TechSpot

Google redirect virus

By tameus1
Jul 9, 2012
  1. Hello, I believe I have a google redirect virus affecting my computer. A few notes...
    1. Safe mode will not load, it just reboots.
    2. Google gets redirected, yahoo does at random times
    Thanks in advance.

    mbam log

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.07.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    user :: TAMEUS [administrator]

    7/9/2012 7:15:52 PM
    mbam-log-2012-07-09 (19-15-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 243066
    Time elapsed: 19 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\n. -> Quarantined and deleted successfully.

    Registry Data Items Detected: 1
    HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{51e41825-a513-84a7-8932-86398a66071f}\n.) Good: (wbemess.dll) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\WINDOWS\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\WINDOWS\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.

    (end)

    GMER log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-09 19:11:21
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000032 Hitachi_HDS721680PLA380 rev.P21OABEA
    Running: 2kzgxo6y.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pwtdipow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 MBR read error
    Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

    ---- Devices - GMER 1.0.15 ----

    Device \Device\00000071 -> \??\IDE#DiskHitachi_HDS721680PLA380_________________P21OABEA#202020202020565038463430335A475538584E4A#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----

    DDS log

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_29
    Run by user at 19:13:06 on 2012-07-09
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.677 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
    C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\NETGEAR\WG111T\wlan111t.exe
    C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    "C:\WINDOWS\System32\svchost.exe" -k LocalServiceDns
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    "C:\WINDOWS\System32\svchost.exe" -k LocalServiceDns
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    mDefault_Page_URL = hxxp://www.yahoo.com/?.home=ytie
    mStart Page = hxxp://www.yahoo.com/?.home=ytie
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [EPSON WorkForce 435 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatihra.exe /fu "c:\docume~1\user\locals~1\temp\E_SFC.tmp" /EF "HKCU"
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SkyTel] SkyTel.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
    mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    dRun: [Adobe] rundll32.exe "c:\documents and settings\user\local settings\application data\ahead\adobe\sntgqwvip.dll",CreateInstance
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~2.lnk - c:\program files\netgear\wna3100\WNA3100.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    uPolicies-explorer: <NO NAME> =
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    LSP: mswsock.dll
    Trusted Zone: intuit.com\ttlc
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301776445218
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{438FB883-A8D6-4C2F-90DC-8821C3C87A0B} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B3BA2CA1-666E-467E-A7FA-CC11D685D771} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{CE2642E7-A62D-4365-8734-B5229C2666AC} : DhcpNameServer = 192.168.1.1
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks pro\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\hiaqg9mz.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxps://login.secureserver.net/index.php?app=wbe&logout=1|https://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\hiaqg9mz.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\plugins\np-mswmp.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
    R1 Ext2FS;Ext2FS;c:\windows\system32\drivers\ext2fs.sys [2009-10-1 37840]
    R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-3-17 513408]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672]
    R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
    R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2011-12-7 285152]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2011-12-7 642432]
    S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.SYS [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-12 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-1 253600]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2007-10-18 17149]
    S3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [2001-7-13 1745168]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-12 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-25 113120]
    S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-12-7 50704]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-1-25 96488]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-1-25 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-1-25 121576]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-07-08 19:56:21 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c783904-ab2e-4133-b750-cb4fa49057f9}\mpengine.dll
    2012-07-08 19:50:12 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-08 00:26:43 -------- d-----w- c:\windows\pss
    2012-07-07 21:40:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-29 04:21:27 -------- d-----w- c:\program files\CCleaner
    2012-06-25 23:05:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-06-17 06:23:17 -------- d-----w- c:\documents and settings\user\ZipForm
    .
    ==================== Find3M ====================
    .
    2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
    2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-05-02 04:27:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-02 04:27:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-20 19:29:52 81920 ----a-w- c:\windows\system32\ieencode.dll
    2012-04-20 19:29:52 61952 ----a-w- c:\windows\system32\tdc.ocx
    2012-04-19 12:44:57 369664 ----a-w- c:\windows\system32\html.iec
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: Hitachi_HDS721680PLA380 rev.P21OABEA -> Harddisk0\DR0 -> \Device\00000032
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AF524B1]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8af5993c]; MOV EAX, [0x8af59ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8B052AB8]
    3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\00000072[0x8B01BAC0]
    5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8AFF9030]
    \Driver\nvata[0x8AFDDF38] -> IRP_MJ_CREATE -> 0x8AF524B1
    error: Read Incorrect function.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\00000071 -> \??\IDE#DiskHitachi_HDS721680PLA380_________________P21OABEA#202020202020565038463430335A475538584E4A#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 19:14:41.93 ===============
    ATTACH log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/16/2007 1:18:47 PM
    System Uptime: 7/9/2012 6:54:14 PM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5N-E SLI
    Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2333/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 20.347 GiB free.
    D: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    Z: - No root directory. Drive type could not be determined.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
    Description: Officejet Pro 8500 A909g
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: 8500 A909g,192.168.1.3
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Officejet Pro 8500 A909g
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet Pro 8500 A909g
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
    Description: Officejet Pro 8500 A909g
    Device ID: ROOT\PRINTER\0000
    Manufacturer: HP
    Name: Officejet Pro 8500 A909g
    PNP Device ID: ROOT\PRINTER\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP855: 6/8/2012 10:50:56 PM - Software Distribution Service 3.0
    RP856: 6/9/2012 10:19:55 PM - Software Distribution Service 3.0
    RP857: 6/9/2012 11:45:28 PM - Software Distribution Service 3.0
    RP858: 6/10/2012 2:12:32 PM - Software Distribution Service 3.0
    RP859: 6/10/2012 4:13:57 PM - Software Distribution Service 3.0
    RP860: 6/11/2012 3:00:16 AM - Software Distribution Service 3.0
    RP861: 6/11/2012 8:57:24 PM - Software Distribution Service 3.0
    RP862: 6/11/2012 9:05:20 PM - Software Distribution Service 3.0
    RP863: 6/11/2012 11:19:44 PM - Software Distribution Service 3.0
    RP864: 6/12/2012 11:38:09 PM - Software Distribution Service 3.0
    RP865: 6/13/2012 5:36:26 PM - Software Distribution Service 3.0
    RP866: 6/13/2012 11:58:27 PM - Software Distribution Service 3.0
    RP867: 6/15/2012 12:21:07 AM - System Checkpoint
    RP868: 6/15/2012 3:00:23 AM - Software Distribution Service 3.0
    RP869: 6/16/2012 3:00:21 AM - Software Distribution Service 3.0
    RP870: 6/16/2012 5:16:24 PM - Software Distribution Service 3.0
    RP871: 6/17/2012 12:42:20 AM - Software Distribution Service 3.0
    RP872: 6/17/2012 8:12:26 PM - Software Distribution Service 3.0
