Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus


  • Please log in to reply
9 replies to this topic

#1 omar_010

omar_010

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:04:04 PM

Posted 12 May 2012 - 09:11 PM

My computer seems to have a variation of a redirect virus. It appears to affect every search engine I try. Every time I try to go to a desire link on the search I do I get redirected to a totally irrelevant link. I try looking for a solution to this problem on my own and found a website with the Combofix software and a list of instructions to run it. After I ran the software a log was created. Attached is the log from Combofix.

Thanks
Omar

Attached Files


Edited by hamluis, 13 May 2012 - 05:42 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:04 PM

Posted 13 May 2012 - 10:42 AM

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.




Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

unite_blue.png

Please post the final results, good or bad. We like to know!


#3 omar_010

omar_010
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:04:04 PM

Posted 15 May 2012 - 01:24 AM

I was able tu run the OTL software. I followed all the steps and instructions to run OTL.
After the quick scan, these two text files were produced:


OTL text file


OTL logfile created on: 5/14/2012 6:36:49 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 49.56% Memory free
7.49 Gb Paging File | 5.60 Gb Available in Paging File | 74.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.99 Gb Total Space | 244.70 Gb Free Space | 86.47% Space Free | Partition Type: NTFS
Drive D: | 204.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/14 18:34:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/05/18 09:25:46 | 022,631,608 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011/01/05 21:23:36 | 001,657,080 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2010/09/17 12:21:00 | 000,301,648 | ---- | M] (CA) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2010/08/24 12:07:34 | 000,740,160 | ---- | M] (CA) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2010/08/10 05:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/08/10 05:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/06/28 19:23:18 | 000,258,304 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


