Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess in TCP/IP Stack


  • This topic is locked This topic is locked
19 replies to this topic

#1 KennethT

KennethT

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 21 September 2012 - 01:02 PM

Working on a computer infected with File Recovery. I entered safe mode with networkig and ran Rkill. Couldn't run or install malwarebytes. Was able to install, update, and run Superantispyware. Found and removed several items. Ran TDSS, no infection. Ran Hitman Pro, removed 2 items from MBR and several other files. Ran Roguekiller, no infections. Ran Unhide.exe, restored multiple desktop items. Installed, updated, and ran malwarebytes, found 3 items and removed them. Ran Combofix, showed zeroaccess in TCP/IP, showed rootkit and informed this could take some moments, it said this mulitple times. Left combofix running as i went to bed. Woke up 6 hours later, combofix hadn't budged. D/L and ran DDS, let run for 1 hour, no logs produced. Here i am with a GMER log. First time user, thanks in advance.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-21 13:48:29
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST9120822AS rev.3.BHD
Running: v8nbd2kw.exe; Driver: C:\Users\Owner\AppData\Local\Temp\ugloapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BA0F340, 0x3FA057, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2208] USER32.dll!CreateWindowExW 76EA1305 5 Bytes JMP 70A2DB04 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] USER32.dll!DialogBoxParamW 76EC10B0 5 Bytes JMP 709554C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] USER32.dll!DialogBoxIndirectParamW 76EC2EF5 5 Bytes JMP 70B25329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] USER32.dll!DialogBoxParamA 76ED8152 5 Bytes JMP 70B252C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] USER32.dll!DialogBoxIndirectParamA 76ED847D 5 Bytes JMP 70B2538C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] USER32.dll!MessageBoxIndirectA 76EED4D9 5 Bytes JMP 70B2525B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] USER32.dll!MessageBoxIndirectW 76EED5D3 5 Bytes JMP 70B251F0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] USER32.dll!MessageBoxExA 76EED639 5 Bytes JMP 70B2518E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2208] USER32.dll!MessageBoxExW 76EED65D 5 Bytes JMP 70B2512C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3792] USER32.dll!SetWindowsHookExW 76E987AD 5 Bytes JMP 70A29A91 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3792] USER32.dll!CallNextHookEx 76E98E3B 5 Bytes JMP 70A1D0CD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3792] USER32.dll!UnhookWindowsHookEx 76E998DB 5 Bytes JMP 7099466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3792] USER32.dll!CreateWindowExW 76EA1305 5 Bytes JMP 70A2DB04 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3792] USER32.dll!DialogBoxParamW 76EC10B0 5 Bytes JMP 709554C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3792] USER32.dll!DialogBoxIndirectParamW 76EC2EF5 5 Bytes JMP 70B25329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3792] USER32.dll!DialogBoxParamA 76ED8152 5 Bytes JMP 70B252C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3792] USER32.dll!DialogBoxIndirectParamA 76ED847D 5 Bytes JMP 70B2538C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3792] USER32.dll!MessageBoxIndirectA 76EED4D9 5 Bytes JMP 70B2525B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3792] USER32.dll!MessageBoxIndirectW 76EED5D3 5 Bytes JMP 70B251F0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3792] USER32.dll!MessageBoxExA 76EED639 5 Bytes JMP 70B2518E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3792] USER32.dll!MessageBoxExW 76EED65D 5 Bytes JMP 70B2512C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3792] ole32.dll!OleLoadFromStream 77071E80 5 Bytes JMP 70B25691 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3792] ole32.dll!CoCreateInstance 770A9F3E 5 Bytes JMP 70A2DB60 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing@SessionIdLow -626261568

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 KennethT

KennethT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 25 September 2012 - 05:29 PM

Did I post something wrong? There have been many posts since mine that have been replied to. Please let me know if I've done something to be overlooked.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 PM

Posted 26 September 2012 - 08:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#4 KennethT

KennethT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 27 September 2012 - 05:43 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-09-2012
Ran by SYSTEM at 27-09-2012 06:37:23
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [176128 2007-04-23] (CyberLink Corp.)
HKLM\...\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [49152 2005-02-16] (Hewlett-Packard Co.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [98616 2008-04-17] (ArcSoft Inc.)
HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13601312 2009-06-24] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-06-24] (NVIDIA Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [x]
HKU\Default\...\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [454784 2007-03-15] (Linksys, a Division of Cisco Systems, Inc.)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [x]
HKU\Default User\...\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [454784 2007-03-15] (Linksys, a Division of Cisco Systems, Inc.)
HKU\Owner\...\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [454784 2007-03-15] (Linksys, a Division of Cisco Systems, Inc.)
HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Owner\...\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [202240 2008-01-18] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
ShortcutTarget: PHOTOfunSTUDIO -viewer-.lnk -> C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsubleepa Electric Industrial Co., Ltd.)

==================== Services (Whitelisted) ===================

2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [102712 2008-04-17] (ArcSoft Inc.)
2 CLCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe" [262243 2007-04-23] ()
2 CLSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe" [106593 2007-04-23] ()
2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [62984 2007-03-14] (Hewlett-Packard)