    RP873: 6/18/2012 1:01:06 AM - Software Distribution Service 3.0
    RP874: 6/18/2012 11:33:10 PM - Software Distribution Service 3.0
    RP875: 6/19/2012 6:55:24 PM - Software Distribution Service 3.0
    RP876: 6/19/2012 11:26:39 PM - Software Distribution Service 3.0
    RP877: 6/20/2012 9:45:52 PM - Software Distribution Service 3.0
    RP878: 6/21/2012 12:38:07 AM - Software Distribution Service 3.0
    RP879: 6/22/2012 8:42:49 PM - Software Distribution Service 3.0
    RP880: 6/22/2012 11:07:03 PM - Software Distribution Service 3.0
    RP881: 6/23/2012 9:14:20 PM - Software Distribution Service 3.0
    RP882: 6/24/2012 1:47:45 PM - Software Distribution Service 3.0
    RP883: 6/24/2012 11:38:22 PM - Software Distribution Service 3.0
    RP884: 6/25/2012 11:17:49 AM - Software Distribution Service 3.0
    RP885: 6/25/2012 7:59:14 PM - Software Distribution Service 3.0
    RP886: 6/26/2012 3:00:18 AM - Software Distribution Service 3.0
    RP887: 6/26/2012 7:53:54 PM - Software Distribution Service 3.0
    RP888: 6/27/2012 10:24:04 PM - Software Distribution Service 3.0
    RP889: 6/28/2012 3:00:24 AM - Software Distribution Service 3.0
    RP890: 6/28/2012 8:15:27 PM - Software Distribution Service 3.0
    RP891: 6/29/2012 3:00:15 AM - Software Distribution Service 3.0
    RP892: 7/1/2012 1:01:34 PM - Software Distribution Service 3.0
    RP893: 7/1/2012 1:11:28 PM - Software Distribution Service 3.0
    RP894: 7/1/2012 3:45:35 PM - Software Distribution Service 3.0
    RP895: 7/1/2012 3:55:19 PM - Software Distribution Service 3.0
    RP896: 7/2/2012 6:37:18 PM - Software Distribution Service 3.0
    RP897: 7/2/2012 11:56:57 PM - Software Distribution Service 3.0
    RP898: 7/4/2012 1:28:09 AM - Software Distribution Service 3.0
    RP899: 7/4/2012 12:51:48 PM - Software Distribution Service 3.0
    RP900: 7/4/2012 3:35:31 PM - Software Distribution Service 3.0
    RP901: 7/5/2012 12:43:40 AM - Software Distribution Service 3.0
    RP902: 7/6/2012 12:32:45 AM - Software Distribution Service 3.0
    RP903: 7/6/2012 1:42:54 AM - Software Distribution Service 3.0
    RP904: 7/6/2012 6:51:09 PM - Software Distribution Service 3.0
    RP905: 7/6/2012 10:19:41 PM - Software Distribution Service 3.0
    RP906: 7/6/2012 11:38:41 PM - Software Distribution Service 3.0
    RP907: 7/7/2012 9:42:02 AM - Software Distribution Service 3.0
    RP908: 7/7/2012 9:59:20 AM - Software Distribution Service 3.0
    RP909: 7/8/2012 12:29:54 AM - Software Distribution Service 3.0
    RP910: 7/8/2012 12:06:38 PM - Software Distribution Service 3.0
    RP911: 7/8/2012 12:33:09 PM - Removed Microsoft Silverlight
    RP912: 7/8/2012 12:33:57 PM - Removed The Witcher
    RP913: 7/8/2012 12:35:12 PM - Software Distribution Service 3.0
    RP914: 7/9/2012 5:50:49 PM - System Checkpoint
    RP915: 7/9/2012 6:43:59 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    .
    32 Bit HP CIO Components Installer
    8500A909_eDocs
    8500A909_Help
    8500A909g
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Amazon Software Downloader
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Bonjour
    BPD_DSWizards
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Click to Call with Skype
    Compatibility Pack for the 2007 Office system
    Creative Software AutoUpdate
    Creative System Information
    DivX Content Uploader
    DivX Web Player
    DocProc
    Epson Connect
    Epson Customer Participation
    Epson FAX Utility
    Epson PC-FAX Driver
    EPSON Scan
    EPSON WorkForce 435 Series Printer Uninstall
    EpsonNet Print
    ESET Online Scanner v3
    FINAL FANTASY XIV
    Google Chrome
    Google Earth
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HPSSupply
    InfraRecorder
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    Kies mini
    Magic DVD Ripper V5.5.1
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office XP Professional with FrontPage
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MobileMe Control Panel
    Mozilla Firefox 11.0 (x86 en-US)
    MPM
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nero BurnLite 10
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero OEM
    Nero Toolbar Updater
    Nero Update
    NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
    NETGEAR WNA3100 wireless USB 2.0 adapter
    Network
    NVDVD
    NVIDIA Drivers
    NVIDIA PhysX v8.10.13
    OCCT Perestroika 2.0.1
    OCR Software by I.R.I.S. 12.0
    Officejet Pro 8500 A909 Series
    PrimoPDF -- brought to you by Nitro PDF Software
    ProductContext
    QuickBooks
    QuickBooks Premier: Retail Edition 2008
    QuickBooks Pro 2009
    QuickTime
    Realtek High Definition Audio Driver
    SAMSUNG USB Driver for Mobile Phones
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2482017)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2497640)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2530548)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2559049)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2586448)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618444)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647516)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2675157)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2699988)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Shop for HP Supplies
    Skype™ 5.5
    Sound Blaster X-Fi
    Spybot - Search & Destroy
    SupportSoft Assisted Service
    Toolbox
    TurboTax 2008
    TurboTax 2008 wcaiper
    TurboTax 2008 wcalbpm
    TurboTax 2008 wcasbpm
    TurboTax 2008 whiiper
    TurboTax 2008 WinBizFedFormset
    TurboTax 2008 WinBizProgramHelp
    TurboTax 2008 WinBizReleaseEngine
    TurboTax 2008 WinBizTaxSupport
    TurboTax 2008 WinBizUserEducation
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 wcaiper
    TurboTax 2009 wcalbpm
    TurboTax 2009 wcasbpm
    TurboTax 2009 whiiper
    TurboTax 2009 WinBizFedFormset
    TurboTax 2009 WinBizReleaseEngine
    TurboTax 2009 WinBizTaxSupport
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax 2010
    TurboTax 2010 wcaiper
    TurboTax 2010 wcalbpm
    TurboTax 2010 wcasbpm
    TurboTax 2010 whiiper
    TurboTax 2010 WinBizFedFormset
    TurboTax 2010 WinBizReleaseEngine
    TurboTax 2010 WinBizTaxSupport
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax 2011
    TurboTax 2011 wcaiper
    TurboTax 2011 wcasbpm
    TurboTax 2011 whiiper
    TurboTax 2011 WinBizFedFormset
    TurboTax 2011 WinBizReleaseEngine
    TurboTax 2011 WinBizTaxSupport
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wrapper
    TurboTax Business 2007
    TurboTax Business 2008
    TurboTax Business 2009
    TurboTax Business 2010
    TurboTax Business 2011
    TurboTax Deluxe 2007
    TurboTax Home & Business 2007
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Yahoo! Messenger
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/9/2012 6:56:22 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9ef28cd, parameter3 9d07d2cc, parameter4 00000000.
    7/9/2012 3:34:35 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    7/8/2012 12:53:23 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    7/8/2012 12:53:23 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    7/7/2012 9:39:05 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
    7/7/2012 9:39:05 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/7/2012 9:37:03 AM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 1.129.1102.0;1.129.1102.0 Engine version: 1.1.8502.0
    7/7/2012 5:23:11 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    7/7/2012 4:47:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus SASKUTIL
    7/7/2012 12:52:48 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
    7/6/2012 6:54:40 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
    7/6/2012 6:54:40 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).
    7/6/2012 6:50:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
    7/6/2012 6:49:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Net Driver HPZ12 service to connect.
    7/6/2012 6:49:44 PM, error: Service Control Manager [7000] - The Net Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/6/2012 5:05:07 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
    7/6/2012 12:22:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    7/6/2012 12:22:30 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/6/2012 11:22:48 PM, error: Service Control Manager [7023] - The Security Center service terminated with the following error: %%16389
    7/6/2012 10:16:29 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WSWNA3100 service.
    7/6/2012 10:14:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WMDM PMSP Service service to connect.
    7/6/2012 10:14:35 PM, error: Service Control Manager [7000] - The WMDM PMSP Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/6/2012 10:14:35 PM, error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The system cannot find the file specified.
    7/3/2012 10:37:25 PM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==============================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. tameus1