========== Modules (No Company Name) ==========

MOD - [2011/01/05 21:23:38 | 000,038,136 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2011/01/05 21:23:34 | 000,046,328 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2010/12/23 21:19:48 | 000,193,400 | ---- | M] () -- C:\Windows\flicker.dll
MOD - [2010/06/28 19:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
MOD - [2009/05/20 02:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/15 19:42:03 | 000,293,704 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2011/05/10 09:27:40 | 000,359,248 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV:64bit: - [2011/05/10 09:27:40 | 000,285,520 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV:64bit: - [2011/01/05 19:23:58 | 000,867,712 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/11/12 13:19:52 | 000,301,568 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/28 20:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/08/04 11:42:24 | 001,479,160 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/12 04:23:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/09/17 12:21:00 | 000,301,648 | ---- | M] (CA) [Auto | Running] -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2010/08/24 12:07:34 | 000,740,160 | ---- | M] (CA) [Auto | Running] -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 18:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/13 03:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsnmea.sys -- (zghsnmea)
DRV:64bit: - [2011/01/13 03:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsmdm.sys -- (zghsmdm)
DRV:64bit: - [2011/01/13 03:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsdiag.sys -- (zghsdiag)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/17 12:21:04 | 000,143,952 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2010/06/17 05:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/06/09 06:54:42 | 000,337,744 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2010/05/15 09:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/05/11 06:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/28 20:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/28 19:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/22 13:58:42 | 000,108,024 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2010/01/26 23:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/12/22 06:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/10 07:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/23 05:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 20:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 20:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2207244670-2941489629-1680097653-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE - HKU\S-1-5-21-2207244670-2941489629-1680097653-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2207244670-2941489629-1680097653-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/12/20 20:25:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/20 20:25:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/12/20 20:25:06 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-21-2207244670-2941489629-1680097653-1000..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = D:\Common\EpsonReg\EpsonReg.exe (Leader Technologies/Epson)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2207244670-2941489629-1680097653-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2207244670-2941489629-1680097653-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2207244670-2941489629-1680097653-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D176483E-F89E-425A-9BDE-FBE8522727E0}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\Windows\SysWow64\UmxWNP.dll (CA)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/28 11:20:45 | 000,000,041 | RH-- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/14 18:34:04 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/05/14 16:59:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/12 20:31:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/12 20:31:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/12 20:29:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/12 20:28:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/12 20:19:05 | 004,490,121 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/05/12 08:21:50 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/05/12 07:03:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/12 05:40:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/12 05:33:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/12 04:23:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/05/12 04:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/05/12 02:53:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{981A85AC-CFE4-4E6D-A755-50206A00F7FD}
[2012/05/12 02:53:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C8554BA4-2F6C-44C0-838C-293F9DBC2962}
[2012/05/11 11:33:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D17FA834-A6AF-4133-ACA1-0BC8E3B79AF0}
[2012/05/11 11:33:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E536561F-53E6-4A98-B886-A0BE51752F11}
[2012/05/11 10:54:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5AFD9C54-EC30-4E35-AB02-5200181592B3}
[2012/05/11 10:54:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0A3D7BD0-2F8F-4C5E-891A-AC4246A508AE}
[2012/05/10 03:50:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{25AED268-9841-47B5-B9E3-13A08720FA3D}
[2012/05/10 03:50:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C4EECA59-97B3-47D5-8E01-70A2667FE3F4}
[2012/05/09 21:37:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5D727345-A492-4965-B872-530E115E2106}
[2012/05/09 21:37:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{37FB20A8-AC81-4EF6-815D-88DB2B2BF4EC}
[2012/05/08 20:10:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{03D08DF6-B7B8-4C19-B941-572A76A9FE4B}
[2012/05/08 20:10:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8C2086F0-561D-4A2D-9384-8D24096EDACD}
[2012/05/08 18:05:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7673B154-E7E0-427A-BD9A-07CA179CB473}
[2012/05/08 18:05:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1DD2CBD9-FA55-41E6-9FAB-9C0311864F9E}
[2012/05/08 10:22:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5DC923C9-561F-4E92-8B96-FF9C37FBD1EB}
[2012/05/08 10:21:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4FF08A10-34F8-4A54-B813-AEF3BF69B59B}
[2012/05/07 17:47:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AD567B4F-A776-4B78-AC22-F85060B74700}
[2012/05/07 17:47:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0B414842-3C13-42A1-98AA-EE9396688340}
[2012/05/05 20:58:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B962C788-5377-4040-BD15-396A6434311A}
[2012/05/05 20:58:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F3C7DF13-0A68-422E-B626-D0F6EA249755}
[2012/05/03 03:07:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F94BDB86-4429-498A-92C7-EECB7CE33320}
[2012/05/03 03:07:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7DAF45A2-CC70-48F9-BA5E-69E249D86C11}
[2012/05/03 02:18:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{560F5CF5-E148-4BD6-9269-60BB315840FC}
[2012/05/03 02:18:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7D4EDC0D-4937-462B-816E-1CDA7199ECB9}
[2012/05/03 00:57:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{97B3053D-AB2E-4917-8958-4C0715F899B7}
[2012/05/03 00:57:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B93315F4-6B55-450D-A9B7-F7382738DB05}
[2012/04/29 02:08:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{58765B20-A9E1-44CE-B57C-03F8B16F6233}
[2012/04/29 02:08:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F07A6446-0F8D-482F-B478-06BA40392CA1}
[2012/04/25 19:03:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F2768193-1213-479E-BD83-387C3AA52036}
[2012/04/25 19:02:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B22BB339-87A4-4B11-B772-972481193C4C}
[2012/04/25 13:23:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F384A5FF-1139-4BFE-B37D-6158329FC5DB}
[2012/04/25 13:23:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{642765E7-A7D3-4FDA-BD91-B1EB8EC205C2}
[2012/04/24 23:52:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E10F1790-BAF3-4547-B74F-33C33756AE31}
[2012/04/24 23:52:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9E302DF1-0EB6-44CC-94EF-BD0A765F8CF3}
[2012/04/24 22:34:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8410554D-1621-43D0-916E-328A2F63B610}
[2012/04/23 18:40:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{BA517361-C443-470A-AAA4-C31013BB9B50}
[2012/04/21 19:37:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5B77FE6C-9CE6-4F99-AD3A-5C547E85C60A}
[2012/04/18 12:57:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{603BF7AF-B46E-4EEA-805A-A9305970D3AF}

