Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Admin and many system tools folders empty after virus removal


  • This topic is locked This topic is locked
31 replies to this topic

#1 spgreenfield

spgreenfield

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:05:19 AM

Posted 22 April 2012 - 01:28 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic450946.html ~ OB

Ok Orangeblossom, here are the txt files I've managed to pull from what I've done plus what you told me to do. Please tell me which ones you want from the past and I'll post them.

Step 7 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Steve at 10:20:53 on 2012-04-22
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\klwtblfs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Steve\My Documents\Downloads\Virus protection\dds.scr
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky pure 2.0\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: : {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky pure 2.0\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: N/A: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Akamai NetSession Interface] "c:\documents and settings\steve\local settings\application data\akamai\netsession_win.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DiskeeperSystray] "c:\program files\executive software\diskeeper\DkIcon.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HPLJ Config] c:\program files\hewlett-packard\hp laserjet 1150_1300\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1150 PCL 5e" -n 0 -l 1033 -sl 120000
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WTClient] WTClient.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure 2.0\avp.exe"
mRun: [HFALoader] c:\program files\hamster soft\free zip archiver\HamsterArc.exe -loader
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [dplaysvr] %APPDATA%\dplaysvr.exe
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky pure 2.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure 2.0\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure 2.0\klwtbbho.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://dcode.support.microsoft.com/dcode/ActiveX/MSDcode.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219951150390
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} - hxxps://techinline.net/Client/TIClient.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: DhcpNameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{DC950267-F211-4A21-8498-68F85FFCCEB4} : DhcpNameServer = 24.220.0.10 24.220.0.11
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? Ambfilt;Ambfilt
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? PTSimHid;PenTablet Simulated HID MiniDriver
R? regdefend;Fingrd32
R? WMZuneComm;Zune Windows Mobile Connectivity Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? Akamai;Akamai NetSession Interface
S? AVP;Kaspersky Anti-Virus Service
S? CSCrySec;InfoWatch Encrypt Sector Library driver
S? CSObjectsSrv;CryptoStorage control service
S? CSVirtualDiskDrv;InfoWatch Virtual Disk driver
S? IntuitUpdateServiceV4;Intuit Update Service v4
S? KL1;KL1
S? kl2;kl2
S? KLIF;Kaspersky Lab Driver
S? klim5;Kaspersky Anti-Virus NDIS Filter
S? klmouflt;Kaspersky Lab KLMOUFLT
S? PTSimBus;PenTablet Bus Enumerator
S? UMVPFSrv;UMVPFSrv
.
=============== Created Last 30 ================
.
2012-04-21 23:35:47 -------- d-----w- c:\program files\CCleaner
2012-04-21 19:41:09 -------- d-----w- c:\windows\system32\xircom
2012-04-21 19:41:09 -------- d-----w- c:\windows\system32\wbem\snmp
2012-04-21 19:41:09 -------- d-----w- c:\windows\srchasst
2012-04-21 19:41:08 -------- d-----w- c:\program files\msn gaming zone
2012-04-21 19:03:26 -------- d-sha-r- C:\cmdcons
2012-04-21 18:37:18 98816 ----a-w- c:\windows\sed.exe
2012-04-21 18:37:18 518144 ----a-w- c:\windows\SWREG.exe
2012-04-21 18:37:18 256000 ----a-w- c:\windows\PEV.exe
2012-04-21 18:37:18 208896 ----a-w- c:\windows\MBR.exe
2012-04-21 14:44:46 -------- d-----w- c:\program files\Hamster Soft
2012-04-21 14:44:46 -------- d-----w- c:\documents and settings\steve\application data\HamsterSoft
2012-04-20 13:28:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-20 13:28:36 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-20 13:28:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-20 03:52:14 -------- d-----r- C:\Backup
2012-04-20 03:41:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-19 23:30:41 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-04-19 23:30:41 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-04-19 23:29:07 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-04-19 23:28:59 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-04-19 23:24:10 -------- d-----w- c:\program files\common files\InfoWatch
2012-04-19 23:23:41 -------- d-----w- c:\program files\Kaspersky Lab
2012-04-19 23:23:41 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2012-04-19 22:21:28 -------- d-----w- c:\documents and settings\all users\application data\Symantec
2012-04-17 07:25:51 1409 ----a-w- c:\windows\QTFont.for
2012-04-16 21:56:08 58880 ----a-w- c:\windows\system32\spoolsv.exe
2012-04-14 19:28:24 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 18:31:33 359016 ----a-w- c:\windows\vncutil.exe
2012-04-14 18:31:32 65128 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-04-14 18:31:32 129640 ----a-w- c:\windows\RtkAudioService.exe
2012-04-14 18:31:32 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-04-14 18:31:28 21736 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-04-14 18:31:28 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2012-04-14 18:31:27 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
.
==================== Find3M ====================
.
2012-04-21 14:56:58 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-14 19:28:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-27 22:03:36 6100072 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-03-14 18:40:46 20065896 ----a-w- c:\windows\RTHDCPL.EXE
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10:21:55.32 ===============