==================== Drivers (Whitelisted) ====================

3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
2 elagopro; C:\Windows\System32\DRIVERS\elagopro.sys [28672 2007-03-22] (Gteko Ltd.)
2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)
3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [160768 2007-04-11] (Conexant Systems Inc.)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
3 SSKBFD; C:\Windows\System32\Drivers\sskbfd.sys [23864 2007-10-01] (Webroot Software Inc (www.webroot.com))
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [x]
4 eabfiltr; [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-09-27 02:20 - 2012-09-27 02:21 - 00000714 ____A C:\Windows\setupact.log
2012-09-27 02:20 - 2012-09-27 02:20 - 00000000 ____A C:\Windows\setuperr.log
2012-09-21 09:48 - 2012-09-21 09:48 - 00005357 ____A C:\Users\Owner\Desktop\ark.txt
2012-09-21 09:08 - 2012-01-09 07:54 - 00613376 ____A (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2012-09-21 09:08 - 2012-01-09 05:58 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-09-21 08:57 - 2012-09-21 08:57 - 00302592 ____A C:\Users\Owner\Desktop\v8nbd2kw.exe
2012-09-21 08:39 - 2012-09-21 08:39 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2012-09-21 08:39 - 2012-09-21 08:39 - 00000000 ____A C:\Users\Owner\defogger_reenable
2012-09-21 08:38 - 2012-09-21 08:38 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2012-09-21 08:37 - 2012-09-21 08:37 - 00050477 ____A C:\Users\Owner\Desktop\Defogger.exe
2012-09-21 08:28 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-09-21 08:28 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-09-21 08:28 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-09-21 08:28 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-09-21 08:27 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-09-21 08:27 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-09-21 08:27 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-09-21 08:27 - 2012-06-02 11:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-09-21 08:27 - 2012-06-02 11:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-09-21 03:18 - 2012-09-21 03:18 - 00000000 ____D C:\Program Files\CCleaner
2012-09-21 03:11 - 2012-09-21 09:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-21 03:11 - 2012-09-21 03:11 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-09-21 03:11 - 2012-09-21 03:11 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-21 02:50 - 2012-09-21 02:50 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2012-09-21 02:44 - 2009-07-14 09:45 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2012-09-21 02:43 - 2009-07-14 09:45 - 00445008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-09-21 02:43 - 2009-07-14 09:45 - 00038480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-09-20 11:48 - 2012-09-21 02:40 - 00000000 __AHT C:\Windows\wusa.lock
2012-09-20 11:48 - 2012-09-20 11:48 - 00000000 ____D C:\6b59d90d046b3fccc2c87f4f
2012-09-20 11:37 - 2012-09-21 03:09 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-20 11:05 - 2010-04-05 12:00 - 00221568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-20 11:03 - 2012-09-20 11:03 - 00000000 ____D C:\Users\Default\Application Data\hpqLog
2012-09-20 11:03 - 2012-09-20 11:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\hpqLog
2012-09-20 11:03 - 2012-09-20 11:03 - 00000000 ____D C:\Users\Default User\Application Data\hpqLog
2012-09-20 11:03 - 2012-09-20 11:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming\hpqLog
2012-09-20 11:02 - 2012-09-20 11:02 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2012-09-20 11:02 - 2012-09-20 11:02 - 00000000 ____D C:\Users\Owner\Application Data\hpqLog
2012-09-20 11:02 - 2012-09-20 11:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\hpqLog
2012-09-20 11:01 - 2012-09-20 11:02 - 00000000 ____D C:\Windows\QLB
2012-09-20 11:01 - 2009-04-29 03:46 - 00015872 ____A (Hewlett-Packard Development Company, L.P.) C:\Windows\System32\Drivers\HpqKbFiltr.sys
2012-09-20 11:01 - 2006-11-02 02:09 - 01419232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wdfcoinstaller01005.dll
2012-09-20 10:38 - 2012-09-20 10:39 - 00000000 ____D C:\Windows\System32\vi-VN
2012-09-20 10:38 - 2012-09-20 10:39 - 00000000 ____D C:\Windows\System32\eu-ES
2012-09-20 10:38 - 2012-09-20 10:39 - 00000000 ____D C:\Windows\System32\ca-ES
2012-09-20 10:17 - 2011-04-21 05:58 - 00273408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-09-20 02:18 - 2012-09-20 02:18 - 00000000 ____D C:\Users\Owner\Local Settings\Microsoft Help
2012-09-20 02:18 - 2012-09-20 02:18 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\Microsoft Help
2012-09-20 02:18 - 2012-09-20 02:18 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Help
2012-09-20 02:11 - 2011-05-27 22:08 - 01211904 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-20 02:11 - 2011-05-27 22:08 - 00916480 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-20 02:11 - 2011-05-27 22:04 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-20 02:11 - 2011-05-27 22:04 - 00602112 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-20 02:11 - 2011-05-27 22:04 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-09-20 02:11 - 2011-05-27 22:04 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-09-20 02:11 - 2011-05-27 22:03 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-09-20 02:11 - 2011-05-27 20:32 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-09-20 02:10 - 2011-07-06 07:31 - 00214016 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-09-20 02:10 - 2011-06-02 05:34 - 02043392 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-09-20 02:10 - 2011-05-27 22:07 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-09-20 02:10 - 2011-05-27 22:05 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-09-20 02:10 - 2011-05-27 22:04 - 11081728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-20 02:10 - 2011-05-27 22:04 - 05964800 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-20 02:10 - 2011-05-27 22:04 - 01991680 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-20 02:10 - 2011-05-27 22:04 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-09-20 02:10 - 2011-05-27 22:04 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-20 02:10 - 2011-05-27 22:04 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-09-20 02:10 - 2011-05-27 22:04 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-09-20 02:10 - 2011-05-27 22:04 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-20 02:10 - 2011-05-27 22:04 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-09-20 02:10 - 2011-05-27 22:04 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-20 02:10 - 2011-05-27 21:10 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-09-20 02:10 - 2011-05-27 20:33 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-20 02:10 - 2011-05-27 20:32 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-09-20 02:10 - 2011-05-27 20:31 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-20 02:10 - 2011-05-02 09:16 - 00739328 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-09-20 02:10 - 2011-04-29 07:59 - 00276992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-09-20 02:10 - 2011-04-29 05:25 - 00146432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-09-20 02:10 - 2011-04-29 05:25 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-09-20 02:10 - 2011-04-29 05:24 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-09-20 02:10 - 2011-04-29 05:24 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-09-20 02:10 - 2011-04-20 07:55 - 00375808 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-09-20 02:10 - 2011-04-20 07:50 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-09-20 02:10 - 2011-04-14 06:59 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2012-09-20 02:10 - 2011-04-12 08:07 - 00892416 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-09-20 02:10 - 2011-02-16 22:23 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-20 02:10 - 2011-02-16 22:19 - 00726528 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-20 02:10 - 2010-12-20 08:35 - 00563712 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-09-19 13:43 - 2012-09-21 05:11 - 00000000 ____D C:\Windows\erdnt
2012-09-19 13:40 - 2012-09-19 13:40 - 00000000 ____D C:\Windows\System32\EventProviders
2012-09-18 18:20 - 2012-09-18 18:20 - 00066556 ____A C:\Windows\System32\.crusader
2012-09-18 18:13 - 2012-09-18 18:20 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-09-18 18:13 - 2012-09-18 18:20 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro
2012-09-18 18:13 - 2012-09-18 18:13 - 00000000 ____D C:\Program Files\HitmanPro
2012-09-18 18:06 - 2012-09-18 18:06 - 00217670 ____A C:\coreuninstall.log
2012-09-18 17:53 - 2008-12-07 11:43 - 00001922 ____A C:\Users\Public\Desktop\Panorama Maker 4.lnk
2012-09-18 17:53 - 2008-12-07 11:43 - 00001922 ____A C:\Users\All Users\Desktop\Panorama Maker 4.lnk
2012-09-18 17:53 - 2008-12-07 11:42 - 00002117 ____A C:\Users\Public\Desktop\Media Impression.lnk
2012-09-18 17:53 - 2008-12-07 11:42 - 00002117 ____A C:\Users\All Users\Desktop\Media Impression.lnk
2012-09-18 17:53 - 2008-12-07 11:35 - 00001850 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO -viewer-.lnk
2012-09-18 17:53 - 2008-12-07 11:35 - 00001850 ____A C:\Users\All Users\Desktop\PHOTOfunSTUDIO -viewer-.lnk
2012-09-18 17:53 - 2007-12-08 07:01 - 00001874 ____A C:\Users\Public\Desktop\Linksys EasyLink Advisor.lnk
2012-09-18 17:53 - 2007-12-08 07:01 - 00001874 ____A C:\Users\All Users\Desktop\Linksys EasyLink Advisor.lnk
2012-09-18 17:21 - 2009-03-08 03:34 - 00236544 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-09-18 17:21 - 2009-03-08 03:34 - 00208384 ____A (Microsoft Corporation) C:\Windows\System32\WinFXDocObj.exe
2012-09-18 17:21 - 2009-03-08 03:34 - 00193536 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-09-18 17:21 - 2009-03-08 03:34 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-18 17:21 - 2009-03-08 03:33 - 00229376 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-09-18 17:21 - 2009-03-08 03:33 - 00125952 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-09-18 17:21 - 2009-03-08 03:33 - 00109568 ____A (Microsoft Corporation) C:\Windows\System32\PDMSetup.exe
2012-09-18 17:21 - 2009-03-08 03:33 - 00107520 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-09-18 17:21 - 2009-03-08 03:33 - 00107008 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-09-18 17:21 - 2009-03-08 03:33 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\SetDepNx.exe
2012-09-18 17:21 - 2009-03-08 03:33 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\corpol.dll
2012-09-18 17:21 - 2009-03-08 03:32 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-09-18 17:21 - 2009-03-08 03:32 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-09-18 17:21 - 2009-03-08 03:32 - 00128512 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-09-18 17:21 - 2009-03-08 03:32 - 00094720 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-09-18 17:21 - 2009-03-08 03:32 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-09-18 17:21 - 2009-03-08 03:32 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-09-18 17:21 - 2009-03-08 03:31 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-09-18 17:21 - 2009-03-08 03:31 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-09-18 17:21 - 2009-03-08 03:31 - 00059904 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-09-18 17:21 - 2009-03-08 03:31 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-09-18 17:21 - 2009-03-08 03:31 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-09-18 17:21 - 2009-03-08 03:31 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-09-18 17:21 - 2009-03-08 03:31 - 00034816 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-09-18 17:21 - 2009-03-08 03:30 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-09-18 17:21 - 2009-03-08 03:22 - 00156160 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-09-18 17:21 - 2009-03-08 03:11 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-09-18 17:21 - 2009-02-06 20:07 - 03698584 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-09-13 00:40 - 2012-09-14 04:29 - 00000368 ____A C:\Users\All Users\wpqG9OqrhbGwir
2012-09-13 00:40 - 2012-09-14 04:29 - 00000368 ____A C:\Users\All Users\Application Data\wpqG9OqrhbGwir
2012-09-13 00:40 - 2012-09-14 04:29 - 00000152 ____A C:\Users\All Users\-wpqG9OqrhbGwir
2012-09-13 00:40 - 2012-09-14 04:29 - 00000152 ____A C:\Users\All Users\Application Data\-wpqG9OqrhbGwir
2012-09-13 00:40 - 2012-09-13 00:40 - 00000168 ____A C:\Users\All Users\-wpqG9OqrhbGwirr
2012-09-13 00:40 - 2012-09-13 00:40 - 00000168 ____A C:\Users\All Users\Application Data\-wpqG9OqrhbGwirr