    tameus1 TS Rookie Topic Starter Posts: 23

    RogueKiller will not run, computer just reboots. Renamed to winlogon.exe and had same result.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-09 21:10:39
    -----------------------------
    21:10:39.578 OS Version: Windows 5.1.2600 Service Pack 3
    21:10:39.578 Number of processors: 2 586 0xF0B
    21:10:39.578 ComputerName: TAMEUS UserName: user
    21:10:42.125 Initialize success
    21:22:31.968 AVAST engine defs: 12070901
    21:22:42.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
    21:22:42.546 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OABEA Size: 76319MB BusType: 3
    21:22:42.546 Device \Device\00000071 -> \??\IDE#DiskHitachi_HDS721680PLA380_________________P21OABEA#202020202020565038463430335A475538584E4A#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
    21:22:42.546 Disk 0 MBR read error 0
    21:22:42.546 Disk 0 MBR scan
    21:22:42.609 Disk 0 unknown MBR code
    21:22:42.609 MBR BIOS signature not found 0
    21:22:42.609 Disk 0 scanning sectors +156280320
    21:22:42.671 Disk 0 scanning C:\WINDOWS\system32\drivers
    21:22:59.593 Service scanning
    21:23:25.593 Modules scanning
    21:23:50.250 Disk 0 trace - called modules:
    21:23:50.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8af4e4b1]<<
    21:23:50.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b052ab8]
    21:23:50.250 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000072[0x8b01bac0]
    21:23:50.250 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8aff9030]
    21:23:50.250 \Driver\nvata[0x8b08ee30] -> IRP_MJ_CREATE -> 0x8af4e4b1
    21:23:51.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
    21:23:51.437 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-09 21:10:39
    -----------------------------
    21:10:39.578 OS Version: Windows 5.1.2600 Service Pack 3
    21:10:39.578 Number of processors: 2 586 0xF0B
    21:10:39.578 ComputerName: TAMEUS UserName: user
    21:10:42.125 Initialize success
    21:22:31.968 AVAST engine defs: 12070901
    21:22:42.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
    21:22:42.546 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OABEA Size: 76319MB BusType: 3
    21:22:42.546 Device \Device\00000071 -> \??\IDE#DiskHitachi_HDS721680PLA380_________________P21OABEA#202020202020565038463430335A475538584E4A#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
    21:22:42.546 Disk 0 MBR read error 0
    21:22:42.546 Disk 0 MBR scan
    21:22:42.609 Disk 0 unknown MBR code
    21:22:42.609 MBR BIOS signature not found 0
    21:22:42.609 Disk 0 scanning sectors +156280320
    21:22:42.671 Disk 0 scanning C:\WINDOWS\system32\drivers
    21:22:59.593 Service scanning
    21:23:25.593 Modules scanning
    21:23:50.250 Disk 0 trace - called modules:
    21:23:50.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8af4e4b1]<<
    21:23:50.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b052ab8]
    21:23:50.250 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000072[0x8b01bac0]
    21:23:50.250 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8aff9030]
    21:23:50.250 \Driver\nvata[0x8b08ee30] -> IRP_MJ_CREATE -> 0x8af4e4b1
    21:23:51.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
    21:23:51.437 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"
    21:23:52.500 AVAST engine scan C:\WINDOWS
    21:24:01.796 AVAST engine scan C:\WINDOWS\system32
    21:27:37.671 AVAST engine scan C:\WINDOWS\system32\drivers
    21:28:00.906 AVAST engine scan C:\Documents and Settings\user
    21:33:54.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
    21:33:54.656 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. tameus1