Step 8 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-22 13:11:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDP725025GLA380 rev.GM2OA5BA
Running: gmer.exe; Driver: C:\DOCUME~1\Steve\LOCALS~1\Temp\kwtcrfog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA849FBD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xA84A04D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xA84BA486]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xA84A0A42]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xA84A0930]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xA84BA79E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xA84A0C72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xA84A0E3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xA849F992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xA84A0B5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA84BBAB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xA84A0202]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xA84BA866]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xA84A1158]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xA84B4A38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xA84B6242]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xA84A0512]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xA84A2158]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA84B5A3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA84B63EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xA84A124A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xA84B5574]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xA84B57D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xA84BBAD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xA84B8CA2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xA84A0AD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xA84A09BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xA849FE10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xA84A159A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xA84A0BEC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xA849FD04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwPlugPlayControl [0xA84BBAC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xA84B486C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA84B604C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xA84B8E98]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xA84A1ADC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xA84B5E3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xA84A13EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xA84B4B4C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xA84B51C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xA84BA9E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA84BA92E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xA84BAA4C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xA84B53C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xA84A1FFA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xA84B4CF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xA84B4E88]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xA84B5024]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xA84BA60E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xA84A0372]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xA84A1004]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xA84A1C2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xA84B5BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xA84A1D20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xA84A1E5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xA84A107A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xA849FFAE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xA849FF06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xA84A1994]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xA84A0098]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP A8491B8C \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP A8491F68 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [9E, A7, 4B, A8, 72, 0C, 4A, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 16 Bytes [92, F9, 49, A8, 5A, 0B, 4A, ...] {XCHG EDX, EAX; STC ; DEC ECX; TEST AL, 0x5a; OR ECX, [EDX-0x58]; MOV AL, 0xba; DEC EBX; TEST AL, 0x2; ADD CL, [EDX-0x58]}
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [4A, 12, 4A, A8, 74, 55, 4B, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2EB4 80504750 4 Bytes [EA, 13, 4A, A8]
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes [4C, 4B, 4B, A8, C0, 51, 4B, ...]
.text ...
? C:\DOCUME~1\Steve\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[392] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[392] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6B7A17E3 C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[392] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[392] USER32.dll!AlignRects 7E412A78 4 Bytes [4D, 27, 7A, 6B] {DEC EBP; DAA ; JP 0x6f}
.text C:\Program Files\internet explorer\iexplore.exe[444] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[444] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[444] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[444] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[444] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[444] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[444] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[444] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[444] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
? C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2432] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6B7A17E3 C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2432] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2432] USER32.dll!AlignRects 7E412A78 4 Bytes [4D, 27, 7A, 6B] {DEC EBP; DAA ; JP 0x6f}
.text C:\WINDOWS\system32\SearchIndexer.exe[3792] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5528] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5528] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5528] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5528] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5528] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5528] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5528] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5528] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5528] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5528] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5528] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5528] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5952] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5952] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5952] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5952] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5952] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5952] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5952] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5952] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5952] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5952] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5952] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5952] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5952] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5952] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----




That's it!

Pam

Attached Files


Edited by Orange Blossom, 22 April 2012 - 05:19 PM.


BC AdBot (Login to Remove)

 


#2 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:05:19 AM

Posted 22 April 2012 - 05:37 PM

Um, so I wasn't aware of the "don't touch" after doing log files. I cleaned out (using Revo) some old programs that were unused....I will do nothing more except allow Kasminsky to do its thing from time to time....

Pam

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 28 April 2012 - 01:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/451024 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:05:19 AM

Posted 28 April 2012 - 04:09 PM

I still need help. Currently, I cannot gain access to the computer, (because my husband is using it.....) but will perform all requested new scans hopefully tomorrow or latest by Monday. In as much of a nutshell I can make it, my Administrative tools folder under control panel is empty except for IE that's in there for some odd reason. Also many of the folders under "Accessories" are empty - folders are there but no longer the link to the programs. Even though notepad wasn't there I was able to do a search and find it since I knew what the name was of the silly thing. I currently have 2 machines running XP sp3 so I double check on the 'other' machine what's missing....even though one is running home and the bad one is running 32 bit XP pro. I did attempt to specify what I had done prior to screaming help from you guys - and attached a screen shot of all the txt files that were generated. I will gladly post any that you want, but didn't want to clutter up with ones you didn't need or care about. It's running [OK] right now, but I would like to clean it out even more and can't set a restore point without tools to do such. Also - there's a quarantined virus that Kaminsky keeps alerting me about being on the machine, but it's in another program, so Kaminsky "sees" it as being on the machine. Also, right AS things were going downhill we couldn't print from this machine and it was because the print spooler program was missing. I just copied the one from the Home XP machine and prayed it would work. Worked! Not sure if that is relevant, but it was something that I did - long before any of the scans.

