13.0220 3628 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
23:10:13.0252 3628 ql2300 - ok
23:10:13.0267 3628 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
23:10:13.0267 3628 ql40xx - ok
23:10:13.0298 3628 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
23:10:13.0298 3628 QWAVEdrv - ok
23:10:13.0314 3628 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
23:10:13.0314 3628 RasAcd - ok
23:10:13.0345 3628 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:10:13.0345 3628 Rasl2tp - ok
23:10:13.0376 3628 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
23:10:13.0376 3628 RasPppoe - ok
23:10:13.0392 3628 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
23:10:13.0408 3628 RasSstp - ok
23:10:13.0439 3628 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
23:10:13.0439 3628 rdbss - ok
23:10:13.0454 3628 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:10:13.0454 3628 RDPCDD - ok
23:10:13.0486 3628 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
23:10:13.0501 3628 rdpdr - ok
23:10:13.0501 3628 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
23:10:13.0501 3628 RDPENCDD - ok
23:10:13.0532 3628 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
23:10:13.0532 3628 RDPWD - ok
23:10:13.0595 3628 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
23:10:13.0595 3628 rspndr - ok
23:10:13.0626 3628 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
23:10:13.0642 3628 RTL8169 - ok
23:10:13.0657 3628 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
23:10:13.0657 3628 sbp2port - ok
23:10:13.0688 3628 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:10:13.0688 3628 secdrv - ok
23:10:13.0720 3628 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
23:10:13.0720 3628 Serenum - ok
23:10:13.0735 3628 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
23:10:13.0735 3628 Serial - ok
23:10:13.0766 3628 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
23:10:13.0766 3628 sermouse - ok
23:10:13.0798 3628 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
23:10:13.0798 3628 sffdisk - ok
23:10:13.0813 3628 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
23:10:13.0813 3628 sffp_mmc - ok
23:10:13.0829 3628 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
23:10:13.0829 3628 sffp_sd - ok
23:10:13.0844 3628 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
23:10:13.0844 3628 sfloppy - ok
23:10:13.0891 3628 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
23:10:13.0891 3628 SiSRaid2 - ok
23:10:13.0907 3628 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
23:10:13.0907 3628 SiSRaid4 - ok
23:10:13.0938 3628 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
23:10:13.0938 3628 Smb - ok
23:10:14.0063 3628 SNP2UVC (ba2e864cdc01731a4f144019fb3bf598) C:\Windows\system32\DRIVERS\snp2uvc.sys
23:10:14.0156 3628 SNP2UVC - ok
23:10:14.0188 3628 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
23:10:14.0188 3628 spldr - ok
23:10:14.0234 3628 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
23:10:14.0250 3628 srv - ok
23:10:14.0312 3628 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
23:10:14.0312 3628 srv2 - ok
23:10:14.0359 3628 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
23:10:14.0359 3628 srvnet - ok
23:10:14.0422 3628 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
23:10:14.0422 3628 swenum - ok
23:10:14.0453 3628 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
23:10:14.0453 3628 Symc8xx - ok
23:10:14.0484 3628 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
23:10:14.0484 3628 Sym_hi - ok
23:10:14.0515 3628 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
23:10:14.0515 3628 Sym_u3 - ok
23:10:14.0593 3628 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
23:10:14.0640 3628 Tcpip - ok
23:10:14.0702 3628 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
23:10:14.0718 3628 Tcpip6 - ok
23:10:14.0780 3628 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
23:10:14.0780 3628 tcpipreg - ok
23:10:14.0827 3628 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
23:10:14.0827 3628 TDPIPE - ok
23:10:14.0858 3628 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
23:10:14.0858 3628 TDTCP - ok
23:10:14.0890 3628 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
23:10:14.0890 3628 tdx - ok
23:10:14.0905 3628 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
23:10:14.0905 3628 TermDD - ok
23:10:14.0952 3628 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:10:14.0952 3628 tssecsrv - ok
23:10:14.0983 3628 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
23:10:14.0983 3628 tunmp - ok
23:10:15.0014 3628 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
23:10:15.0014 3628 tunnel - ok
23:10:15.0046 3628 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
23:10:15.0046 3628 uagp35 - ok
23:10:15.0108 3628 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
23:10:15.0124 3628 udfs - ok
23:10:15.0155 3628 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
23:10:15.0155 3628 uliagpkx - ok
23:10:15.0202 3628 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
23:10:15.0202 3628 uliahci - ok
23:10:15.0233 3628 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
23:10:15.0233 3628 UlSata - ok
23:10:15.0280 3628 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
23:10:15.0280 3628 ulsata2 - ok
23:10:15.0295 3628 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
23:10:15.0295 3628 umbus - ok
23:10:15.0342 3628 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
23:10:15.0342 3628 usbaudio - ok
23:10:15.0389 3628 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
23:10:15.0389 3628 usbccgp - ok
23:10:15.0404 3628 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
23:10:15.0420 3628 usbcir - ok
23:10:15.0436 3628 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
23:10:15.0436 3628 usbehci - ok
23:10:15.0467 3628 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
23:10:15.0467 3628 usbhub - ok
23:10:15.0482 3628 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
23:10:15.0498 3628 usbohci - ok
23:10:15.0514 3628 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
23:10:15.0514 3628 usbprint - ok
23:10:15.0545 3628 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:10:15.0545 3628 USBSTOR - ok
23:10:15.0560 3628 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
23:10:15.0560 3628 usbuhci - ok
23:10:15.0654 3628 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
23:10:15.0654 3628 usbvideo - ok
23:10:15.0716 3628 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
23:10:15.0716 3628 vga - ok
23:10:15.0748 3628 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
23:10:15.0748 3628 VgaSave - ok
23:10:15.0763 3628 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
23:10:15.0763 3628 viaide - ok
23:10:15.0841 3628 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
23:10:15.0841 3628 volmgr - ok
23:10:15.0888 3628 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
23:10:15.0888 3628 volmgrx - ok
23:10:15.0919 3628 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
23:10:15.0919 3628 volsnap - ok
23:10:15.0950 3628 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
23:10:15.0950 3628 vsmraid - ok
23:10:15.0997 3628 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
23:10:15.0997 3628 WacomPen - ok
23:10:16.0028 3628 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:10:16.0028 3628 Wanarp - ok
23:10:16.0044 3628 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:10:16.0044 3628 Wanarpv6 - ok
23:10:16.0075 3628 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
23:10:16.0075 3628 Wd - ok
23:10:16.0106 3628 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
23:10:16.0153 3628 Wdf01000 - ok
23:10:16.0247 3628 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
23:10:16.0247 3628 WmiAcpi - ok
23:10:16.0309 3628 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
23:10:16.0309 3628 WpdUsb - ok
23:10:16.0325 3628 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
23:10:16.0325 3628 ws2ifsl - ok
23:10:16.0387 3628 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:10:16.0387 3628 WUDFRd - ok
23:10:16.0465 3628 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
23:10:16.0465 3628 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
23:10:16.0512 3628 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
23:10:16.0855 3628 \Device\Harddisk0\DR0 - ok
23:10:16.0855 3628 Boot (0x1200) (701dce433592b76a888d8f4670992610) \Device\Harddisk0\DR0\Partition0
23:10:16.0855 3628 \Device\Harddisk0\DR0\Partition0 - ok
23:10:16.0871 3628 Boot (0x1200) (ab3f95a00daa928afb7e2cdf83918cc0) \Device\Harddisk0\DR0\Partition1
23:10:16.0871 3628 \Device\Harddisk0\DR0\Partition1 - ok
23:10:16.0871 3628 ============================================================
23:10:16.0871 3628 Scan finished
23:10:16.0871 3628 ============================================================
23:10:16.0886 4016 Detected object count: 0
23:10:16.0886 4016 Actual detected object count: 0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 AM