==================== 3 Months Modified Files ==================

2012-09-27 02:24 - 2006-11-02 02:33 - 00721582 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-27 02:23 - 2007-09-04 02:02 - 02041701 ____A C:\Windows\WindowsUpdate.log
2012-09-27 02:23 - 2006-11-02 05:01 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-27 02:23 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-27 02:21 - 2012-09-27 02:20 - 00000714 ____A C:\Windows\setupact.log
2012-09-27 02:20 - 2012-09-27 02:20 - 00000000 ____A C:\Windows\setuperr.log
2012-09-27 02:20 - 2006-11-02 04:47 - 00003168 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-27 02:20 - 2006-11-02 04:47 - 00003168 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-27 02:12 - 2008-12-24 18:20 - 00031871 ____A C:\Users\All Users\nvModes.dat
2012-09-27 02:12 - 2008-12-24 18:20 - 00031871 ____A C:\Users\All Users\nvModes.001
2012-09-27 02:12 - 2008-12-24 18:20 - 00031871 ____A C:\Users\All Users\Application Data\nvModes.dat
2012-09-27 02:12 - 2008-12-24 18:20 - 00031871 ____A C:\Users\All Users\Application Data\nvModes.001
2012-09-27 02:12 - 2007-08-04 18:35 - 00000147 ____A C:\Users\Public\Documents\hpqp.ini
2012-09-27 02:12 - 2007-08-04 18:35 - 00000147 ____A C:\Users\All Users\Documents\hpqp.ini
2012-09-21 09:48 - 2012-09-21 09:48 - 00005357 ____A C:\Users\Owner\Desktop\ark.txt
2012-09-21 09:11 - 2012-09-21 03:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-21 08:57 - 2012-09-21 08:57 - 00302592 ____A C:\Users\Owner\Desktop\v8nbd2kw.exe
2012-09-21 08:39 - 2012-09-21 08:39 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2012-09-21 08:39 - 2012-09-21 08:39 - 00000000 ____A C:\Users\Owner\defogger_reenable
2012-09-21 08:38 - 2012-09-21 08:38 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2012-09-21 08:37 - 2012-09-21 08:37 - 00050477 ____A C:\Users\Owner\Desktop\Defogger.exe
2012-09-21 03:11 - 2012-09-21 03:11 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-09-21 03:11 - 2012-09-21 03:11 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-21 03:09 - 2012-09-20 11:37 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-21 02:50 - 2012-09-21 02:50 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2012-09-21 02:40 - 2012-09-20 11:48 - 00000000 __AHT C:\Windows\wusa.lock
2012-09-20 11:02 - 2012-09-20 11:02 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2012-09-20 10:43 - 2006-11-02 04:47 - 00354064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-20 10:07 - 2007-12-12 08:45 - 00000680 ____A C:\Users\Owner\Local Settings\d3d9caps.dat
2012-09-20 10:07 - 2007-12-12 08:45 - 00000680 ____A C:\Users\Owner\Local Settings\Application Data\d3d9caps.dat
2012-09-20 10:07 - 2007-12-12 08:45 - 00000680 ____A C:\Users\Owner\AppData\Local\d3d9caps.dat
2012-09-18 18:20 - 2012-09-18 18:20 - 00066556 ____A C:\Windows\System32\.crusader
2012-09-18 18:06 - 2012-09-18 18:06 - 00217670 ____A C:\coreuninstall.log
2012-09-14 04:29 - 2012-09-13 00:40 - 00000368 ____A C:\Users\All Users\wpqG9OqrhbGwir
2012-09-14 04:29 - 2012-09-13 00:40 - 00000368 ____A C:\Users\All Users\Application Data\wpqG9OqrhbGwir
2012-09-14 04:29 - 2012-09-13 00:40 - 00000152 ____A C:\Users\All Users\-wpqG9OqrhbGwir
2012-09-14 04:29 - 2012-09-13 00:40 - 00000152 ____A C:\Users\All Users\Application Data\-wpqG9OqrhbGwir
2012-09-13 00:40 - 2012-09-13 00:40 - 00000168 ____A C:\Users\All Users\-wpqG9OqrhbGwirr
2012-09-13 00:40 - 2012-09-13 00:40 - 00000168 ____A C:\Users\All Users\Application Data\-wpqG9OqrhbGwirr
2012-08-30 20:12 - 2006-11-02 02:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-20 10:15:17
Restore point made on: 2012-09-20 10:56:22
Restore point made on: 2012-09-21 05:06:21
Restore point made on: 2012-09-21 08:27:18
Restore point made on: 2012-09-21 10:03:02
Restore point made on: 2012-09-27 02:18:07

==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 1982.31 MB
Available physical RAM: 1482.58 MB
Total Pagefile: 1714.06 MB
Available Pagefile: 1548.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.51 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:103.38 GB) (Free:57.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:111.79 GB) (Free:111.7 GB) NTFS
3 Drive e: (HP_RECOVERY) (Fixed) (Total:8.41 GB) (Free:1.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:1.91 GB) (Free:1.91 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 0 B
Disk 1 Online 112 GB 1528 KB
Disk 2 Online 1960 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 103 GB 32 KB
Partition 2 Primary 8 GB 103 GB
Partition 3 Primary 2544 KB 112 GB
Partition 4 Primary 8 KB 112 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C OS NTFS Partition 103 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partition 8 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 112 GB 32 KB

=========================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D DATA NTFS Partition 112 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1960 MB 248 KB

=========================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 1960 MB Healthy

=========================================================

Last Boot: 2012-09-27 02:17

==================== End Of Log ============================

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 PM

Posted 27 September 2012 - 08:43 AM

Nothing suspicious was found on your log.

Please run the ComboFix one more time.
You may be asked to up date the program. Please do.

If no log is generated in 30 to 45 minutes you can stop the process.

If this does not work run the following tool.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#6 KennethT

KennethT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 27 September 2012 - 05:48 PM

OTL logfile created on: 9/27/2012 6:27:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 69.99% Memory free
4.10 Gb Paging File | 3.49 Gb Available in Paging File | 85.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.38 Gb Total Space | 53.84 Gb Free Space | 52.08% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 111.70 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive E: | 8.41 Gb Total Space | 1.80 Gb Free Space | 21.35% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsubleepa Electric Industrial Co., Ltd.)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\RawPictureLib.pcp ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLSched) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Owner\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (SSKBFD) -- C:\Windows\System32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (elagopro) -- C:\Windows\System32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\Windows\System32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {13BA74AE-E197-454E-B8DB-18B78838913A}
IE - HKLM\..\SearchScopes\{13BA74AE-E197-454E-B8DB-18B78838913A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{C710C720-B588-4676-A61E-B8C9C166D712}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {8CDEB6E7-1E6D-47B4-951F-11E47FD5EE0B}
IE - HKCU\..\SearchScopes\{8CDEB6E7-1E6D-47B4-951F-11E47FD5EE0B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)