========== Files - Modified Within 30 Days ==========

[2012/05/14 18:34:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/05/14 18:10:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/14 17:55:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 17:06:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 17:06:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 16:59:38 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 16:58:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/14 16:58:49 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/13 05:31:25 | 000,003,979 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0
[2012/05/13 05:31:25 | 000,000,213 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1
[2012/05/13 05:31:25 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7
[2012/05/13 05:31:25 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6
[2012/05/13 05:31:25 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5
[2012/05/13 05:31:25 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4
[2012/05/13 05:31:25 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3
[2012/05/13 05:31:25 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2
[2012/05/13 05:31:25 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7
[2012/05/13 05:31:25 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6
[2012/05/13 05:31:25 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5
[2012/05/13 05:31:25 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4
[2012/05/13 05:31:25 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3
[2012/05/13 05:31:25 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2
[2012/05/13 05:31:25 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1
[2012/05/13 05:31:25 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0
[2012/05/12 20:19:06 | 004,490,121 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/05/10 12:52:24 | 000,743,352 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/10 12:52:24 | 000,636,630 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/10 12:52:24 | 000,110,746 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/10 03:24:42 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/05/10 03:12:12 | 000,000,848 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2012/05/10 03:11:43 | 000,000,079 | ---- | M] () -- C:\Windows\ENX625.ini
[2012/05/10 03:10:32 | 000,000,185 | ---- | M] () -- C:\Users\Public\Desktop\Epson CreativeZone.url
[2012/05/10 03:08:25 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Epson Stylus NX620_625 Guide.lnk

========== Files Created - No Company Name ==========

[2012/05/12 20:31:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/12 20:31:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/12 20:31:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/12 20:31:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/12 20:31:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/12 04:23:08 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/10 03:12:12 | 000,000,848 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2012/05/10 03:10:32 | 000,000,185 | ---- | C] () -- C:\Users\Public\Desktop\Epson CreativeZone.url
[2012/05/10 03:08:25 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Epson Stylus NX620_625 Guide.lnk
[2012/05/08 21:46:38 | 000,000,079 | ---- | C] () -- C:\Windows\ENX625.ini
[2011/12/19 15:21:21 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~6gX2DnIgBPlWO4r
[2011/12/19 15:21:20 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~6gX2DnIgBPlWO4
[2011/12/19 15:21:12 | 000,000,336 | -H-- | C] () -- C:\ProgramData\6gX2DnIgBPlWO4
[2011/09/15 10:11:03 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/09/13 01:07:08 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/09/13 01:07:08 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/09/13 01:07:08 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/09/13 01:07:08 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/09/13 01:07:08 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/09/13 01:07:08 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/09/13 01:07:08 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/09/13 01:07:08 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/09/13 01:07:08 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/09/13 01:07:08 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/09/13 01:07:08 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/09/13 01:07:08 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/09/13 01:07:08 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/09/13 01:07:08 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/09/13 01:07:08 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/09/13 01:07:08 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/09/13 01:04:15 | 000,000,088 | ---- | C] () -- C:\Windows\ENX420.ini
[2011/03/09 18:29:09 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/03/09 18:29:09 | 000,193,400 | ---- | C] () -- C:\Windows\flicker.dll
[2011/03/09 18:29:09 | 000,066,424 | ---- | C] () -- C:\Windows\setpwlin.exe
[2011/03/09 18:29:09 | 000,059,992 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2011/03/09 18:29:09 | 000,000,673 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2011/03/09 18:29:09 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2011/03/09 18:22:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/22 07:50:34 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/12/20 15:41:28 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\AVG
[2011/12/20 16:20:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG2012
[2012/05/10 03:52:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson
[2011/09/13 01:58:16 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Leader Technologies
[2011/09/13 01:32:28 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2011/12/15 21:58:51 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details
[2011/12/20 20:29:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2011/12/20 20:35:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SNS
[2011/10/08 10:07:00 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >


Extras text file


OTL Extras logfile created on: 5/14/2012 6:36:49 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 49.56% Memory free
7.49 Gb Paging File | 5.60 Gb Available in Paging File | 74.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.99 Gb Total Space | 244.70 Gb Free Space | 86.47% Space Free | Partition Type: NTFS
Drive D: | 204.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D5F9F77-6564-4B09-A7E5-4591CC169A5B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{22F4592D-920D-4456-AB0F-E3136FDBFA77}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{49CDBB9F-7C01-4F5C-983A-2037B74E5A75}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA6BB0B-FE19-46C6-B078-42BE9BC99ABD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{3E50EC2C-914D-45A9-AFA4-C92BB0442B36}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4361B2DB-7B2F-4203-B091-C2A56B5A13E0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{449AA713-EC00-433F-B258-1E1DC14B3553}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{4769FADB-23BB-46B0-85BC-D2AC85A92097}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9AFF5015-49FA-40BA-8506-A53A05FAC7C4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DA9EF334-01FD-4E53-A1EA-819371BDDED3}" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"{DCEFA88C-9F50-4F08-BAA1-74A2333A863D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DD9E7E04-CC01-47D0-97F4-67ED70245147}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{E15F5F60-70AF-4654-9405-38EC9F7C8835}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F66FD9C5-564B-4196-BEB9-4A9F2B0589BB}" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"{FE26CF70-B9B2-497D-A8BE-373F5E75A197}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{08C5AA18-C927-46A8-B1EB-3AFEE6FCF68C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{245BFB35-E005-4348-AFF3-69E60191892C}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{86E30285-FB90-476A-88A0-5BDBDD7C9CA0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{DC76C3DA-7DC5-4179-86A2-AF0B59E60F7D}C:\windows\system32\spool\drivers\x64\3\e_gupa30.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\e_gupa30.exe |
"UDP Query User{6A0D8EFB-8451-43AE-A2D6-235C6128C589}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{6D5A9A3B-BB4E-47DE-8914-69117F137E59}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{BAA38727-7FC6-47FC-B47E-D9D230272745}C:\windows\system32\spool\drivers\x64\3\e_gupa30.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\e_gupa30.exe |
"UDP Query User{E1A52A81-A63D-4E3E-B6BD-16B8F7DA2B06}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{244FBE3B-3814-4999-A24D-672149DC822B}" = AMRT
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{3B20226B-63ED-B863-B224-FE40401B21CA}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB06ECB-38F0-68CD-B215-94D50914C0F8}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall
"EPSON NX620 Series" = EPSON NX620 Series Printer Uninstall
"eTrust Suite Personal" = CA Anti-Virus Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01868E82-DA4F-BFF8-45CF-9B1CAE8810D9}" = Catalyst Control Center Core Implementation
"{01CC7DB7-909B-E630-A44A-8118036CAF3C}" = CCC Help Korean
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07367450-E3E6-B4A1-E19C-A07429026680}" = CCC Help Swedish
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C42AA63-B354-56AF-69CA-FA73285368BE}" = CCC Help German
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FFDACFC-898C-FC99-0140-AE2FC18B710E}" = Catalyst Control Center Graphics Full New
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{268E2A87-470B-118B-B3AD-6F2615B86623}" = CCC Help Greek