    tameus1 TS Rookie Topic Starter Posts: 23

    19:22:38.0510 4772 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
    19:22:39.0026 4772 ============================================================
    19:22:39.0026 4772 Current date / time: 2012/07/10 19:22:39.0026
    19:22:39.0026 4772 SystemInfo:
    19:22:39.0026 4772
    19:22:39.0026 4772 OS Version: 5.1.2600 ServicePack: 3.0
    19:22:39.0026 4772 Product type: Workstation
    19:22:39.0026 4772 ComputerName: TAMEUS
    19:22:39.0026 4772 UserName: user
    19:22:39.0026 4772 Windows directory: C:\WINDOWS
    19:22:39.0026 4772 System windows directory: C:\WINDOWS
    19:22:39.0026 4772 Processor architecture: Intel x86
    19:22:39.0026 4772 Number of processors: 2
    19:22:39.0026 4772 Page size: 0x1000
    19:22:39.0026 4772 Boot type: Normal boot
    19:22:39.0026 4772 ============================================================
    19:22:43.0651 4772 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    19:22:43.0698 4772 ============================================================
    19:22:43.0713 4772 \Device\Harddisk0\DR0:
    19:22:43.0713 4772 MBR partitions:
    19:22:43.0713 4772 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
    19:22:43.0713 4772 ============================================================
    19:22:43.0791 4772 C: <-> \Device\Harddisk0\DR0\Partition0
    19:22:44.0151 4772 ============================================================
    19:22:44.0151 4772 Initialize success
    19:22:44.0151 4772 ============================================================
    19:22:58.0573 5748 ============================================================
    19:22:58.0573 5748 Scan started
    19:22:58.0573 5748 Mode: Manual;
    19:22:58.0573 5748 ============================================================
    19:23:07.0854 5748 Abiosdsk - ok
    19:23:07.0854 5748 abp480n5 - ok
    19:23:08.0182 5748 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    19:23:08.0229 5748 ACPI - ok
    19:23:08.0323 5748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    19:23:08.0323 5748 ACPIEC - ok
    19:23:08.0541 5748 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    19:23:08.0557 5748 AdobeFlashPlayerUpdateSvc - ok
    19:23:08.0557 5748 adpu160m - ok
    19:23:08.0588 5748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    19:23:08.0588 5748 aec - ok
    19:23:08.0635 5748 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    19:23:08.0635 5748 AegisP - ok
    19:23:08.0745 5748 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    19:23:08.0745 5748 AFD - ok
    19:23:08.0745 5748 Aha154x - ok
    19:23:08.0760 5748 aic78u2 - ok
    19:23:08.0760 5748 aic78xx - ok
    19:23:08.0791 5748 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    19:23:08.0807 5748 Alerter - ok
    19:23:08.0838 5748 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    19:23:08.0838 5748 ALG - ok
    19:23:08.0838 5748 AliIde - ok
    19:23:08.0838 5748 amsint - ok
    19:23:08.0979 5748 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:23:08.0979 5748 Apple Mobile Device - ok
    19:23:09.0026 5748 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    19:23:09.0026 5748 AppMgmt - ok
    19:23:09.0120 5748 AR5523 (92637b97f57c1669d521a54482c4579c) C:\WINDOWS\system32\DRIVERS\WG11TND5.sys
    19:23:09.0120 5748 AR5523 - ok
    19:23:09.0166 5748 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    19:23:09.0166 5748 Arp1394 - ok
    19:23:09.0166 5748 asc - ok
    19:23:09.0166 5748 asc3350p - ok
    19:23:09.0166 5748 asc3550 - ok
    19:23:09.0479 5748 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    19:23:09.0526 5748 aspnet_state - ok
    19:23:09.0557 5748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    19:23:09.0573 5748 AsyncMac - ok
    19:23:09.0651 5748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    19:23:09.0651 5748 atapi - ok
    19:23:09.0651 5748 Atdisk - ok
    19:23:09.0729 5748 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
    19:23:09.0729 5748 atksgt - ok
    19:23:09.0963 5748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    19:23:09.0963 5748 Atmarpc - ok
    19:23:09.0995 5748 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    19:23:09.0995 5748 AudioSrv - ok
    19:23:10.0026 5748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    19:23:10.0026 5748 audstub - ok
    19:23:10.0166 5748 BCMH43XX (b770039886598aab7cf5eaeec2409e31) C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
    19:23:10.0166 5748 BCMH43XX - ok
    19:23:10.0198 5748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    19:23:10.0198 5748 Beep - ok
    19:23:10.0245 5748 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    19:23:10.0354 5748 BITS - ok
    19:23:10.0557 5748 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    19:23:10.0557 5748 Bonjour Service - ok
    19:23:10.0604 5748 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    19:23:10.0604 5748 Browser - ok
    19:23:10.0682 5748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    19:23:10.0682 5748 cbidf2k - ok
    19:23:10.0682 5748 cd20xrnt - ok
    19:23:10.0713 5748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    19:23:10.0713 5748 Cdaudio - ok
    19:23:10.0745 5748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    19:23:10.0745 5748 Cdfs - ok
    19:23:10.0760 5748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    19:23:10.0760 5748 Cdrom - ok
    19:23:10.0760 5748 Changer - ok
    19:23:10.0776 5748 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    19:23:10.0776 5748 CiSvc - ok
    19:23:10.0776 5748 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    19:23:10.0791 5748 ClipSrv - ok
    19:23:10.0948 5748 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:23:11.0010 5748 clr_optimization_v2.0.50727_32 - ok
    19:23:11.0057 5748 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:23:11.0057 5748 clr_optimization_v4.0.30319_32 - ok
    19:23:11.0057 5748 CmdIde - ok
    19:23:11.0057 5748 COMSysApp - ok
    19:23:11.0073 5748 Cpqarray - ok
    19:23:11.0104 5748 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    19:23:11.0104 5748 CryptSvc - ok
    19:23:11.0182 5748 ctac32k (04a43d6b00bf09b2d5cffcd3c5790741) C:\WINDOWS\system32\drivers\ctac32k.sys
    19:23:11.0182 5748 ctac32k - ok
    19:23:11.0213 5748 ctaud2k (f501738d0bf4de69f7307109efa0246c) C:\WINDOWS\system32\drivers\ctaud2k.sys
    19:23:11.0229 5748 ctaud2k - ok
    19:23:11.0291 5748 ctdvda2k (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\drivers\ctdvda2k.sys
    19:23:11.0291 5748 ctdvda2k - ok
    19:23:11.0338 5748 ctprxy2k (e3aad66077b2594503ab11a31c3d2e7d) C:\WINDOWS\system32\drivers\ctprxy2k.sys
    19:23:11.0338 5748 ctprxy2k - ok