Original Post: Our Dell Vostro Tower (about 5-6 years old) XP Pro has been running very strange - hanging on reboot, hanging on startup - printer spooler file missing, loading pages painfully slow....a variety of things began to go wrong. WAS running Symantec Corporate - first thing I found 3 days ago was a window that I THOUGHT was Norton scan results - only it wasn't - it was the look-alike that led me to an external site to fix what the scan had found. This is not MY normal computer but my husband's for home use. He of course was in the middle of doing taxes with many downloads and uploads of files and state specific return software. As soon as I saw what was an external site touting their ability to rid my system of whatever threat was found I cancelled it. But by then the damage must have been done. At least a dozen windows opened all along the bottom of the screen with symantec ! in them. I was planning on doing a cleanout AFTER tax season, but had to face it then. Began with doing a Malwarebytes scan in safe with networking, then found a great review on Kasminsky so bought that and replaced Symantec, also used TDSSKiller and HyjackThis as well - while scanning with Kasminsky over and over to clean out all the threats (on my little netbook) But now that I want to clean out just junk, I want to set a restore point in case I delete something I shouldn't....but when I go to programs, there's NO accessories folder at all. If I try to go at it from control panel, administrative tools is totally empty. All folders are set to show hidden files, and I even set them to show system files as well. If this is as far as I can get this old bird, I'll be ok - but the nerd in me that's been fueling me these last 3 days wants to solve this issue! Maybe I just won't find them - maybe the viruses did their dirty work and made it impossible to find them.

Edited by spgreenfield, 28 April 2012 - 04:28 PM.


#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:19 AM

Posted 28 April 2012 - 06:16 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please run Unhide and see if that finds your folders.

Please download Unhide

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.


Then run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#6 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:05:19 AM

Posted 28 April 2012 - 11:28 PM

I'm confused. Do you not want me to run the first set of instructions first? Or just do what's been recently instructed?


Pam

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:19 AM

Posted 29 April 2012 - 04:54 AM

Just my last instructions :)
Posted Image
m0le is a proud member of UNITE

#8 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:05:19 AM

Posted 29 April 2012 - 01:31 PM

OK, so I ran unhide and nothing is back in the way of empty accessories folders.

Also ran aswMBR and here's the text file:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-21 14:59:29
-----------------------------
14:59:29.140 OS Version: Windows 5.1.2600 Service Pack 3
14:59:29.140 Number of processors: 2 586 0x1706
14:59:29.140 ComputerName: GREENFIELDDELL UserName: Steve
14:59:38.875 Initialize success
15:01:04.312 AVAST engine defs: 12042101
15:01:18.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:01:18.671 Disk 0 Vendor: Hitachi_HDP725025GLA380 GM2OA5BA Size: 238418MB BusType: 3
15:01:18.687 Disk 0 MBR read successfully
15:01:18.687 Disk 0 MBR scan
15:01:18.734 Disk 0 Windows XP default MBR code
15:01:18.734 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
15:01:18.765 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
15:01:18.781 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228122 MB offset 21084160
15:01:18.781 Disk 0 scanning sectors +488278016
15:01:18.859 Disk 0 scanning C:\WINDOWS\system32\drivers
15:01:29.937 Service scanning
15:01:42.359 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
15:01:42.390 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
15:01:42.609 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
15:01:42.671 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
15:01:51.125 Service Tablet2k C:\WINDOWS\"%SystemRoot%\System32\Drivers\Tablet2k.sys" **LOCKED** 123
15:01:57.390 Modules scanning
15:02:05.609 Disk 0 trace - called modules:
15:02:05.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:02:05.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5e9ab8]
15:02:05.625 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8a5d6f18]
15:02:05.625 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5ebd98]
15:02:06.406 AVAST engine scan C:\WINDOWS
15:02:25.671 AVAST engine scan C:\WINDOWS\system32
15:05:33.687 AVAST engine scan C:\WINDOWS\system32\drivers
15:06:04.390 AVAST engine scan C:\Documents and Settings\Steve
15:21:24.468 AVAST engine scan C:\Documents and Settings\All Users
15:29:52.562 Scan finished successfully
15:40:49.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steve\Desktop\MBR.dat"
15:40:49.015 The log file has been saved successfully to "C:\Documents and Settings\Steve\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-29 12:39:35
-----------------------------
12:39:35.156 OS Version: Windows 5.1.2600 Service Pack 3
12:39:35.156 Number of processors: 2 586 0x1706
12:39:35.156 ComputerName: GREENFIELDDELL UserName: Steve
12:39:38.359 Initialize success
12:40:04.421 AVAST engine defs: 12042900
12:40:10.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:40:10.078 Disk 0 Vendor: Hitachi_HDP725025GLA380 GM2OA5BA Size: 238418MB BusType: 3
12:40:10.249 Disk 0 MBR read successfully
12:40:10.249 Disk 0 MBR scan
12:40:10.312 Disk 0 Windows XP default MBR code
12:40:10.312 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
12:40:10.328 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
12:40:10.343 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228122 MB offset 21084160
12:40:10.374 Disk 0 scanning sectors +488278016
12:40:10.578 Disk 0 scanning C:\WINDOWS\system32\drivers
12:40:27.765 Service scanning
12:40:53.874 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
12:40:54.515 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
12:40:54.859 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
12:40:54.906 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
12:41:09.265 Service Tablet2k C:\WINDOWS\"%SystemRoot%\System32\Drivers\Tablet2k.sys" **LOCKED** 123
12:41:33.515 Modules scanning
12:42:02.156 Disk 0 trace - called modules:
12:42:02.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
12:42:02.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a57bab8]
12:42:02.218 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8a5d2258]
12:42:02.218 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5e4d98]
12:42:04.640 AVAST engine scan C:\WINDOWS
12:42:39.328 AVAST engine scan C:\WINDOWS\system32
12:51:11.765 AVAST engine scan C:\WINDOWS\system32\drivers
12:51:30.562 AVAST engine scan C:\Documents and Settings\Steve
13:03:11.531 AVAST engine scan C:\Documents and Settings\All Users
13:09:42.843 Scan finished successfully
13:28:40.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steve\Desktop\MBR.dat"
13:28:40.234 The log file has been saved successfully to "C:\Documents and Settings\Steve\Desktop\aswMBR.txt"


(guess I ran it before....)