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3601754A-C72B-E4B3-CE39-78CCD0B58DC9}" = CCC Help Russian
"{3A69B28B-6E44-E512-C395-EEDCB5BCB485}" = CCC Help Danish
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BA616F8-F969-4DE7-0C85-35BE954DDB8A}" = CCC Help Hungarian
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3EED6569-D845-F8D1-9648-84729711590E}" = CCC Help Italian
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A41156A-0669-F7B5-B24C-5E25C69F1E68}" = CCC Help Turkish
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63ADFC07-D92A-670C-3826-BB0C9CC41D8A}" = CCC Help Polish
"{6488561D-83C8-6987-6163-744E60680139}" = CCC Help Japanese
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CA5A5F-7541-5216-6433-DE69E4245116}" = Catalyst Control Center Graphics Light
"{69F214C9-507D-7EB5-FF08-926CFD0D5EC6}" = Catalyst Control Center Localization All
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{762CB899-DF14-EB84-78F5-888C83AA7DC3}" = Catalyst Control Center Graphics Previews Common
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{7B7044AE-6D1F-456D-B2BA-28BFFFAF3F71}" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83E4C065-91B9-20DD-74DA-90A71242CE18}" = CCC Help Norwegian
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEAE107-B186-4EA8-5F84-3AAA3158FEB1}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{975B24AC-8CB7-B4E1-E666-37964657576E}" = CCC Help Chinese Traditional
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{a0aa3cd4-5659-4d37-9c7d-2fc699c395d6}" = Nero 9 Essentials
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A45B7A40-694C-BAB8-EE69-4240ADFEA1FF}" = CCC Help Finnish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI
"{AD768FF7-E329-886C-D88E-585F26BB8738}" = CCC Help Dutch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B8F5BACE-194E-0203-023E-2FFEF68EE290}" = CCC Help English
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C1A0A3F9-C302-4A18-A2E0-71C927D24652}" = Epson Easy Photo Print 2
"{C450D07C-3914-5481-A068-29975DA5C596}" = CCC Help French
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9165CF3-A14D-A281-B62E-37312AA9E63D}" = CCC Help Spanish
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E16961-E6FA-4689-AD09-3DB7E5770167}" = Catalyst Control Center InstallProxy
"{D6B1E149-790E-3B60-07F9-07A40ECAFBA0}" = Catalyst Control Center Graphics Full Existing
"{DBF91CC3-41F6-0D99-3D2D-686C59865652}" = ccc-core-static
"{DD49AC0F-E08A-F77D-AB38-2EE9CD5D8F0B}" = CCC Help Thai
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DECEFADB-0486-6252-C312-49DDAC71DF33}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F7425F93-2071-A946-008A-6ACA60B43FB2}" = CCC Help Czech
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"EEPPPlugIn" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"LManager" = Launch Manager
"LTCM Client" = LTCM Client
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2207244670-2941489629-1680097653-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/7/2012 2:24:01 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: UpdaterService.exe, version: 1.0.0.8, time
stamp: 0x4b614046 Faulting module name: UpdaterService.exe, version: 1.0.0.8, time
stamp: 0x4b614046 Exception code: 0xc0000417 Fault offset: 0x000124a0 Faulting process
id: 0x7dc Faulting application start time: 0x01cd14735bb30f5a Faulting application
path: C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe Faulting module
path: C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe Report Id: d8b1f19a-80de-11e1-915a-1c7508e1c51a