    19:23:11.0370 5748 ctsfm2k (72c73af1a60321d7e3aaa61859a32f0b) C:\WINDOWS\system32\drivers\ctsfm2k.sys
    19:23:11.0370 5748 ctsfm2k - ok
    19:23:11.0370 5748 dac2w2k - ok
    19:23:11.0370 5748 dac960nt - ok
    19:23:11.0432 5748 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    19:23:11.0448 5748 DcomLaunch - ok
    19:23:11.0495 5748 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    19:23:11.0510 5748 Dhcp - ok
    19:23:11.0541 5748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    19:23:11.0541 5748 Disk - ok
    19:23:11.0557 5748 dmadmin - ok
    19:23:11.0588 5748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    19:23:11.0588 5748 dmboot - ok
    19:23:11.0620 5748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    19:23:11.0620 5748 dmio - ok
    19:23:11.0635 5748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    19:23:11.0635 5748 dmload - ok
    19:23:11.0666 5748 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    19:23:11.0666 5748 dmserver - ok
    19:23:11.0666 5748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    19:23:11.0666 5748 DMusic - ok
    19:23:11.0698 5748 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
    19:23:11.0698 5748 DNINDIS5 - ok
    19:23:11.0729 5748 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    19:23:11.0729 5748 Dnscache - ok
    19:23:11.0776 5748 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    19:23:11.0776 5748 Dot3svc - ok
    19:23:11.0776 5748 dpti2o - ok
    19:23:11.0838 5748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    19:23:11.0838 5748 drmkaud - ok
    19:23:11.0870 5748 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    19:23:11.0870 5748 EapHost - ok
    19:23:11.0932 5748 emu10kx (d861ba9d8a688320daeee8e03129f1c1) C:\WINDOWS\system32\drivers\e10kx2k.sys
    19:23:11.0963 5748 emu10kx - ok
    19:23:12.0057 5748 emupia (bb1d92ac27b6129d3bef215c5a1b9a84) C:\WINDOWS\system32\drivers\emupia2k.sys
    19:23:12.0057 5748 emupia - ok
    19:23:12.0088 5748 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
    19:23:12.0088 5748 ENTECH - ok
    19:23:12.0166 5748 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    19:23:12.0182 5748 EpsonBidirectionalService - ok
    19:23:12.0229 5748 EpsonCustomerParticipation (cf5dd6219185b18f7f8d8ce0142fd13f) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    19:23:12.0245 5748 EpsonCustomerParticipation - ok
    19:23:12.0354 5748 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    19:23:12.0385 5748 ERSvc - ok
    19:23:12.0463 5748 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    19:23:12.0463 5748 Eventlog - ok
    19:23:12.0698 5748 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    19:23:12.0791 5748 EventSystem - ok
    19:23:12.0870 5748 Ext2FS (013d5f2774a2173a4f1cb00a68a812c1) C:\WINDOWS\system32\drivers\Ext2FS.sys
    19:23:12.0870 5748 Ext2FS - ok
    19:23:12.0916 5748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    19:23:12.0932 5748 Fastfat - ok
    19:23:12.0932 5748 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    19:23:12.0932 5748 FastUserSwitchingCompatibility - ok
    19:23:12.0948 5748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    19:23:12.0948 5748 Fdc - ok
    19:23:12.0948 5748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    19:23:12.0948 5748 Fips - ok
    19:23:12.0963 5748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    19:23:12.0963 5748 Flpydisk - ok
    19:23:13.0026 5748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    19:23:13.0026 5748 FltMgr - ok
    19:23:13.0385 5748 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    19:23:13.0416 5748 FontCache3.0.0.0 - ok
    19:23:13.0479 5748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    19:23:13.0479 5748 Fs_Rec - ok
    19:23:13.0604 5748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    19:23:13.0651 5748 Ftdisk - ok
    19:23:13.0666 5748 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    19:23:13.0666 5748 gameenum - ok
    19:23:13.0838 5748 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    19:23:13.0838 5748 GEARAspiWDM - ok
    19:23:13.0901 5748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    19:23:13.0901 5748 Gpc - ok
    19:23:14.0198 5748 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    19:23:14.0198 5748 gupdate - ok
    19:23:14.0198 5748 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    19:23:14.0198 5748 gupdatem - ok
    19:23:14.0260 5748 ha20x2k (b70a5f66a5505da65e54a4c2bab4c78f) C:\WINDOWS\system32\drivers\ha20x2k.sys
    19:23:14.0260 5748 ha20x2k - ok
    19:23:14.0354 5748 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    19:23:14.0354 5748 HDAudBus - ok
    19:23:14.0588 5748 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    19:23:14.0635 5748 helpsvc - ok
    19:23:14.0635 5748 HidServ - ok
    19:23:14.0760 5748 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    19:23:14.0760 5748 HidUsb - ok
    19:23:14.0885 5748 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    19:23:14.0885 5748 hkmsvc - ok
    19:23:14.0885 5748 hpn - ok
    19:23:15.0245 5748 HPSLPSVC (14229263aa19c704e0d6d2e7404a8455) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL
    19:23:15.0354 5748 HPSLPSVC - ok
    19:23:15.0495 5748 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    19:23:15.0510 5748 HPZid412 - ok
    19:23:15.0588 5748 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    19:23:15.0588 5748 HPZipr12 - ok
    19:23:15.0651 5748 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    19:23:15.0651 5748 HPZius12 - ok
    19:23:15.0870 5748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    19:23:15.0901 5748 HTTP - ok
    19:23:15.0995 5748 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    19:23:15.0995 5748 HTTPFilter - ok
    19:23:15.0995 5748 i2omgmt - ok
    19:23:16.0010 5748 i2omp - ok
    19:23:16.0073 5748 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    19:23:16.0073 5748 i8042prt - ok
    19:23:16.0713 5748 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    19:23:16.0838 5748 idsvc - ok
    19:23:16.0932 5748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    19:23:16.0932 5748 Imapi - ok
    19:23:16.0963 5748 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    19:23:16.0963 5748 ImapiService - ok
    19:23:16.0979 5748 ini910u - ok
    19:23:18.0198 5748 IntcAzAudAddService (60d7460b07012d364ced11dd9fd83e1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    19:23:19.0073 5748 IntcAzAudAddService - ok
    19:23:19.0370 5748 IntelIde - ok
    19:23:19.0526 5748 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    19:23:19.0526 5748 intelppm - ok
    19:23:19.0776 5748 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    19:23:19.0776 5748 IntuitUpdateService - ok