Awaiting further instructions.

Pam

Edited by spgreenfield, 29 April 2012 - 01:56 PM.


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:19 AM

Posted 29 April 2012 - 05:30 PM

The aswMBR shows no issues so we'll run another scan so I can take a better look

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Posted Image
m0le is a proud member of UNITE

#10 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:05:19 AM

Posted 29 April 2012 - 07:52 PM

Responding from another computer....with unhide and aswMBR scan I disabled Kaminsky - it was having fits over downloading and updating of the defs - but just now I resumed protection and it's running slow as mud. Ok if I do a restart to clear things out that might be messed up at the moment? It hasn't been this slow since I was totally infected! Plus if this new scan is deeper, running this slow will mean it will run all night!

#11 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:05:19 AM

Posted 29 April 2012 - 07:59 PM

Clock seems to be running just fine, but the my documents window is frozen with the desktop on the right side and blank white on the left....I am running Carbonite and am trying to pause any backups that are taking place as well..... Just tried to quit out of my docs and got the "not responding" window so I said quit....now desktop is attempting to refresh but going v-e-r-y s-l-o-w-l-y......

#12 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:05:19 AM

Posted 29 April 2012 - 08:01 PM

OK it refreshed and I tried to open my docs again and it's running ok. Should I still restart or just forge ahead and hope for the best?

#13 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:05:19 AM

Posted 29 April 2012 - 08:08 PM

After giving it a few minutes to finish whatever must have been running, it's now responding at lightning speeds...so going ahead with scan and crossing fingers! Must have been the resuming virus protection and the steps that need to take place there that caused the slow down....

#14 spgreenfield

spgreenfield
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Dakota
  • Local time:05:19 AM

Posted 29 April 2012 - 08:49 PM

OTL>>>>>>>>>>>>>>

OTL logfile created on: 4/29/2012 8:09:08 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Steve\My Documents\Downloads\Virus protection
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.84% Memory free
3.83 Gb Paging File | 2.32 Gb Available in Paging File | 60.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 81.28 Gb Free Space | 36.49% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.30 Gb Free Space | 63.03% Space Free | Partition Type: NTFS