Error - 4/8/2012 2:14:27 AM | Computer Name = Owner-PC | Source = UmxAgent | ID = 99
Description =

Error - 4/12/2012 3:17:41 PM | Computer Name = Owner-PC | Source = UmxAgent | ID = 99
Description =

Error - 4/12/2012 4:44:16 PM | Computer Name = Owner-PC | Source = UmxAgent | ID = 99
Description =

Error - 4/12/2012 7:23:31 PM | Computer Name = Owner-PC | Source = UmxAgent | ID = 99
Description =

Error - 4/18/2012 12:59:24 PM | Computer Name = Owner-PC | Source = UmxAgent | ID = 99
Description =

Error - 4/21/2012 7:37:50 PM | Computer Name = Owner-PC | Source = UmxAgent | ID = 99
Description =

Error - 4/23/2012 6:41:08 PM | Computer Name = Owner-PC | Source = UmxAgent | ID = 99
Description =

Error - 4/24/2012 10:34:53 PM | Computer Name = Owner-PC | Source = UmxAgent | ID = 99
Description =

Error - 4/24/2012 11:53:23 PM | Computer Name = Owner-PC | Source = UmxAgent | ID = 99
Description =

[ System Events ]
Error - 5/11/2012 11:26:23 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The PEAUTH service failed to start due to the following error: %%5

Error - 5/11/2012 11:28:20 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness service terminated with the following
error: %%5

Error - 5/11/2012 11:28:24 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = The Program Compatibility Assistant Service service terminated with
the following error: %%5

Error - 5/11/2012 11:28:25 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The SeaPort service failed to start due to the following error: %%87

Error - 5/11/2012 11:30:26 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Security Driver service failed to start due to the following error:
%%5

Error - 5/11/2012 11:32:26 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The srvnet service failed to start due to the following error: %%5

Error - 5/11/2012 11:32:28 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Server SMB 2.xxx Driver service depends on the srvnet service
which failed to start because of the following error: %%5

Error - 5/11/2012 11:32:28 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx
Driver service which failed to start because of the following error: %%1068

Error - 5/11/2012 11:32:28 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Server service depends on the Server SMB 1.xxx Driver service
which failed to start because of the following error: %%1068

Error - 5/11/2012 11:32:28 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >


When attempting to run the TDSSKiller software, the program would do nothing. I downloaded it and saved it to the desktop as told, then when attempting to run it, no window would popup and there would be no sign of the software loading or anything. I tried to delete the program and redownload it several times but the samething would keep happening. The only thing I would think of regarding the problem with TDSSKiller is the software not being compatible with my system, thus not being able to run. So the only thing I was able to do was run the OTL software.

Thank you
Omar

Edited by omar_010, 15 May 2012 - 01:27 AM.


#4 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:04 PM

Posted 15 May 2012 - 10:06 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/19 15:21:21 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~6gX2DnIgBPlWO4r
    [2011/12/19 15:21:20 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~6gX2DnIgBPlWO4
    [2011/12/19 15:21:12 | 000,000,336 | -H-- | C] () -- C:\ProgramData\6gX2DnIgBPlWO4
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

unite_blue.png

Please post the final results, good or bad. We like to know!


#5 omar_010

omar_010
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:04:04 PM

Posted 16 May 2012 - 03:13 AM

I ran OTL and pasted the commands told under customs scans. Then, after OTL finished running it asked me to reboot the computer. The reboot was successful.
Then after downloading aswMBR and running it, the following log was greated.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-16 03:56:02
-----------------------------
03:56:02.751 OS Version: Windows x64 6.1.7601 Service Pack 1
03:56:02.752 Number of processors: 2 586 0x603
03:56:02.754 ComputerName: OWNER-PC UserName: Owner
03:56:05.684 Initialize success
03:56:11.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
03:56:11.271 Disk 0 Vendor: WDC_WD3200BPVT-22ZEST0 01.01A01 Size: 305245MB BusType: 11
03:56:11.300 Disk 0 MBR read successfully
03:56:11.305 Disk 0 MBR scan
03:56:11.311 Disk 0 Windows 7 default MBR code
03:56:11.319 Disk 0 MBR hidden
03:56:11.344 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
03:56:11.370 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100 MB offset 31459328
03:56:11.393 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 289783 MB offset 31664128
03:56:11.447 Disk 0 Partition 4 80 (A) 17 Hidd HPFS/NTFS NTFS 1 MB offset 625139712
03:56:11.457 Disk 0 Partition 4 **SUSPICIOUS**
03:56:11.490 Disk 0 scanning C:\Windows\system32\drivers
03:56:42.520 Service scanning
03:57:01.937 Modules scanning
03:57:02.309 Disk 0 trace - called modules:
03:57:02.342 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004709334]<<ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
03:57:02.356 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046ed2d0]
03:57:02.370 3 CLASSPNP.SYS[fffff8800196843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004667060]
03:57:02.384 \Driver\atapi[0xfffffa8003d4f570] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004709334
03:57:02.401 Scan finished successfully
03:58:16.383 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
03:58:16.394 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


Thank you for the help
Omar

#6 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:04 PM

Posted 16 May 2012 - 07:45 AM

1. Preferably from a clean computer, please download the following: gparted-live-0.10.0-3.iso (115 MB)

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like BurnAware Free or ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.