    19:23:19.0838 5748 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    19:23:19.0838 5748 IntuitUpdateServiceV4 - ok
    19:23:19.0932 5748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    19:23:19.0948 5748 Ip6Fw - ok
    19:23:20.0057 5748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    19:23:20.0057 5748 IpFilterDriver - ok
    19:23:20.0088 5748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    19:23:20.0088 5748 IpInIp - ok
    19:23:20.0104 5748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    19:23:20.0104 5748 IpNat - ok
    19:23:20.0682 5748 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
    19:23:20.0682 5748 iPod Service - ok
    19:23:20.0713 5748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    19:23:20.0713 5748 IPSec - ok
    19:23:20.0729 5748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    19:23:20.0729 5748 IRENUM - ok
    19:23:20.0776 5748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    19:23:20.0807 5748 isapnp - ok
    19:23:20.0979 5748 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
    19:23:20.0979 5748 JavaQuickStarterService - ok
    19:23:21.0041 5748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    19:23:21.0041 5748 Kbdclass - ok
    19:23:21.0073 5748 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    19:23:21.0073 5748 kbdhid - ok
    19:23:21.0088 5748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    19:23:21.0104 5748 kmixer - ok
    19:23:21.0120 5748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    19:23:21.0135 5748 KSecDD - ok
    19:23:21.0198 5748 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    19:23:21.0198 5748 lanmanserver - ok
    19:23:21.0307 5748 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    19:23:21.0307 5748 lanmanworkstation - ok
    19:23:21.0307 5748 lbrtfdc - ok
    19:23:21.0370 5748 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
    19:23:21.0370 5748 lirsgt - ok
    19:23:21.0463 5748 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    19:23:21.0479 5748 LmHosts - ok
    19:23:21.0526 5748 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    19:23:21.0557 5748 Messenger - ok
    19:23:21.0588 5748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    19:23:21.0604 5748 mnmdd - ok
    19:23:21.0635 5748 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    19:23:21.0635 5748 mnmsrvc - ok
    19:23:21.0698 5748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    19:23:21.0698 5748 Modem - ok
    19:23:21.0729 5748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    19:23:21.0729 5748 Mouclass - ok
    19:23:21.0791 5748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    19:23:21.0791 5748 mouhid - ok
    19:23:21.0823 5748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    19:23:21.0823 5748 MountMgr - ok
    19:23:21.0854 5748 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    19:23:21.0854 5748 MozillaMaintenance - ok
    19:23:21.0901 5748 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    19:23:21.0916 5748 MpFilter - ok
    19:23:21.0916 5748 mraid35x - ok
    19:23:21.0948 5748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    19:23:21.0948 5748 MRxDAV - ok
    19:23:22.0073 5748 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    19:23:22.0073 5748 MRxSmb - ok
    19:23:22.0135 5748 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    19:23:22.0135 5748 MSDTC - ok
    19:23:22.0198 5748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    19:23:22.0198 5748 Msfs - ok
    19:23:22.0198 5748 MSIServer - ok
    19:23:22.0245 5748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    19:23:22.0245 5748 MSKSSRV - ok
    19:23:22.0245 5748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    19:23:22.0245 5748 MSPCLOCK - ok
    19:23:22.0245 5748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    19:23:22.0245 5748 MSPQM - ok
    19:23:22.0291 5748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    19:23:22.0291 5748 mssmbios - ok
    19:23:22.0354 5748 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    19:23:22.0354 5748 MTsensor - ok
    19:23:22.0463 5748 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    19:23:22.0479 5748 Mup - ok
    19:23:22.0526 5748 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    19:23:22.0526 5748 napagent - ok
    19:23:22.0807 5748 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files\Nero\Update\NASvc.exe
    19:23:22.0807 5748 NAUpdate - ok
    19:23:22.0870 5748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    19:23:22.0870 5748 NDIS - ok
    19:23:22.0948 5748 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    19:23:22.0979 5748 NdisTapi - ok
    19:23:22.0979 5748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    19:23:22.0979 5748 Ndisuio - ok
    19:23:23.0057 5748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    19:23:23.0057 5748 NdisWan - ok
    19:23:23.0104 5748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    19:23:23.0104 5748 NDProxy - ok
    19:23:23.0166 5748 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
    19:23:23.0166 5748 Net Driver HPZ12 - ok
    19:23:23.0182 5748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    19:23:23.0182 5748 NetBIOS - ok
    19:23:23.0198 5748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    19:23:23.0198 5748 NetBT - ok
    19:23:23.0291 5748 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    19:23:23.0307 5748 NetDDE - ok
    19:23:23.0307 5748 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    19:23:23.0307 5748 NetDDEdsdm - ok
    19:23:23.0370 5748 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    19:23:23.0370 5748 Netlogon - ok
    19:23:23.0385 5748 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    19:23:23.0385 5748 Netman - ok
    19:23:23.0588 5748 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:23:23.0604 5748 NetTcpPortSharing - ok
    19:23:23.0635 5748 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    19:23:23.0635 5748 NIC1394 - ok
    19:23:23.0729 5748 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    19:23:23.0745 5748 Nla - ok
    19:23:23.0791 5748 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\DRIVERS\npf.sys
    19:23:23.0791 5748 NPF - ok
    19:23:23.0807 5748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    19:23:23.0807 5748 Npfs - ok
    19:23:23.0838 5748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    19:23:23.0838 5748 Ntfs - ok
    19:23:23.0901 5748 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    19:23:23.0901 5748 NtLmSsp - ok
    19:23:23.0932 5748 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    19:23:23.0932 5748 NtmsSvc - ok
    19:23:23.0979 5748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    19:23:23.0979 5748 Null - ok