Computer Name: GREENFIELDDELL | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/29 19:43:43 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\My Documents\Downloads\Virus protection\OTL.exe
PRC - [2011/12/24 12:24:36 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2011/12/24 12:20:44 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\klwtblfs.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/22 05:39:44 | 002,995,568 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
PRC - [2011/08/22 05:39:42 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
PRC - [2011/08/22 05:39:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
PRC - [2011/08/22 05:39:28 | 001,686,384 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
PRC - [2011/04/01 00:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/23 00:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/03 21:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/03/03 21:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/03/02 00:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/02 00:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/11/11 15:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2010/10/27 21:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/08/23 22:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/06/01 06:46:26 | 000,073,728 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009/11/19 13:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/10/30 05:19:22 | 000,032,768 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\WTClient.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/22 09:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2005/07/26 18:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/21 18:30:28 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
MOD - [2012/04/21 17:41:13 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/04/21 17:41:11 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/04/21 17:41:11 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/04/21 17:41:03 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/04/21 17:41:03 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/04/21 17:41:01 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/04/21 17:41:00 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/04/21 17:41:00 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
MOD - [2012/04/21 17:40:58 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/04/21 17:40:55 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/04/21 17:40:49 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2012/04/21 17:40:42 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/04/21 17:40:41 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
MOD - [2012/04/21 17:40:29 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2012/04/21 17:37:18 | 013,196,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\67b05b57919dfc3a1521f33198495f5b\System.Windows.Forms.ni.dll
MOD - [2012/04/21 17:37:00 | 001,665,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9ac7922025e72297069a82a403cb59fa\System.Drawing.ni.dll
MOD - [2012/02/19 04:30:13 | 013,325,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\a275181f49dcdf245ec6a9d9287bb6c6\System.Data.Entity.ni.dll
MOD - [2012/02/19 04:28:48 | 001,859,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ce22f267e17c7749c6a0dd2aa3403484\System.Web.Services.ni.dll
MOD - [2012/02/19 04:27:49 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\01e360ed3a3cb2b0a3c47c7f3eb09e58\System.Runtime.Remoting.ni.dll
MOD - [2012/02/19 04:27:47 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
MOD - [2012/02/19 04:27:46 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
MOD - [2012/02/19 04:27:44 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9db486997d651f0646a089ff6cfb605e\System.Runtime.Serialization.ni.dll
MOD - [2012/02/19 04:27:41 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a6f500c40e3fa7da71110af6c0a60ac\System.Xml.Linq.ni.dll
MOD - [2012/02/19 04:23:55 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
MOD - [2012/02/19 04:23:45 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\09ee8d91e80e00991226aec062aa1e92\System.Security.ni.dll
MOD - [2012/02/19 04:23:40 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/02/19 04:23:32 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/02/19 04:23:14 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/02/19 04:23:04 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2012/02/19 04:22:55 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\d038332bf07a163f855200919ee678cc\System.Numerics.ni.dll
MOD - [2012/02/19 04:22:52 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2012/02/15 04:14:30 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011/12/24 12:22:20 | 007,422,352 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2011/12/24 12:22:20 | 000,795,024 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2011/12/24 12:22:16 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2011/12/24 12:22:16 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2011/12/24 12:22:14 | 002,453,904 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2011/12/24 12:22:12 | 002,126,224 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2011/12/24 12:21:10 | 000,459,152 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2011/10/12 03:32:18 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
MOD - [2011/10/12 03:25:47 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
MOD - [2011/03/30 19:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/03/23 00:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/03/02 00:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/02 00:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/02 00:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/02 00:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/02 00:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/03/02 00:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/01/18 20:05:03 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/01/18 20:05:02 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/01/18 20:05:02 | 000,214,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient.XmlSerializers\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.QuickBaseClient.XmlSerializers.dll
MOD - [2011/01/18 20:05:01 | 000,122,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Metrix.dll
MOD - [2011/01/18 20:05:01 | 000,079,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Core\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.dll
MOD - [2011/01/18 20:05:01 | 000,049,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.QuickBaseClient.dll
MOD - [2011/01/18 20:04:59 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/01/18 20:04:59 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/01/18 20:04:58 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/01/18 20:04:58 | 000,206,184 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll
MOD - [2011/01/18 20:04:58 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/01/18 20:04:58 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/01/18 20:04:57 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/01/18 20:04:57 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/01/18 20:04:57 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/01/18 20:04:57 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/09/28 06:00:56 | 000,217,088 | ---- | M] () -- C:\WINDOWS\system32\WinTab32.dll
MOD - [2010/07/15 04:06:31 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
MOD - [2010/07/14 12:01:34 | 002,879,488 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
MOD - [2010/07/14 12:01:33 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2010/05/13 10:03:42 | 000,232,960 | ---- | M] () -- C:\WINDOWS\system32\MyDrawLineWindowDll.dll
MOD - [2010/02/05 19:28:02 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/02/05 19:28:02 | 000,174,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.SQLite.Linq\2.0.38.0__db937bc2d44ff139\System.Data.SQLite.Linq.dll
MOD - [2010/02/05 19:28:01 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/02/05 19:28:01 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/02/05 19:28:00 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/02/05 19:28:00 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/02/05 19:28:00 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/02/05 19:28:00 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/02/05 19:28:00 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/02/05 19:27:59 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/02/05 19:27:59 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/11/19 13:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2009/11/19 13:26:12 | 002,174,976 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2009/11/19 13:18:16 | 000,708,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2009/11/19 13:14:38 | 006,443,008 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2009/11/19 13:14:38 | 000,356,352 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2009/11/19 13:14:38 | 000,188,416 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2009/11/19 13:14:36 | 001,581,056 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2009/01/31 16:04:37 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2006/12/22 09:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfhid.dll -- (sonypvs1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mindrepair.dll -- (se26nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\exfat.dll -- (rtl8185)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USBDongle.dll -- (regdefend)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Si3132.dll -- (nmservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w810mgmt.dll -- (lsdiorw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlartl_n.dll -- (hsxhwazl)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PDExchange.dll -- (cdfsvc)
SRV - [2012/04/14 14:28:25 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/12/24 12:24:36 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/22 05:39:42 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/04/01 00:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/03 21:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2010/11/11 15:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 15:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 15:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 15:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/08/23 22:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/01 06:46:26 | 000,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\WINDOWS\system32\drivers\WTSrv.exe -- (WinTabService)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/11/19 13:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/22 09:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2005/07/26 18:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Tablet2k.sys -- (Tablet2k)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Steve\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Steve\LOCALS~1\Temp\kwtcrfog.sys -- (kwtcrfog)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Steve\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Steve\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/03/27 17:03:36 | 006,100,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/10/20 11:48:00 | 000,135,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2011/10/20 11:48:00 | 000,013,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/09/12 16:18:04 | 000,583,472 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/04/01 00:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2011/04/01 00:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/03/10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/12/14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\CSCrySec.sys -- (CSCrySec)
DRV - [2009/12/14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/10/07 03:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/06/22 04:58:48 | 000,019,624 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2009/06/22 04:58:38 | 000,023,208 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2009/06/22 04:58:24 | 000,014,504 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2009/06/22 04:58:08 | 000,023,208 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2006/11/02 09:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..\SearchScopes\{0BAB192D-E7DB-4301-9F06-0ED0C6E757DA}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..\SearchScopes\{1C0A9CC9-3106-4C46-AA79-95D5B1AE473C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..\SearchScopes\{62B5DB5E-7ECF-4F16-9CFA-A8F370A944DF}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80314&lng=en
IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..\SearchScopes\{CA08CCE6-BA41-4B09-9654-1A0CE1236101}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2012/04/19 23:05:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2012/04/19 23:05:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2012/04/19 23:05:17 | 000,000,000 | ---D | M]