Posted 01 February 2012 - 07:52 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Tim R.

Tim R.
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 01 February 2012 - 10:29 PM

I ran aswMBR, and it looks like I've got a few hits. The log is below.

------------------

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-01 22:00:39
-----------------------------
22:00:39.366 OS Version: Windows x64 6.0.6002 Service Pack 2
22:00:39.366 Number of processors: 2 586 0xF0D
22:00:39.367 ComputerName: TIM-DESKTOP UserName: Tim
22:00:40.763 Initialize success
22:01:35.504 AVAST engine defs: 12020101
22:02:07.715 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:02:07.721 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 8
22:02:07.738 Disk 0 MBR read successfully
22:02:07.742 Disk 0 MBR scan
22:02:07.747 Disk 0 unknown MBR code
22:02:07.752 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 463782 MB offset 63
22:02:07.790 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13154 MB offset 949827060
22:02:07.810 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 976768065
22:02:07.817 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
22:02:07.823 Service scanning
22:02:08.994 Modules scanning
22:02:08.999 Disk 0 trace - called modules:
22:02:09.005 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
22:02:09.010 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ae0230]
22:02:09.016 3 CLASSPNP.SYS[fffffa60011d1c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048dc050]
22:02:10.299 AVAST engine scan C:\Windows
22:02:13.515 AVAST engine scan C:\Windows\system32
22:05:21.974 AVAST engine scan C:\Windows\system32\drivers
22:05:33.924 AVAST engine scan C:\Users\Tim
22:10:34.924 AVAST engine scan C:\ProgramData
22:10:35.124 File: C:\ProgramData\123.exe **INFECTED** Win32:FakeAV-CVM [Trj]
22:13:05.344 Scan finished successfully




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users