O1 HOSTS File: ([2012/09/19 20:28:49 | 000,000,724 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0717666-99DE-4E14-B322-505B7C9031E4}: DhcpNameServer = 68.87.77.130 68.87.72.130 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E11B4729-1BAF-4519-A8B8-A7FDF77366D1}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 22:57:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | --S- | M] () - E:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{f36d26db-512f-11e0-a10d-001b24996749}\Shell - "" = AutoRun
O33 - MountPoints2\{f36d26db-512f-11e0-a10d-001b24996749}\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/09/27 18:23:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/09/27 18:19:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/27 18:17:43 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/09/27 16:51:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/27 16:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/09/27 10:36:52 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/27 07:59:38 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2012/09/27 07:59:37 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012/09/27 07:59:37 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012/09/27 07:58:04 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2012/09/27 07:58:04 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2012/09/27 07:58:01 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2012/09/27 07:58:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2012/09/27 07:58:00 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2012/09/27 07:57:59 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/09/27 07:57:59 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012/09/27 07:57:59 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/09/27 07:57:59 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2012/09/27 07:57:59 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2012/09/27 07:57:59 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012/09/27 07:57:59 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2012/09/27 07:40:52 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/09/27 07:40:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/27 07:40:03 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/09/27 07:40:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/09/27 07:40:03 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/27 07:40:03 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/09/27 07:40:03 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/09/27 07:40:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/27 07:40:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/09/27 07:40:02 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/09/27 07:40:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/27 07:40:02 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/27 07:40:02 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/09/27 07:40:02 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/27 07:40:02 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/09/27 07:40:02 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/27 07:40:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/27 07:40:02 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/09/27 07:40:02 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/09/27 07:40:02 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/09/27 07:40:02 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/09/27 07:40:02 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/27 07:40:02 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/27 07:40:02 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/27 07:40:02 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/27 07:40:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/27 07:40:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/27 07:40:01 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/09/27 07:40:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/09/27 07:40:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/27 07:40:01 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/09/27 07:40:01 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/27 07:40:01 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/09/27 07:40:01 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/09/27 07:40:01 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/09/27 07:40:01 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/27 07:40:01 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/09/27 07:40:01 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/09/27 07:38:47 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012/09/27 07:38:47 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012/09/27 07:38:46 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/09/27 07:38:46 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012/09/27 07:38:46 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/09/27 07:38:46 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012/09/27 07:38:46 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012/09/27 07:38:45 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/09/27 07:38:45 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012/09/27 07:38:45 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/09/27 07:38:45 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/27 07:38:45 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/09/27 07:38:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012/09/27 07:38:45 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/09/27 07:38:45 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/09/27 07:38:43 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012/09/27 07:38:43 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/09/27 07:38:43 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012/09/27 07:38:43 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012/09/27 07:38:43 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012/09/27 07:38:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/09/27 07:38:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012/09/27 07:38:01 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012/09/27 07:38:01 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012/09/27 07:38:01 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012/09/27 07:38:01 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2012/09/27 07:38:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012/09/27 07:38:01 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012/09/27 07:16:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/27 07:07:41 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/09/27 07:07:41 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/09/27 07:07:40 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/09/27 07:07:40 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/09/27 07:07:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/09/27 07:06:48 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/09/27 07:06:22 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/09/27 07:06:22 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/09/27 07:06:08 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/09/27 07:06:04 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/09/27 07:05:34 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/09/27 07:05:32 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/09/27 07:05:32 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/09/27 07:03:40 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/09/27 07:03:39 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/09/27 07:03:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/09/27 07:03:14 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2012/09/27 07:03:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2012/09/27 07:02:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/09/27 06:50:41 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012/09/21 13:08:57 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/09/21 12:38:13 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2012/09/21 12:28:27 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/09/21 12:28:27 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/09/21 12:27:30 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/09/21 12:27:30 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/09/21 12:27:30 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/09/21 12:27:21 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/09/21 12:27:21 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/09/21 07:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/21 07:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/21 07:11:46 | 000,696,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/21 07:11:46 | 000,073,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/21 06:43:55 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/09/20 15:48:06 | 000,000,000 | ---D | C] -- C:\6b59d90d046b3fccc2c87f4f
[2012/09/20 15:05:45 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/20 15:02:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\hpqLog
[2012/09/20 15:01:58 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wdfcoinstaller01005.dll
[2012/09/20 15:01:58 | 000,015,872 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\HpqKbFiltr.sys
[2012/09/20 15:01:40 | 000,000,000 | ---D | C] -- C:\Windows\QLB
[2012/09/20 14:38:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/09/20 14:38:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/09/20 14:38:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/09/20 06:18:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Microsoft Help
[2012/09/19 20:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2012/09/19 20:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySpace
[2012/09/19 17:43:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/19 17:40:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/09/18 22:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/09/18 22:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/09/18 21:21:47 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2012/09/13 04:40:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[7 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/27 18:25:30 | 000,617,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/27 18:25:30 | 000,108,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/27 18:22:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/09/27 18:19:47 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/09/27 18:19:47 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/09/27 18:19:45 | 000,000,147 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/09/27 18:19:30 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/27 18:19:29 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/27 18:19:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/27 18:19:19 | 2079,121,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/27 17:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/27 16:45:40 | 000,000,945 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/27 16:44:17 | 000,354,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/27 16:35:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/09/27 16:35:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/09/27 07:40:14 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/09/27 07:40:14 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/09/27 07:40:03 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/27 07:40:03 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/09/27 07:40:03 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/09/27 07:40:03 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/27 07:40:03 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/09/27 07:40:03 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/09/27 07:40:03 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/27 07:40:03 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/09/27 07:40:02 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/09/27 07:40:02 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/27 07:40:02 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/27 07:40:02 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/09/27 07:40:02 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/27 07:40:02 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/09/27 07:40:02 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/27 07:40:02 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/27 07:40:02 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/09/27 07:40:02 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/09/27 07:40:02 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/09/27 07:40:02 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/09/27 07:40:02 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/27 07:40:02 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/27 07:40:02 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/09/27 07:40:02 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/27 07:40:02 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/27 07:40:01 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/27 07:40:01 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/27 07:40:01 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/09/27 07:40:01 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/09/27 07:40:01 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/27 07:40:01 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/09/27 07:40:01 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/27 07:40:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/09/27 07:40:01 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/09/27 07:40:01 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/09/27 07:40:01 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/27 07:40:01 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/09/27 07:40:01 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/09/27 07:38:47 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012/09/27 07:38:47 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012/09/27 07:38:46 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/09/27 07:38:46 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012/09/27 07:38:46 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/09/27 07:38:46 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012/09/27 07:38:46 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012/09/27 07:38:45 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/09/27 07:38:45 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012/09/27 07:38:45 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/09/27 07:38:45 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/27 07:38:45 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/09/27 07:38:45 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012/09/27 07:38:45 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/09/27 07:38:45 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/09/27 07:38:43 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012/09/27 07:38:43 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/09/27 07:38:43 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012/09/27 07:38:43 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012/09/27 07:38:43 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012/09/27 07:38:43 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/09/27 07:38:43 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012/09/27 07:38:01 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012/09/27 07:38:01 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012/09/27 07:38:01 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012/09/27 07:38:01 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2012/09/27 07:38:01 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012/09/27 07:38:01 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012/09/27 07:38:01 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
[2012/09/21 12:57:45 | 000,302,592 | ---- | M] () -- C:\Users\Owner\Desktop\v8nbd2kw.exe
[2012/09/21 12:39:04 | 000,000,000 | ---- | M] () -- C:\Users\Owner\defogger_reenable
[2012/09/21 12:38:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2012/09/21 12:37:31 | 000,050,477 | ---- | M] () -- C:\Users\Owner\Desktop\Defogger.exe
[2012/09/21 07:11:46 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/21 07:11:46 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/21 07:09:12 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/21 06:50:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/09/21 06:40:56 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2012/09/20 15:02:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[2012/09/20 14:07:40 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2012/09/18 22:20:58 | 000,066,556 | ---- | M] () -- C:\Windows\System32\.crusader
[2012/09/14 08:29:32 | 000,000,368 | ---- | M] () -- C:\ProgramData\wpqG9OqrhbGwir
[2012/09/14 08:29:24 | 000,000,152 | ---- | M] () -- C:\ProgramData\-wpqG9OqrhbGwir
[2012/09/13 04:40:54 | 000,000,168 | ---- | M] () -- C:\ProgramData\-wpqG9OqrhbGwirr
[7 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/27 16:35:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/09/27 16:35:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/09/27 07:40:02 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/09/21 12:57:43 | 000,302,592 | ---- | C] () -- C:\Users\Owner\Desktop\v8nbd2kw.exe
[2012/09/21 12:39:04 | 000,000,000 | ---- | C] () -- C:\Users\Owner\defogger_reenable
[2012/09/21 12:37:31 | 000,050,477 | ---- | C] () -- C:\Users\Owner\Desktop\Defogger.exe
[2012/09/21 07:11:47 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/21 06:50:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/09/21 06:44:06 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012/09/20 15:48:05 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2012/09/20 15:37:06 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/20 15:02:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[2012/09/20 06:01:30 | 2079,121,408 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/19 20:29:34 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2012/09/18 22:20:58 | 000,066,556 | ---- | C] () -- C:\Windows\System32\.crusader
[2012/09/18 21:53:24 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Media Impression.lnk
[2012/09/18 21:53:24 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Panorama Maker 4.lnk
[2012/09/18 21:53:24 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\Linksys EasyLink Advisor.lnk
[2012/09/18 21:53:24 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO -viewer-.lnk
[2012/09/18 21:53:24 | 000,001,766 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2012/09/18 21:53:23 | 000,001,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
[2012/09/18 21:53:23 | 000,001,769 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPlay Manager.lnk
[2012/09/18 21:53:23 | 000,001,728 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPlay.lnk
[2012/09/18 21:53:23 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/09/13 04:40:54 | 000,000,168 | ---- | C] () -- C:\ProgramData\-wpqG9OqrhbGwirr
[2012/09/13 04:40:54 | 000,000,152 | ---- | C] () -- C:\ProgramData\-wpqG9OqrhbGwir
[2012/09/13 04:40:44 | 000,000,368 | ---- | C] () -- C:\ProgramData\wpqG9OqrhbGwir
[2012/01/02 05:26:59 | 000,010,742 | --S- | C] () -- C:\Users\Owner\AppData\Local\eoy787bu8jsb54cu4s745a3nwoowo3cf8gnsn
[2012/01/02 05:26:59 | 000,010,742 | --S- | C] () -- C:\ProgramData\eoy787bu8jsb54cu4s745a3nwoowo3cf8gnsn
[2011/09/15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/05/28 10:02:30 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34856696r
[2011/05/28 10:02:30 | 000,000,104 | ---- | C] () -- C:\ProgramData\~34856696
[2011/05/28 10:02:13 | 000,000,344 | ---- | C] () -- C:\ProgramData\34856696
[2008/12/24 22:20:39 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/24 22:20:37 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/01/11 12:40:11 | 000,000,104 | ---- | C] () -- C:\Users\Owner\Network - Shortcut.lnk
[2008/01/04 20:38:18 | 000,005,632 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/12 12:45:45 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2007/12/08 17:53:13 | 000,000,296 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2012/09/19 17:58:45 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB62280$\485945278\L
[2012/09/19 17:58:46 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB62280$\485945278\U
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2007/12/22 20:15:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\muvee Technologies
[2008/12/07 15:38:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Panasonic
[2007/12/10 18:04:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/09/27 07:38:43 | 000,638,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgkrnl.sys
[7 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2012/09/27 18:19:34 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3320487336-748661927-3901829005-1000\desktop.ini
[2006/11/02 09:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 09:01:49 | 000,032,550 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/21 07:11:47 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-09-27 12:08:52

< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/08/04 23:06:53 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/08/04 23:06:54 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/08/04 23:06:54 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/19 08:54:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/19 08:54:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/19 08:54:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/04/11 02:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009/04/11 02:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/19 03:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006/11/02 05:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: BEEP.SYS >
[2008/01/19 01:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008/01/19 01:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006/11/02 04:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/12/09 11:52:42 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/12/09 11:52:42 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2009/02/13 04:21:09 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=1987D817D08F5EAF0B7F334026FDDB79 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[2006/11/02 05:46:05 | 000,874,496 | ---- | M] (Microsoft Corporation) MD5=1E36AE445E4DA83B82D51FEB2D4F8772 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16386_none_91872345596077da\kernel32.dll
[2011/04/12 10:53:05 | 000,890,368 | ---- | M] (Microsoft Corporation) MD5=306835D4E74E49A5D10F0FCA0B422EB1 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_939e812b5662e4c2\kernel32.dll
[2011/04/12 10:30:37 | 000,892,928 | ---- | M] (Microsoft Corporation) MD5=497A2DA8181560B3E2F8FFE0092FD1E6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_93ee425a6faadaba\kernel32.dll
[2011/04/12 12:07:38 | 000,892,416 | ---- | M] (Microsoft Corporation) MD5=574B473FACAA0E91702B86578440B525 -- C:\Windows\System32\kernel32.dll
[2011/04/12 12:07:38 | 000,892,416 | ---- | M] (Microsoft Corporation) MD5=574B473FACAA0E91702B86578440B525 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_9582275d538a1db6\kernel32.dll
[2011/04/12 11:08:23 | 000,893,440 | ---- | M] (Microsoft Corporation) MD5=7062DEB220FA1CCB1B65FC40D6E7D807 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_961d64be6c9b1d69\kernel32.dll
[2009/02/13 03:26:37 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=B82C7AC1D559F0FD088792171D64C7F3 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[2009/02/13 03:13:01 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=BB792054BD990EC05D9E260D50FEAD39 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[2009/04/11 02:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) MD5=BB8509089E7DF514310814E1B2593FFC -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fa\kernel32.dll
[2009/02/13 04:49:05 | 000,888,832 | ---- | M] (Microsoft Corporation) MD5=DB6E3731E6F5C8AE2843F80B5787F7C6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[2008/01/19 03:34:36 | 000,888,320 | ---- | M] (Microsoft Corporation) MD5=DC2338093F91BA4E0512208E60206DDD -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2006/11/02 05:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) MD5=54E9576169A248AD62A1EB9773225826 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6000.16386_none_b61c950a3060adba\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/19 03:35:15 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NDIS.SYS >
[2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006/11/02 05:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008/01/19 03:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/01/10 15:24:06 | 001,060,920 | ---- | M] (Microsoft Corporation) MD5=2620822A21B76375F5FD6E0986407CD1 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16586_none_a43a6b8d2000830d\ntfs.sys
[2007/12/16 18:50:41 | 001,060,920 | ---- | M] (Microsoft Corporation) MD5=37430AA7A66D7A63407ADC2C0D05E9F6 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346\ntfs.sys
[2006/11/02 05:51:47 | 001,056,360 | ---- | M] (Microsoft Corporation) MD5=3F379380A4A2637F559444E338CF1B51 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16386_none_a43a67c1200088bf\ntfs.sys
[2009/04/11 02:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\System32\drivers\ntfs.sys
[2009/04/11 02:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
[2008/01/19 03:43:40 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys
[2008/01/10 15:24:06 | 001,061,432 | ---- | M] (Microsoft Corporation) MD5=B5BE45B1F554DF9E1976CBC855365E60 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20709_none_a51d8a7c38da8c7b\ntfs.sys
[2007/12/16 18:52:59 | 001,061,944 | ---- | M] (Microsoft Corporation) MD5=F08824715CA6076F5E73E005AB83B9C8 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20740_none_a4e9483239031830\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2006/11/02 08:36:25 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=957CC0F372BB5D79C477363952276859 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6000.16386_none_0c076ff411279f33\ntmssvc.dll
[2008/01/19 03:35:58 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=A7DFF9642D510BE1EEC6664CD0369953 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2006/11/02 05:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\System32\proquota.exe
[2006/11/02 05:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

< MD5 for: QMGR.DLL >
[2008/01/19 03:36:13 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2006/11/02 05:46:12 | 000,749,568 | ---- | M] (Microsoft Corporation) MD5=733FB484A06B9D6A44DD9CA1D3BE937B -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
[2007/12/07 20:36:47 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=DA551697E34D2B9943C8B1C8EAFFE89A -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\qmgr.dll
[2007/12/07 20:36:47 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=F1148566FA5173A4FD48AF8E8BC09401 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.20647_none_220fe38215833e63\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 09:32:33 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=3665F79026A3F91FBCA63F2C65A09B19 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
[2009/04/11 02:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[2008/01/19 03:33:32 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[2010/08/17 10:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 -- C:\Windows\System32\spoolsv.exe
[2010/08/17 10:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
[2010/08/17 10:20:09 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=AAE98B295E88D439A6E0F6E8929424FB -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
[2006/11/02 05:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=DA612EF2556776DF2630B68BF2D48935 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe
[2010/08/17 09:27:48 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=E807FC542C295BA256CE3567829E02A6 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009/04/11 02:28:24 | 000,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\System32\termsrv.dll
[2009/04/11 02:28:24 | 000,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_908abad45165e2ae\termsrv.dll
[2008/01/19 03:36:39 | 000,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
[2006/11/02 05:46:13 | 000,427,520 | ---- | M] (Microsoft Corporation) MD5=FAD71C1E8E4047B154E899AE31EB8CAA -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6000.16386_none_8c687fcc5759068e\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 689 bytes -> C:\Users\Owner\Documents\EUCHRE SCORE CARDS.eml:OECustomProperty
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 9/27/2012 6:27:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 69.99% Memory free
4.10 Gb Paging File | 3.49 Gb Available in Paging File | 85.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.38 Gb Total Space | 53.84 Gb Free Space | 52.08% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 111.70 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive E: | 8.41 Gb Total Space | 1.80 Gb Free Space | 21.35% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"InternetSettingsDisableNotify" = 1
"UacDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3320487336-748661927-3901829005-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C7D6AB8-7D0B-49DC-9263-82400E120449}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1E7CD4B0-5C7B-4182-8E47-908AD1D3631A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3CE176F6-FE31-44AF-8716-6E963E16C8C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7528C9F9-5F63-4907-820E-5AE2980E0288}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{85777A53-A9B8-487C-8BB3-834527BFD7E2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BD0C338B-0175-43EB-8E50-502F4F30E264}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BD66770E-C9F6-4250-A095-42B33BB1ADA7}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E230856B-4A8C-467F-93E3-26185C4B5B38}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E9A2201F-0316-4990-9FF4-BD92ECD9F2EB}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F86521EC-F013-4DEC-8ECF-394A3BA411AD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{404F07FA-CE3E-41DF-A9C0-51C01A78E847}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A4A50F93-7CA5-4CAB-BCAD-C982DFD82DB2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
"{5AB56552-6938-4686-9F87-DB0ED8D1E06B}" = HP User Guides 0056
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SmartAudio" = SmartAudio
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2010 6:07:27 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 8/9/2010 5:57:23 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 8/11/2010 3:26:11 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 8/16/2010 4:06:18 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application hpbatcommander.exe, version 1.0.0.1, time stamp
0x4bfae07f, faulting module KERNEL32.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000142, fault offset 0x00009cac, process id 0x15bc, application
start time 0x01cb3d7e7bc17240.

Error - 8/19/2010 3:47:34 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/3/2010 8:18:03 AM | Computer Name = Owner-PC | Source = VSS | ID = 8194
Description =

Error - 9/8/2010 8:18:11 AM | Computer Name = Owner-PC | Source = VSS | ID = 8194
Description =

Error - 9/15/2010 5:49:31 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application ehExtHost.exe, version 6.0.6001.18000, time stamp
0x4791836d, faulting module ADVAPI32.dll, version 6.0.6001.18000, time stamp 0x4791a64b,
exception code 0xc00000fd, fault offset 0x0003ef7a, process id 0xL L , application
start time 0xL L .

Error - 9/16/2010 3:25:18 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/23/2010 8:49:21 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 5/21/2012 9:29:43 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 9:01:15 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 4:34:47 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 4:22:06 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/27/2012 4:50:22 PM | Computer Name = Owner-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 9/27/2012 4:54:28 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/27/2012 4:55:05 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 9/27/2012 6:12:46 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:45:44 PM on 9/27/2012 was unexpected.

Error - 9/27/2012 6:13:45 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/27/2012 6:14:29 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 9/27/2012 6:14:30 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 9/27/2012 6:15:47 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/27/2012 6:17:40 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/27/2012 6:19:46 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 PM

Posted 28 September 2012 - 07:57 AM

From what I see in the OTL log you still have some remnant item from the ZeroAccess infection.
ComboFix must have removed some of it but not all.

Malwarebytes should clean the rest.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

After, I suggest your run ComboFix and post the log.
You can run ComboFix in Safe Mode if it takes to long to generate the log.

#8 KennethT

KennethT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 29 September 2012 - 08:15 AM

Combofix starts, informs me of the Zeroaccess Rootkit, informs me of having a Rootkit and that it may take some time. I let Combofix for 8 hours and it never got to the stages or produced a log. Here is the malwarebytes log:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.29.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

9/29/2012 9:05:30 AM
mbam-log-2012-09-29 (09-05-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189478
Time elapsed: 6 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 PM

Posted 29 September 2012 - 09:47 AM

This tool should identify what needs to be removed.

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Post the log and wait for further instructions.

#10 KennethT

KennethT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 29 September 2012 - 10:26 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-09-2012
Ran by SYSTEM at 29-09-2012 11:09:29
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

ATTENTION: Unable to laod Software hive.