[2011/03/16 11:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\rix2fpyj.default\extensions
[2008/10/04 16:23:43 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\rix2fpyj.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/16 11:50:56 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\rix2fpyj.default\extensions\toolbar@shopathome.com

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.1.288_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.1.288_0\
CHR - Extension: Poppit = C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Anti-Banner = C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.1.288_0\

O1 HOSTS File: ([2012/04/21 14:35:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe (Executive Software International, Inc.)
O4 - HKLM..\Run: [HFALoader] C:\Program Files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe (Hamster Soft)
O4 - HKLM..\Run: [HPLJ Config] c:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1150 PCL 5e" -n 0 -l 1033 -sl 120000 File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [WTClient] C:\WINDOWS\System32\WTClient.exe (Tablet Driver)
O4 - HKU\.DEFAULT..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe File not found
O4 - HKU\S-1-5-18..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe File not found
O4 - HKU\S-1-5-21-1482476501-515967899-1801674531-1005..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Steve\Local Settings\Application Data\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-1482476501-515967899-1801674531-1005..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://dcode.support.microsoft.com/dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219951150390 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} https://techinline.net/Client/TIClient.cab (ClientPlugin Object)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {DB28CF23-0083-40B5-BF63-69925D672385} http://www.nero.com/doc/NeroVersionChecker.cab (CNeroSerialChecker Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC950267-F211-4A21-8498-68F85FFCCEB4}: DhcpNameServer = 24.220.0.10 24.220.0.11
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - (C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll) - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/28 13:47:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/21 19:28:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/21 18:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/04/21 18:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/04/21 16:17:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/21 15:48:29 | 004,470,025 | R--- | C] (Swearware) -- C:\Documents and Settings\Steve\Desktop\ComboFix.exe
[2012/04/21 14:41:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/04/21 14:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/04/21 14:41:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/04/21 14:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2012/04/21 14:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2012/04/21 14:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/04/21 14:03:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/21 13:37:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/21 13:37:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/21 13:37:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/21 13:37:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/21 13:37:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/21 09:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hamster Soft
[2012/04/21 09:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\HamsterSoft
[2012/04/21 09:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Hamster Soft
[2012/04/21 01:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\hp LaserJet 1150,1300
[2012/04/20 11:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\New Folder (5)
[2012/04/20 11:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\New Folder (4)
[2012/04/20 11:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\New Folder (3)
[2012/04/20 11:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\New Folder (2)
[2012/04/20 08:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/20 08:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/20 08:28:36 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/20 08:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/20 07:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky PURE 2.0
[2012/04/19 22:52:14 | 000,000,000 | R--D | C] -- C:\Backup
[2012/04/19 22:41:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/19 18:29:07 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2012/04/19 18:28:59 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2012/04/19 18:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch
[2012/04/19 18:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/04/19 18:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2012/04/19 18:22:54 | 000,583,472 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/04/19 17:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2012/04/19 11:02:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Steve\Recent
[2012/04/18 13:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2012/04/17 02:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/04/16 22:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/14 14:28:24 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/14 14:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/04/14 14:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/04/14 13:31:33 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012/04/14 13:31:32 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012/04/14 13:31:32 | 000,065,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstIIXP.dll
[2012/04/14 13:31:32 | 000,011,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoLDRXP.dll
[2012/04/14 13:31:28 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2012/04/14 13:31:27 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012/04/14 11:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/14 11:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/29 20:14:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/29 20:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/04/29 19:34:59 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/29 17:14:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/29 13:28:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\MBR.dat
[2012/04/28 19:47:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/25 17:57:49 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2011.lnk
[2012/04/25 08:39:28 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Microsoft Office Outlook 2007.lnk
[2012/04/22 14:51:13 | 000,173,056 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/22 13:20:09 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/04/21 18:35:47 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/04/21 18:20:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/21 18:19:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/04/21 18:16:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/21 17:41:36 | 000,497,464 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/21 17:41:36 | 000,084,382 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/21 14:35:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/21 14:03:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/21 11:14:50 | 004,470,025 | R--- | M] (Swearware) -- C:\Documents and Settings\Steve\Desktop\ComboFix.exe
[2012/04/21 09:57:29 | 003,592,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/21 09:45:05 | 000,000,035 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\installLang.ini
[2012/04/21 09:44:49 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Hamster Lite Archiver.lnk
[2012/04/21 01:42:14 | 000,109,767 | ---- | M] () -- C:\WINDOWS\hplj1300.his
[2012/04/21 01:42:14 | 000,008,422 | ---- | M] () -- C:\WINDOWS\hplj1300.ini
[2012/04/20 10:04:58 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/04/20 08:28:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 22:53:46 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\WebpageIcons.db
[2012/04/19 22:43:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/19 22:27:39 | 000,001,356 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Resume TDSSKiller download.lnk
[2012/04/19 18:30:41 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/04/19 18:30:41 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/04/17 02:25:51 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/04/17 02:25:51 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/04/15 11:45:29 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/04/14 14:28:24 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/14 14:28:23 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/14 12:16:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/04/13 18:15:32 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/31 22:54:14 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/21 18:35:47 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/04/21 15:40:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\MBR.dat
[2012/04/21 14:03:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/21 14:03:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/21 13:37:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/21 13:37:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/21 13:37:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/21 13:37:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/21 13:37:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/21 09:44:49 | 000,001,806 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Hamster Lite Archiver.lnk
[2012/04/21 09:44:49 | 000,000,035 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\installLang.ini
[2012/04/21 01:48:08 | 000,002,515 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/04/21 01:48:08 | 000,002,513 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/04/21 01:48:08 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/04/21 01:48:08 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/21 01:48:08 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/04/21 01:48:08 | 000,001,153 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\JustZIPit.lnk
[2012/04/21 01:48:08 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/04/21 01:48:08 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/21 01:48:08 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/04/21 01:48:08 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/04/21 01:40:44 | 000,307,858 | ---- | C] () -- C:\WINDOWS\hplj1300.hi1
[2012/04/21 01:40:44 | 000,019,180 | ---- | C] () -- C:\WINDOWS\hplj1300.bu1
[2012/04/20 08:28:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 22:53:38 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\WebpageIcons.db
[2012/04/19 22:27:39 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Resume TDSSKiller download.lnk
[2012/04/19 18:30:41 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/04/19 18:30:41 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/04/17 02:25:51 | 000,054,156 | ---- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/04/17 02:25:51 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/04/14 14:28:28 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/14 13:31:28 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/04/14 11:15:49 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/19 09:53:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2012/03/18 19:32:49 | 004,577,049 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1482476501-515967899-1801674531-1005-0.dat
[2012/03/18 19:32:33 | 000,338,910 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/18 15:40:36 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/14 20:00:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/03 14:28:31 | 000,003,828 | ---- | C] () -- C:\WINDOWS\Tablet8000x6000.ini
[2011/09/03 14:19:15 | 000,780,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/21 16:33:48 | 000,001,402 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2011/04/01 00:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 00:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 00:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/03/23 00:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2010/10/28 22:05:38 | 000,038,444 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\Comma Separated Values (Windows).ADR
[2010/10/08 22:31:49 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/08 22:31:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/08 22:31:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/10/08 22:31:48 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/08 22:31:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/10/08 22:31:48 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/08 22:31:48 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/08 22:31:48 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/08 22:31:48 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/08 22:31:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/08 22:31:48 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/08 22:31:48 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/08 22:31:48 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/08 22:31:48 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/08 22:31:48 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/08 22:31:48 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/09/28 06:00:56 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\WinTab32.dll
[2010/08/04 23:30:58 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/08/04 23:12:11 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\$_hpcst$.hpc
[2010/07/15 17:01:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2010/07/08 07:03:30 | 000,335,872 | ---- | C] () -- C:\WINDOWS\SetupX32.EXE
[2010/05/13 10:03:42 | 000,232,960 | ---- | C] () -- C:\WINDOWS\System32\MyDrawLineWindowDll.dll