2. Now, please boot off of the newly created GParted CD. See How to Set BIOS to Boot from CDROM for information on how to boot from the CD.

You should arrive to the following screen:
Posted Image
Press the ENTER key

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and press the ENTER key.

Posted Image
Next, choose your language and press the ENTER key. English is the default setting [33]

Posted Image
Once again, at this prompt, press the ENTER key.

You will now be taken to the main GUI screen below
Posted Image

Please take a picture of this screen (camera or phone pictures will work just fine), and post it here for me to see. It is very important that you complete this step.

unite_blue.png

Please post the final results, good or bad. We like to know!


#7 omar_010

omar_010
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:04:04 PM

Posted 17 May 2012 - 02:34 AM

After creating the bootable disk with the ISO file in it from a clean computer, I booted the infected computer from the Gparted CD created. After doing what was on the screen shots you provided me, I came up to the GUI screen. There was an option on that same screen about taking a screen shot. I tried taking the screen shot but could not locate it anywhere on the computer afterwards. So I took the following pictures that are attached.

Regards
Omar

ps. I noticed that the infected computer is becoming really slow when is either starting or shutting down. It is taking around 5 to 8 minutes to do this, although in some occasion it starts or shuts down fast as expected. I'm guessing that that is due to the malware that is in it.

Attached Files


Edited by omar_010, 17 May 2012 - 02:39 AM.


#8 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:04 PM

Posted 17 May 2012 - 06:00 AM

Please boot back into the GParted CD, and navigate back into the main GUI screen below

Posted Image

According to your logs, the partition that you want to delete is 1.33 MiB

Please select the partition of that size. Click the trash can icon to delete that partition, and then click Apply.

You should now be here confirming your actions:
Posted Image

After clicking Accept, you should be at the following screen:
Posted Image

Posted Image

Under "Flags", Right-click the 282.99 MiB while in GParted and select Manage Flags

In the menu that pops up, place a check mark in boot like the picture below:
Posted Image

Now double-click the Posted Image button.

You should receive a small pop up like this:
Posted Image
Choose reboot and then press OK.

How is your PC running after doing the above?

Edited by Gammo, 17 May 2012 - 06:02 AM.

unite_blue.png

Please post the final results, good or bad. We like to know!


#9 omar_010

omar_010
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:04:04 PM

Posted 18 May 2012 - 05:42 PM

Hi

I did everything that was on the previous post. On the last step, after choosing the reboot option from the last pop up, the computer started to reboot.

Something really strange happened in the process of rebooting. Before the windows logo could appear, a message showed up on a black screen. It said, "Bootmgr is missing Press Ctrl+Alt+Del to restart". When I attempted to press it, the system came back to the boot screen where there is a setup key (in my case it is f2). Then after that, it came back to the same bootmgr missing error message.

I decided to press the f2 key so that I could go to the setup utility window for some options. After reading some features on one of the tabs of the window, I saw a D2D recovery option via alt+f10 key. I tried that option which took me to the system recovery management window. From there, I checked the option of "Restore Operating System and Retain User Data" After that the system continued the recovery process and saved data in a recovery file. At the end, the computer was successfully recovered even though I lost some installed programs including the antivirus. Nevertheless, I was able to locate the saved files from the recovery file created, re install a new antivirus, and most importantly access the system normally.

I think that the boot configuration data might have been erased with the deleted partion from the Gparted operation. That might have been what caused the error. Anyways, the system seems to work fine now so the malware appears to be successfully removed.

Thank You so much for the help.
Omar

#10 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:04 PM

Posted 19 May 2012 - 03:04 AM

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:

unite_blue.png

Please post the final results, good or bad. We like to know!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users