    19:23:24.0198 5748 nv (ce34061a298bfb4ebd1a0bb8592dc977) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    19:23:24.0370 5748 nv - ok
    19:23:24.0557 5748 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
    19:23:24.0557 5748 nvata - ok
    19:23:24.0604 5748 nvatabus (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\drivers\nvatabus.sys
    19:23:24.0604 5748 nvatabus - ok
    19:23:24.0713 5748 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    19:23:24.0713 5748 NVENETFD - ok
    19:23:24.0791 5748 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    19:23:24.0791 5748 nvnetbus - ok
    19:23:24.0823 5748 NVSvc (77ecdf9e3d43d4e86e85b73886992625) C:\WINDOWS\system32\nvsvc32.exe
    19:23:24.0823 5748 NVSvc - ok
    19:23:24.0870 5748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    19:23:24.0870 5748 NwlnkFlt - ok
    19:23:24.0885 5748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    19:23:24.0885 5748 NwlnkFwd - ok
    19:23:25.0010 5748 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    19:23:25.0010 5748 ohci1394 - ok
    19:23:25.0057 5748 ossrv (594f2968c741ca03e41e57e65f616351) C:\WINDOWS\system32\drivers\ctoss2k.sys
    19:23:25.0057 5748 ossrv - ok
    19:23:25.0073 5748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    19:23:25.0073 5748 Parport - ok
    19:23:25.0198 5748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    19:23:25.0198 5748 PartMgr - ok
    19:23:25.0245 5748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    19:23:25.0245 5748 ParVdm - ok
    19:23:25.0245 5748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    19:23:25.0245 5748 PCI - ok
    19:23:25.0260 5748 PCIDump - ok
    19:23:25.0291 5748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    19:23:25.0291 5748 PCIIde - ok
    19:23:25.0463 5748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    19:23:25.0557 5748 Pcmcia - ok
    19:23:25.0557 5748 PDCOMP - ok
    19:23:25.0557 5748 PDFRAME - ok
    19:23:25.0573 5748 PDRELI - ok
    19:23:25.0573 5748 PDRFRAME - ok
    19:23:25.0573 5748 perc2 - ok
    19:23:25.0573 5748 perc2hib - ok
    19:23:25.0666 5748 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    19:23:25.0666 5748 PlugPlay - ok
    19:23:25.0745 5748 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
    19:23:25.0745 5748 Pml Driver HPZ12 - ok
    19:23:25.0807 5748 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    19:23:25.0807 5748 PolicyAgent - ok
    19:23:25.0870 5748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    19:23:25.0870 5748 PptpMiniport - ok
    19:23:25.0870 5748 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    19:23:25.0870 5748 ProtectedStorage - ok
    19:23:25.0932 5748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    19:23:25.0932 5748 PSched - ok
    19:23:25.0963 5748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    19:23:25.0963 5748 Ptilink - ok
    19:23:26.0120 5748 QBCFMonitorService (f3775745cbeedc8e4690d822fe669bf5) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    19:23:26.0120 5748 QBCFMonitorService - ok
    19:23:26.0198 5748 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    19:23:26.0213 5748 QBFCService - ok
    19:23:26.0213 5748 ql1080 - ok
    19:23:26.0213 5748 Ql10wnt - ok
    19:23:26.0213 5748 ql12160 - ok
    19:23:26.0213 5748 ql1240 - ok
    19:23:26.0229 5748 ql1280 - ok
    19:23:26.0229 5748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    19:23:26.0229 5748 RasAcd - ok
    19:23:26.0323 5748 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    19:23:26.0323 5748 RasAuto - ok
    19:23:26.0416 5748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    19:23:26.0416 5748 Rasl2tp - ok
    19:23:26.0479 5748 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    19:23:26.0479 5748 RasMan - ok
    19:23:26.0495 5748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    19:23:26.0495 5748 RasPppoe - ok
    19:23:26.0495 5748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    19:23:26.0495 5748 Raspti - ok
    19:23:26.0541 5748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    19:23:26.0557 5748 Rdbss - ok
    19:23:26.0604 5748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    19:23:26.0604 5748 RDPCDD - ok
    19:23:26.0620 5748 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    19:23:26.0620 5748 rdpdr - ok
    19:23:26.0745 5748 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
    19:23:26.0745 5748 RDPWD - ok
    19:23:26.0838 5748 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    19:23:26.0854 5748 RDSessMgr - ok
    19:23:26.0885 5748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    19:23:26.0885 5748 redbook - ok
    19:23:26.0932 5748 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    19:23:26.0932 5748 RemoteAccess - ok
    19:23:26.0963 5748 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    19:23:26.0979 5748 RemoteRegistry - ok
    19:23:27.0010 5748 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    19:23:27.0010 5748 RpcLocator - ok
    19:23:27.0041 5748 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
    19:23:27.0057 5748 RpcSs - ok
    19:23:27.0135 5748 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    19:23:27.0135 5748 RSVP - ok
    19:23:27.0182 5748 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    19:23:27.0182 5748 SamSs - ok
    19:23:27.0245 5748 SASKUTIL - ok
    19:23:27.0291 5748 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    19:23:27.0291 5748 SCardSvr - ok
    19:23:27.0354 5748 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    19:23:27.0354 5748 Schedule - ok
    19:23:27.0416 5748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    19:23:27.0416 5748 Secdrv - ok
    19:23:27.0432 5748 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    19:23:27.0448 5748 seclogon - ok
    19:23:27.0448 5748 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    19:23:27.0448 5748 SENS - ok
    19:23:27.0463 5748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    19:23:27.0463 5748 serenum - ok
    19:23:27.0479 5748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    19:23:27.0479 5748 Serial - ok
    19:23:27.0604 5748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    19:23:27.0604 5748 Sfloppy - ok
    19:23:27.0651 5748 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    19:23:27.0651 5748 ShellHWDetection - ok
    19:23:27.0651 5748 Simbad - ok
    19:23:27.0651 5748 Sparrow - ok
    19:23:27.0682 5748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    19:23:27.0682 5748 splitter - ok
    19:23:27.0729 5748 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    19:23:27.0729 5748 Spooler - ok