< End of report >


Extras>>>>>>>>>>>>>>>>>>

OTL Extras logfile created on: 4/29/2012 8:09:08 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Steve\My Documents\Downloads\Virus protection
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.84% Memory free
3.83 Gb Paging File | 2.32 Gb Available in Paging File | 60.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 81.28 Gb Free Space | 36.49% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.30 Gb Free Space | 63.03% Space Free | Partition Type: NTFS

Computer Name: GREENFIELDDELL | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe" = C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe:*:Enabled:IreIke
"C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe" = C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe" = C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe" = C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe:*:Enabled:hp Device Status and Alerts -- (Hewlett-Packard)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- (ooVoo LLC)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Documents and Settings\Steve\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Steve\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:netsession_win
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D0C8FEA-F9E6-4272-8465-58903F1946D0}" = TurboTax 2011 wnyiper
"{1EB321CB-3D1D-4cf2-ACB5-9F20874B8E69}" = HP Officejet Pro All-In-One Series
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 26
"{2C045D2C-667D-4494-9684-E4B071C2C7FF}" = TurboTax 2010 wohiper
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{37CA4B50-EAA2-012B-AD81-000000000000}" = TurboTax 2009 widiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B8186F0-EAA2-012B-AE69-000000000000}" = TurboTax 2009 wnyiper
"{3BAC6780-EAA2-012B-AE74-000000000000}" = TurboTax 2009 wohiper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CF31850-EAA2-012B-AEC5-000000000000}" = TurboTax 2009 wutiper
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini
"{5104B07C-6A3D-4E7E-8BBB-960B52554BDD}" = BPD_HPSU
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DD128DA-26D3-45C9-9008-C9577B5B20D1}" = RIP Vinyl
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{6142632E-6119-4117-AF54-A5366ACEC899}" = TurboTax 2011 wutiper
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65C0F43C-5F3B-4AB5-BFC9-ABA1C8F4AA7D}" = TurboTax 2011 wohiper
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B64C9D6-EEBA-4712-8477-69D6C55ADD6F}" = L7700
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{76EF79CA-A6A8-41C4-AE49-E49BA075FA51}" = Diskeeper Professional Edition
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83E222CC-223F-BE8C-0C77-0CEBDC2F9B57}" = Acrobat.com
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8868D822-2CBA-46B2-A286-B400B6185769}" = 7500_7600_7700_Help
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOK_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOK_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOK_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOK_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOK_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOK_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AE29CC62-C835-40FD-99C6-292F90D58DF8}" = TurboTax 2010 widiper
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BFCA7375-81A2-44F8-BFC1-0DC5A3D23405}" = TurboTax 2010 wutiper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C82F54A0-FB7A-4A5D-BCA2-9992EB7ED122}" = TurboTax 2011 widiper
"{C894CC24-0DEC-4340-BCC9-DD4310DF3BEC}_is1" = Able2Extract Professional 7.0
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEB9AEF7-3ADA-40a9-9C98-546D54FE9CBD}" = ProductContext
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Carbonite Backup" = Carbonite
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ERI's Relocation Assessor" = ERI's Relocation Assessor
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Google Chrome" = Google Chrome
"Hamster Lite Archiver_is1" = Hamster Lite Archiver 2.0.1.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ie8" = Windows Internet Explorer 8
"InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OUTLOOK" = Microsoft Office Outlook 2007
"Pf1800lc_3d4d1e7469145e230b6f1f02e521cadf1bed999e" = Windows Driver Package - PIE Image 10/22/2002 1.1.1
"Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
"Revo Uninstaller" = Revo Uninstaller 1.93
"Seminar-in-a-Box" = Seminar-in-a-Box
"SyTools Open Office Writer Recovery - DEMO Version 2.0_is1" = SyTools Open Office Writer Recovery
"TabletDriver" = Tablet Driver V5.02
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1482476501-515967899-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/21/2012 2:34:38 AM | Computer Name = GREENFIELDDELL | Source = Diskeeper | ID = 6
Description = Diskeeper Control Center - ERROR Diskeeper was not able to initialize
RPC.