HKLM\...\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [176128 2007-04-23] (CyberLink Corp.)
HKLM\...\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [49152 2005-02-16] (Hewlett-Packard Co.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [98616 2008-04-17] (ArcSoft Inc.)
HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13601312 2009-06-24] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-06-24] (NVIDIA Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [x]
HKU\Default\...\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [454784 2007-03-15] (Linksys, a Division of Cisco Systems, Inc.)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [x]
HKU\Default User\...\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [454784 2007-03-15] (Linksys, a Division of Cisco Systems, Inc.)
HKU\Owner\...\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [454784 2007-03-15] (Linksys, a Division of Cisco Systems, Inc.)
HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Owner\...\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [202240 2008-01-18] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
ShortcutTarget: PHOTOfunSTUDIO -viewer-.lnk -> C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsubleepa Electric Industrial Co., Ltd.)

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2012-07-11] (SUPERAntiSpyware.com)
2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [102712 2008-04-17] (ArcSoft Inc.)
2 CLCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe" [262243 2007-04-23] ()
2 CLSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe" [106593 2007-04-23] ()
2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [62984 2007-03-14] (Hewlett-Packard)

==================== Drivers (Whitelisted) ====================

3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
2 elagopro; C:\Windows\System32\DRIVERS\elagopro.sys [28672 2007-03-22] (Gteko Ltd.)
2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)
3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [160768 2007-04-11] (Conexant Systems Inc.)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SSKBFD; C:\Windows\System32\Drivers\sskbfd.sys [23864 2007-10-01] (Webroot Software Inc (www.webroot.com))
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [x]
4 eabfiltr; [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-09-29 05:23 - 2012-09-29 05:23 - 00001802 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-29 05:23 - 2012-09-29 05:23 - 00001802 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-29 05:23 - 2012-09-29 05:23 - 00000000 ____D C:\Users\Owner\Application Data\SUPERAntiSpyware.com
2012-09-29 05:23 - 2012-09-29 05:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-09-29 05:23 - 2012-09-29 05:23 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-09-29 05:23 - 2012-09-29 05:23 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-09-29 05:23 - 2012-09-29 05:23 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-09-29 05:22 - 2012-09-29 05:22 - 20777760 ____A (SUPERAntiSpyware.com) C:\Users\Owner\Desktop\SUPERAntiSpyware.exe
2012-09-29 05:09 - 2012-03-01 06:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-09-29 05:09 - 2012-03-01 06:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-09-29 05:09 - 2012-02-29 06:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-09-29 05:09 - 2012-02-29 05:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-09-29 05:09 - 2012-02-29 05:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-09-29 05:09 - 2011-03-12 13:55 - 00876032 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-09-28 17:36 - 2012-09-28 17:36 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-28 17:36 - 2012-09-28 17:36 - 00000908 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-28 17:36 - 2012-09-28 17:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-09-28 17:36 - 2012-09-07 13:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-28 17:33 - 2012-09-28 17:33 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-27 14:46 - 2012-09-27 14:46 - 00034350 ____A C:\Users\Owner\Desktop\Extras.Txt
2012-09-27 14:44 - 2012-09-27 14:44 - 00132996 ____A C:\Users\Owner\Desktop\OTL.Txt
2012-09-27 14:23 - 2012-09-27 14:22 - 00602112 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2012-09-27 14:12 - 2012-09-29 04:56 - 00001092 ____A C:\Windows\PFRO.log
2012-09-27 12:40 - 2012-09-27 12:40 - 00000000 ____D C:\Program Files\Windows Portable Devices
2012-09-27 12:35 - 2012-09-27 12:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2012-09-27 12:35 - 2012-09-27 12:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2012-09-27 06:36 - 2012-09-27 06:36 - 00000000 ____D C:\FRST
2012-09-27 03:59 - 2009-09-09 18:01 - 03023360 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbon.dll
2012-09-27 03:59 - 2009-09-09 18:00 - 01164800 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbonRes.dll
2012-09-27 03:59 - 2009-09-09 18:00 - 00092672 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2012-09-27 03:58 - 2009-09-30 17:02 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\BthMtpContextHandler.dll
2012-09-27 03:58 - 2009-09-30 17:02 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\WPDShextAutoplay.exe
2012-09-27 03:58 - 2009-09-30 17:01 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\wpdbusenum.dll
2012-09-27 03:58 - 2009-09-30 17:01 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\WpdMtpUS.dll
2012-09-27 03:58 - 2009-09-30 17:01 - 00060928 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceConnectApi.dll
2012-09-27 03:58 - 2009-09-30 17:01 - 00040448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WpdUsb.sys
2012-09-27 03:58 - 2009-09-30 17:01 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\WpdConns.dll
2012-09-27 03:57 - 2009-09-30 17:02 - 02537472 ____A (Microsoft Corporation) C:\Windows\System32\wpdshext.dll
2012-09-27 03:57 - 2009-09-30 17:02 - 00334848 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceApi.dll
2012-09-27 03:57 - 2009-09-30 17:02 - 00087552 ____A (Microsoft Corporation) C:\Windows\System32\WPDShServiceObj.dll
2012-09-27 03:57 - 2009-09-30 17:01 - 00546816 ____A (Microsoft Corporation) C:\Windows\System32\wpd_ci.dll
2012-09-27 03:57 - 2009-09-30 17:01 - 00350208 ____A (Microsoft Corporation) C:\Windows\System32\WPDSp.dll
2012-09-27 03:57 - 2009-09-30 17:01 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\WpdMtp.dll
2012-09-27 03:57 - 2009-09-30 17:01 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceWMDRM.dll
2012-09-27 03:57 - 2009-09-30 17:01 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceTypes.dll
2012-09-27 03:57 - 2009-09-30 17:01 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceClassExtension.dll
2012-09-27 03:48 - 2012-02-29 07:11 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-09-27 03:48 - 2012-02-29 07:11 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-09-27 03:48 - 2012-02-29 07:09 - 00157696 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-09-27 03:48 - 2012-02-29 05:32 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-09-27 03:40 - 2012-09-27 03:40 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-09-27 03:40 - 2012-09-27 03:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-27 03:40 - 2012-09-27 03:40 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-27 03:40 - 2012-09-27 03:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-09-27 03:40 - 2012-09-27 03:40 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-09-27 03:40 - 2012-09-27 03:40 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-09-27 03:40 - 2012-09-27 03:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-27 03:40 - 2012-09-27 03:40 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-09-27 03:40 - 2012-09-27 03:40 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-09-27 03:40 - 2012-09-27 03:40 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-09-27 03:40 - 2012-09-27 03:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-09-27 03:40 - 2012-09-27 03:40 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-09-27 03:40 - 2012-09-27 03:40 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-09-27 03:40 - 2012-07-04 06:02 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-09-27 03:38 - 2012-09-27 03:38 - 02873344 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 01554432 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 01075712 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 01029120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00979456 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00974848 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00847360 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00667648 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2012-09-27 03:38 - 2012-09-27 03:38 - 00638336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-09-27 03:38 - 2012-09-27 03:38 - 00586240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00519680 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00486400 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00478720 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00369664 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00357376 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00321024 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00302592 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00261632 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
2012-09-27 03:38 - 2012-09-27 03:38 - 00252928 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
2012-09-27 03:38 - 2012-09-27 03:38 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00195584 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00189440 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2012-09-27 03:36 - 2012-09-27 03:40 - 00004020 ____A C:\Windows\IE9_main.log
2012-09-27 03:07 - 2012-05-11 07:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-09-27 03:07 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-09-27 03:07 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-09-27 03:07 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-09-27 03:07 - 2011-11-18 12:23 - 01205064 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-09-27 03:07 - 2011-10-14 08:03 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\winmm.dll