Error - 4/21/2012 2:55:38 AM | Computer Name = GREENFIELDDELL | Source = Diskeeper | ID = 6
Description = Diskeeper Control Center - ERROR No valid endpoint could be found.

Error - 4/21/2012 2:55:38 AM | Computer Name = GREENFIELDDELL | Source = Diskeeper | ID = 6
Description = Diskeeper Control Center - ERROR Diskeeper was not able to initialize
RPC.

Error - 4/21/2012 4:29:24 AM | Computer Name = GREENFIELDDELL | Source = Diskeeper | ID = 6
Description = Diskeeper Control Center - ERROR No valid endpoint could be found.

Error - 4/21/2012 4:29:24 AM | Computer Name = GREENFIELDDELL | Source = Diskeeper | ID = 6
Description = Diskeeper Control Center - ERROR Diskeeper was not able to initialize
RPC.

Error - 4/21/2012 6:02:47 AM | Computer Name = GREENFIELDDELL | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 4/21/2012 10:33:30 AM | Computer Name = GREENFIELDDELL | Source = Diskeeper | ID = 6
Description = Diskeeper Control Center - ERROR No valid endpoint could be found.

Error - 4/21/2012 10:33:30 AM | Computer Name = GREENFIELDDELL | Source = Diskeeper | ID = 6
Description = Diskeeper Control Center - ERROR Diskeeper was not able to initialize
RPC.

Error - 4/21/2012 7:21:33 PM | Computer Name = GREENFIELDDELL | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 4/22/2012 10:13:32 AM | Computer Name = GREENFIELDDELL | Source = MsiInstaller | ID = 11720
Description = Product: Microsoft Fix it 50195 -- Error 1720. There is a problem
with this Windows Installer package. A script required for this install to complete
could not be run. Contact your support personnel or package vendor. Custom action
RUN_32_IERESET script error -2147024770, : Line 4, Column 27,

[ OSession Events ]
Error - 8/27/2010 10:50:19 AM | Computer Name = GREENFIELDDELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/2/2011 6:18:22 PM | Computer Name = GREENFIELDDELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 606723
seconds with 21780 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/21/2012 3:43:42 PM | Computer Name = GREENFIELDDELL | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 4/29/2012 1:27:34 PM | Computer Name = GREENFIELDDELL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/29/2012 1:27:34 PM | Computer Name = GREENFIELDDELL | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 4/29/2012 1:32:51 PM | Computer Name = GREENFIELDDELL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/29/2012 1:40:10 PM | Computer Name = GREENFIELDDELL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/29/2012 1:41:47 PM | Computer Name = GREENFIELDDELL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/29/2012 8:46:14 PM | Computer Name = GREENFIELDDELL | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.

Error - 4/29/2012 8:49:32 PM | Computer Name = GREENFIELDDELL | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.

Error - 4/29/2012 8:58:54 PM | Computer Name = GREENFIELDDELL | Source = Service Control Manager | ID = 7031
Description = The CarboniteService service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/29/2012 8:59:54 PM | Computer Name = GREENFIELDDELL | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the CarboniteService service,
but this action failed with the following error: %%1056


< End of report >

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:19 AM

Posted 30 April 2012 - 07:28 PM

Let's clear up using OTL

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Tablet2k.sys -- (Tablet2k)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Steve\LOCALS~1\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Steve\LOCALS~1\Temp\kwtcrfog.sys -- (kwtcrfog)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
    IE - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1:9421;
    FF - user.js - File not found
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-1482476501-515967899-1801674531-1005\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe File not found
    O4 - HKU\S-1-5-18..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe File not found
    O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    
    :commands
    [EmptyTemp]
    [Reboot]
    
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users