2012-09-27 03:07 - 2011-10-14 08:00 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\mciseq.dll
2012-09-27 03:07 - 2011-07-29 08:01 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-09-27 03:07 - 2011-07-29 08:01 - 00217088 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-09-27 03:07 - 2011-07-29 08:00 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2012-09-27 03:07 - 2011-07-29 08:00 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2012-09-27 03:06 - 2012-06-29 08:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-09-27 03:06 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-09-27 03:06 - 2012-03-30 04:39 - 00914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-27 03:06 - 2012-03-29 05:39 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-09-27 03:06 - 2012-03-20 15:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-09-27 03:06 - 2011-12-14 08:17 - 00680448 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-09-27 03:06 - 2011-11-25 07:59 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-09-27 03:06 - 2011-11-18 09:47 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-09-27 03:06 - 2011-10-14 08:02 - 00429056 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-09-27 03:06 - 2011-02-22 06:13 - 00288768 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-09-27 03:06 - 2011-02-22 05:33 - 00797696 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-09-27 03:05 - 2011-11-16 08:23 - 00377344 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2012-09-27 03:05 - 2011-10-25 07:58 - 01314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-09-27 03:05 - 2011-10-25 07:58 - 00497152 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-09-27 03:05 - 2011-10-25 07:56 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-09-27 03:03 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-09-27 03:03 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-09-27 03:03 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-09-27 03:03 - 2012-04-03 00:16 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-09-27 03:03 - 2012-04-03 00:16 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-09-27 03:03 - 2011-11-08 06:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-27 03:03 - 2011-08-25 08:15 - 00555520 ____A (Microsoft Corporation) C:\Windows\System32\UIAutomationCore.dll
2012-09-27 03:03 - 2011-08-25 08:14 - 00563712 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-09-27 03:03 - 2011-08-25 08:14 - 00238080 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-09-27 03:03 - 2011-08-25 05:31 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\oleaccrc.dll
2012-09-27 03:02 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-09-27 03:02 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-09-27 03:02 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-09-27 03:02 - 2011-11-16 08:23 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-09-27 03:02 - 2011-11-16 08:21 - 01259008 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-09-27 03:02 - 2011-11-16 06:12 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-09-27 03:02 - 2011-06-15 08:12 - 00182784 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-09-27 02:50 - 2010-05-04 11:13 - 00231424 ____A (Microsoft Corporation) C:\Windows\System32\msshsq.dll
2012-09-27 02:20 - 2012-09-29 06:59 - 00013503 ____A C:\Windows\setupact.log
2012-09-27 02:20 - 2012-09-27 02:20 - 00000000 ____A C:\Windows\setuperr.log
2012-09-21 09:48 - 2012-09-21 09:48 - 00005357 ____A C:\Users\Owner\Desktop\ark.txt
2012-09-21 09:08 - 2012-01-09 07:54 - 00613376 ____A (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2012-09-21 08:57 - 2012-09-21 08:57 - 00302592 ____A C:\Users\Owner\Desktop\v8nbd2kw.exe
2012-09-21 08:39 - 2012-09-21 08:39 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2012-09-21 08:39 - 2012-09-21 08:39 - 00000000 ____A C:\Users\Owner\defogger_reenable
2012-09-21 08:38 - 2012-09-21 08:38 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2012-09-21 08:37 - 2012-09-21 08:37 - 00050477 ____A C:\Users\Owner\Desktop\Defogger.exe
2012-09-21 08:28 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-09-21 08:28 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-09-21 08:28 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-09-21 08:28 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-09-21 08:27 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-09-21 08:27 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-09-21 08:27 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-09-21 08:27 - 2012-06-02 11:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-09-21 08:27 - 2012-06-02 11:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-09-21 03:18 - 2012-09-21 03:18 - 00000000 ____D C:\Program Files\CCleaner
2012-09-21 03:11 - 2012-09-29 06:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-21 03:11 - 2012-09-21 03:11 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-09-21 03:11 - 2012-09-21 03:11 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-21 02:50 - 2012-09-21 02:50 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2012-09-21 02:44 - 2009-07-14 09:45 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2012-09-21 02:43 - 2009-07-14 09:45 - 00445008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-09-21 02:43 - 2009-07-14 09:45 - 00038480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-09-20 11:48 - 2012-09-21 02:40 - 00000000 __AHT C:\Windows\wusa.lock
2012-09-20 11:48 - 2012-09-20 11:48 - 00000000 ____D C:\6b59d90d046b3fccc2c87f4f
2012-09-20 11:37 - 2012-09-21 03:09 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-20 11:05 - 2010-04-05 12:00 - 00221568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-20 11:03 - 2012-09-20 11:03 - 00000000 ____D C:\Users\Default\Application Data\hpqLog
2012-09-20 11:03 - 2012-09-20 11:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\hpqLog
2012-09-20 11:03 - 2012-09-20 11:03 - 00000000 ____D C:\Users\Default User\Application Data\hpqLog
2012-09-20 11:03 - 2012-09-20 11:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming\hpqLog
2012-09-20 11:02 - 2012-09-20 11:02 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2012-09-20 11:02 - 2012-09-20 11:02 - 00000000 ____D C:\Users\Owner\Application Data\hpqLog
2012-09-20 11:02 - 2012-09-20 11:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\hpqLog
2012-09-20 11:01 - 2012-09-20 11:02 - 00000000 ____D C:\Windows\QLB
2012-09-20 11:01 - 2009-04-29 03:46 - 00015872 ____A (Hewlett-Packard Development Company, L.P.) C:\Windows\System32\Drivers\HpqKbFiltr.sys
2012-09-20 11:01 - 2006-11-02 02:09 - 01419232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wdfcoinstaller01005.dll
2012-09-20 10:38 - 2012-09-20 10:39 - 00000000 ____D C:\Windows\System32\vi-VN
2012-09-20 10:38 - 2012-09-20 10:39 - 00000000 ____D C:\Windows\System32\eu-ES
2012-09-20 10:38 - 2012-09-20 10:39 - 00000000 ____D C:\Windows\System32\ca-ES
2012-09-20 10:17 - 2011-04-21 05:58 - 00273408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-09-20 02:18 - 2012-09-20 02:18 - 00000000 ____D C:\Users\Owner\Local Settings\Microsoft Help
2012-09-20 02:18 - 2012-09-20 02:18 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\Microsoft Help
2012-09-20 02:18 - 2012-09-20 02:18 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Help
2012-09-20 02:10 - 2011-07-06 07:31 - 00214016 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-09-20 02:10 - 2011-05-02 09:16 - 00739328 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-09-20 02:10 - 2011-04-29 05:25 - 00146432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-09-20 02:10 - 2011-04-29 05:25 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-09-20 02:10 - 2011-04-29 05:24 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-09-20 02:10 - 2011-04-29 05:24 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-09-20 02:10 - 2011-04-14 06:59 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2012-09-20 02:10 - 2011-04-12 08:07 - 00892416 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-09-19 13:43 - 2012-09-29 05:21 - 00000000 ____D C:\Windows\erdnt
2012-09-19 13:40 - 2012-09-19 13:40 - 00000000 ____D C:\Windows\System32\EventProviders
2012-09-18 18:20 - 2012-09-18 18:20 - 00066556 ____A C:\Windows\System32\.crusader
2012-09-18 18:13 - 2012-09-18 18:20 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-09-18 18:13 - 2012-09-18 18:20 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro
2012-09-18 18:13 - 2012-09-18 18:13 - 00000000 ____D C:\Program Files\HitmanPro
2012-09-18 18:06 - 2012-09-18 18:06 - 00217670 ____A C:\coreuninstall.log
2012-09-18 17:53 - 2008-12-07 11:43 - 00001922 ____A C:\Users\Public\Desktop\Panorama Maker 4.lnk
2012-09-18 17:53 - 2008-12-07 11:43 - 00001922 ____A C:\Users\All Users\Desktop\Panorama Maker 4.lnk
2012-09-18 17:53 - 2008-12-07 11:42 - 00002117 ____A C:\Users\Public\Desktop\Media Impression.lnk
2012-09-18 17:53 - 2008-12-07 11:42 - 00002117 ____A C:\Users\All Users\Desktop\Media Impression.lnk
2012-09-18 17:53 - 2008-12-07 11:35 - 00001850 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO -viewer-.lnk
2012-09-18 17:53 - 2008-12-07 11:35 - 00001850 ____A C:\Users\All Users\Desktop\PHOTOfunSTUDIO -viewer-.lnk
2012-09-18 17:53 - 2007-12-08 07:01 - 00001874 ____A C:\Users\Public\Desktop\Linksys EasyLink Advisor.lnk
2012-09-18 17:53 - 2007-12-08 07:01 - 00001874 ____A C:\Users\All Users\Desktop\Linksys EasyLink Advisor.lnk
2012-09-18 17:21 - 2009-03-08 03:34 - 00208384 ____A (Microsoft Corporation) C:\Windows\System32\WinFXDocObj.exe
2012-09-13 00:40 - 2012-09-14 04:29 - 00000368 ____A C:\Users\All Users\wpqG9OqrhbGwir
2012-09-13 00:40 - 2012-09-14 04:29 - 00000368 ____A C:\Users\All Users\Application Data\wpqG9OqrhbGwir
2012-09-13 00:40 - 2012-09-14 04:29 - 00000152 ____A C:\Users\All Users\-wpqG9OqrhbGwir
2012-09-13 00:40 - 2012-09-14 04:29 - 00000152 ____A C:\Users\All Users\Application Data\-wpqG9OqrhbGwir
2012-09-13 00:40 - 2012-09-13 00:40 - 00000168 ____A C:\Users\All Users\-wpqG9OqrhbGwirr
2012-09-13 00:40 - 2012-09-13 00:40 - 00000168 ____A C:\Users\All Users\Application Data\-wpqG9OqrhbGwirr

==================== 3 Months Modified Files ==================

2012-09-29 07:05 - 2007-09-04 02:02 - 02079347 ____A C:\Windows\WindowsUpdate.log
2012-09-29 07:05 - 2006-11-02 05:01 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-29 07:05 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-29 07:05 - 2006-11-02 04:47 - 00003168 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-29 07:05 - 2006-11-02 04:47 - 00003168 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-29 07:04 - 2008-12-24 18:20 - 00031871 ____A C:\Users\All Users\nvModes.dat
2012-09-29 07:04 - 2008-12-24 18:20 - 00031871 ____A C:\Users\All Users\nvModes.001
2012-09-29 07:04 - 2008-12-24 18:20 - 00031871 ____A C:\Users\All Users\Application Data\nvModes.dat
2012-09-29 07:04 - 2008-12-24 18:20 - 00031871 ____A C:\Users\All Users\Application Data\nvModes.001
2012-09-29 07:01 - 2006-11-02 02:33 - 00721582 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-29 06:59 - 2012-09-27 02:20 - 00013503 ____A C:\Windows\setupact.log
2012-09-29 06:11 - 2012-09-21 03:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-29 05:23 - 2012-09-29 05:23 - 00001802 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-29 05:23 - 2012-09-29 05:23 - 00001802 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-29 05:22 - 2012-09-29 05:22 - 20777760 ____A (SUPERAntiSpyware.com) C:\Users\Owner\Desktop\SUPERAntiSpyware.exe
2012-09-29 04:58 - 2007-08-04 18:35 - 00000147 ____A C:\Users\Public\Documents\hpqp.ini
2012-09-29 04:58 - 2007-08-04 18:35 - 00000147 ____A C:\Users\All Users\Documents\hpqp.ini
2012-09-29 04:57 - 2006-11-02 04:47 - 00354064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-29 04:56 - 2012-09-27 14:12 - 00001092 ____A C:\Windows\PFRO.log
2012-09-28 17:36 - 2012-09-28 17:36 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-28 17:36 - 2012-09-28 17:36 - 00000908 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-28 17:33 - 2012-09-28 17:33 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-27 14:46 - 2012-09-27 14:46 - 00034350 ____A C:\Users\Owner\Desktop\Extras.Txt
2012-09-27 14:44 - 2012-09-27 14:44 - 00132996 ____A C:\Users\Owner\Desktop\OTL.Txt
2012-09-27 14:22 - 2012-09-27 14:23 - 00602112 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2012-09-27 12:35 - 2012-09-27 12:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2012-09-27 12:35 - 2012-09-27 12:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2012-09-27 03:40 - 2012-09-27 03:40 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-09-27 03:40 - 2012-09-27 03:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-27 03:40 - 2012-09-27 03:40 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-27 03:40 - 2012-09-27 03:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-09-27 03:40 - 2012-09-27 03:40 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-09-27 03:40 - 2012-09-27 03:40 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-09-27 03:40 - 2012-09-27 03:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-27 03:40 - 2012-09-27 03:40 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-09-27 03:40 - 2012-09-27 03:40 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-09-27 03:40 - 2012-09-27 03:40 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-09-27 03:40 - 2012-09-27 03:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-09-27 03:40 - 2012-09-27 03:40 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-09-27 03:40 - 2012-09-27 03:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-09-27 03:40 - 2012-09-27 03:40 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-09-27 03:40 - 2012-09-27 03:36 - 00004020 ____A C:\Windows\IE9_main.log
2012-09-27 03:40 - 2006-11-01 22:32 - 00008798 ____A C:\Windows\System32\icrav03.rat
2012-09-27 03:40 - 2006-11-01 22:32 - 00001988 ____A C:\Windows\System32\ticrf.rat
2012-09-27 03:38 - 2012-09-27 03:38 - 02873344 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 01554432 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 01075712 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 01029120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00979456 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00974848 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00847360 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00667648 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2012-09-27 03:38 - 2012-09-27 03:38 - 00638336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-09-27 03:38 - 2012-09-27 03:38 - 00586240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00519680 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00486400 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00478720 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00369664 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00357376 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00321024 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00302592 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00261632 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
2012-09-27 03:38 - 2012-09-27 03:38 - 00252928 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
2012-09-27 03:38 - 2012-09-27 03:38 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00195584 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00189440 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-09-27 03:38 - 2012-09-27 03:38 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2012-09-27 02:20 - 2012-09-27 02:20 - 00000000 ____A C:\Windows\setuperr.log
2012-09-21 09:48 - 2012-09-21 09:48 - 00005357 ____A C:\Users\Owner\Desktop\ark.txt
2012-09-21 08:57 - 2012-09-21 08:57 - 00302592 ____A C:\Users\Owner\Desktop\v8nbd2kw.exe
2012-09-21 08:39 - 2012-09-21 08:39 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2012-09-21 08:39 - 2012-09-21 08:39 - 00000000 ____A C:\Users\Owner\defogger_reenable
2012-09-21 08:38 - 2012-09-21 08:38 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2012-09-21 08:37 - 2012-09-21 08:37 - 00050477 ____A C:\Users\Owner\Desktop\Defogger.exe
2012-09-21 03:11 - 2012-09-21 03:11 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-09-21 03:11 - 2012-09-21 03:11 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-21 03:09 - 2012-09-20 11:37 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-21 02:50 - 2012-09-21 02:50 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2012-09-21 02:40 - 2012-09-20 11:48 - 00000000 __AHT C:\Windows\wusa.lock
2012-09-20 11:02 - 2012-09-20 11:02 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2012-09-20 10:07 - 2007-12-12 08:45 - 00000680 ____A C:\Users\Owner\Local Settings\d3d9caps.dat
2012-09-20 10:07 - 2007-12-12 08:45 - 00000680 ____A C:\Users\Owner\Local Settings\Application Data\d3d9caps.dat
2012-09-20 10:07 - 2007-12-12 08:45 - 00000680 ____A C:\Users\Owner\AppData\Local\d3d9caps.dat
2012-09-18 18:20 - 2012-09-18 18:20 - 00066556 ____A C:\Windows\System32\.crusader
2012-09-18 18:06 - 2012-09-18 18:06 - 00217670 ____A C:\coreuninstall.log
2012-09-14 04:29 - 2012-09-13 00:40 - 00000368 ____A C:\Users\All Users\wpqG9OqrhbGwir
2012-09-14 04:29 - 2012-09-13 00:40 - 00000368 ____A C:\Users\All Users\Application Data\wpqG9OqrhbGwir
2012-09-14 04:29 - 2012-09-13 00:40 - 00000152 ____A C:\Users\All Users\-wpqG9OqrhbGwir
2012-09-14 04:29 - 2012-09-13 00:40 - 00000152 ____A C:\Users\All Users\Application Data\-wpqG9OqrhbGwir
2012-09-13 00:40 - 2012-09-13 00:40 - 00000168 ____A C:\Users\All Users\-wpqG9OqrhbGwirr
2012-09-13 00:40 - 2012-09-13 00:40 - 00000168 ____A C:\Users\All Users\Application Data\-wpqG9OqrhbGwirr
2012-09-07 13:04 - 2012-09-28 17:36 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-30 20:12 - 2006-11-02 02:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-04 06:02 - 2012-09-27 03:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-20 10:15:17
Restore point made on: 2012-09-20 10:56:22
Restore point made on: 2012-09-21 05:06:21
Restore point made on: 2012-09-21 08:27:18
Restore point made on: 2012-09-21 10:03:02
Restore point made on: 2012-09-27 02:18:07
Restore point made on: 2012-09-27 03:14:18
Restore point made on: 2012-09-29 05:16:17

==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 1982.31 MB
Available physical RAM: 1476.84 MB
Total Pagefile: 1714.06 MB
Available Pagefile: 1544.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1990.14 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:103.38 GB) (Free:52.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:111.79 GB) (Free:111.7 GB) NTFS
3 Drive e: (HP_RECOVERY) (Fixed) (Total:8.41 GB) (Free:1.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:1.91 GB) (Free:1.91 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 0 B
Disk 1 Online 112 GB 1528 KB
Disk 2 Online 1960 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 103 GB 32 KB
Partition 2 Primary 8 GB 103 GB
Partition 3 Primary 2544 KB 112 GB
Partition 4 Primary 8 KB 112 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C OS NTFS Partition 103 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E HP_RECOVERY NTFS Partition 8 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 112 GB 32 KB

=========================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 112 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1960 MB 248 KB

=========================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 F FAT32 Removable 1960 MB Healthy

=========================================================

Last Boot: 2012-09-29 05:03

==================== End Of Log ============================

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 PM

Posted 29 September 2012 - 12:31 PM

[*]Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\$NtUninstallKB62280$
end

Boot into the Boot CD and run the tool as you did before.
Press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Run ComboFix and post the log if you can.

Let me know if you have any other issues other then ComboFix.

#12 KennethT

KennethT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 29 September 2012 - 02:48 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-09-2012
Ran by SYSTEM at 2012-09-29 13:53:16 Run:1
Running from F:\

==============================================

C:\Windows\$NtUninstallKB62280$ moved successfully.

==== End of Fixlog ====

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 PM

Posted 30 September 2012 - 07:07 AM

Any remaining issues with this computer?

#14 KennethT

KennethT
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 30 September 2012 - 11:56 AM

I'm still not able to run Combofix to completion. It actually started hanging earlier after the last fix. It didn't give me the zeroaccess warning, it didn't give me any warning, hard drive activity stopped about 5 minutes into it running and never started the stages after running for 2 hours in safe mode and 2 hours in normal Windows startup. Should this concern me?

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 PM

Posted 30 September 2012 - 01:16 PM

This error message from the Farbar Recovery Scan Tool (FRST) scan cought my attention.

ATTENTION: Unable to laod Software hive.


Note laod should be load.

Meaning that your registry may be corrupted.

How is the computer performing?

Let see the result of this scan.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users