    19:23:27.0729 5748 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    19:23:27.0729 5748 sr - ok
    19:23:27.0807 5748 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    19:23:27.0807 5748 srservice - ok
    19:23:27.0916 5748 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    19:23:27.0932 5748 Srv - ok
    19:23:28.0057 5748 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
    19:23:28.0073 5748 ssadbus - ok
    19:23:28.0073 5748 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
    19:23:28.0088 5748 ssadmdfl - ok
    19:23:28.0104 5748 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
    19:23:28.0104 5748 ssadmdm - ok
    19:23:28.0151 5748 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    19:23:28.0151 5748 SSDPSRV - ok
    19:23:28.0198 5748 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    19:23:28.0198 5748 StillCam - ok
    19:23:28.0323 5748 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    19:23:28.0323 5748 stisvc - ok
    19:23:28.0370 5748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    19:23:28.0370 5748 swenum - ok
    19:23:28.0416 5748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    19:23:28.0416 5748 swmidi - ok
    19:23:28.0416 5748 SwPrv - ok
    19:23:28.0432 5748 symc810 - ok
    19:23:28.0432 5748 symc8xx - ok
    19:23:28.0432 5748 sym_hi - ok
    19:23:28.0432 5748 sym_u3 - ok
    19:23:28.0479 5748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    19:23:28.0479 5748 sysaudio - ok
    19:23:28.0557 5748 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    19:23:28.0557 5748 SysmonLog - ok
    19:23:28.0573 5748 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    19:23:28.0588 5748 TapiSrv - ok
    19:23:28.0666 5748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    19:23:28.0682 5748 Tcpip - ok
    19:23:28.0729 5748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    19:23:28.0729 5748 TDPIPE - ok
    19:23:28.0745 5748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    19:23:28.0745 5748 TDTCP - ok
    19:23:28.0745 5748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    19:23:28.0760 5748 TermDD - ok
    19:23:28.0791 5748 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    19:23:28.0791 5748 TermService - ok
    19:23:28.0885 5748 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    19:23:28.0885 5748 Themes - ok
    19:23:28.0932 5748 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    19:23:28.0932 5748 TlntSvr - ok
    19:23:28.0932 5748 TosIde - ok
    19:23:28.0963 5748 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    19:23:28.0963 5748 TrkWks - ok
    19:23:29.0026 5748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    19:23:29.0026 5748 Udfs - ok
    19:23:29.0026 5748 ultra - ok
    19:23:29.0088 5748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    19:23:29.0088 5748 Update - ok
    19:23:29.0135 5748 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    19:23:29.0135 5748 upnphost - ok
    19:23:29.0166 5748 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    19:23:29.0166 5748 UPS - ok
    19:23:29.0260 5748 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
    19:23:29.0276 5748 USBAAPL - ok
    19:23:29.0370 5748 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    19:23:29.0370 5748 usbaudio - ok
    19:23:29.0479 5748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    19:23:29.0495 5748 usbccgp - ok
    19:23:29.0510 5748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    19:23:29.0510 5748 usbehci - ok
    19:23:29.0526 5748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    19:23:29.0526 5748 usbhub - ok
    19:23:29.0526 5748 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    19:23:29.0526 5748 usbohci - ok
    19:23:29.0620 5748 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    19:23:29.0635 5748 usbprint - ok
    19:23:29.0713 5748 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    19:23:29.0713 5748 usbscan - ok
    19:23:29.0729 5748 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    19:23:29.0729 5748 usbstor - ok
    19:23:29.0745 5748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    19:23:29.0745 5748 VgaSave - ok
    19:23:29.0745 5748 ViaIde - ok
    19:23:29.0838 5748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    19:23:29.0838 5748 VolSnap - ok
    19:23:29.0901 5748 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    19:23:29.0901 5748 VSS - ok
    19:23:29.0948 5748 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    19:23:29.0948 5748 W32Time - ok
    19:23:29.0948 5748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    19:23:29.0963 5748 Wanarp - ok
    19:23:29.0963 5748 WDICA - ok
    19:23:30.0041 5748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    19:23:30.0041 5748 wdmaud - ok
    19:23:30.0073 5748 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    19:23:30.0073 5748 WebClient - ok
    19:23:30.0198 5748 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    19:23:30.0198 5748 winmgmt - ok
    19:23:30.0260 5748 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe
    19:23:30.0260 5748 WMDM PMSP Service - ok
    19:23:30.0338 5748 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
    19:23:30.0370 5748 WmdmPmSN - ok
    19:23:30.0541 5748 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    19:23:30.0541 5748 Wmi - ok
    19:23:30.0588 5748 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    19:23:30.0588 5748 WmiApSrv - ok
    19:23:30.0916 5748 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
    19:23:31.0010 5748 WMPNetworkSvc - ok
    19:23:31.0135 5748 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    19:23:31.0151 5748 WpdUsb - ok
    19:23:31.0916 5748 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    19:23:32.0057 5748 WPFFontCache_v0400 - ok
    19:23:32.0588 5748 WSWNA3100 (d0697918519a4cf059c2c7e3b9e93a53) C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    19:23:32.0588 5748 WSWNA3100 - ok
    19:23:32.0635 5748 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    19:23:32.0729 5748 wuauserv - ok
    19:23:32.0901 5748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    19:23:32.0916 5748 WudfPf - ok
    19:23:33.0088 5748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    19:23:33.0135 5748 WudfRd - ok
    19:23:33.0323 5748 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    19:23:33.0354 5748 WudfSvc - ok
    19:23:33.0682 5748 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    19:23:33.0713 5748 WZCSVC - ok
    19:23:33.0901 5748 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    19:23:34.0166 5748 xmlprov - ok
    19:23:34.0229 5748 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    19:23:34.0260 5748 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    19:23:34.0260 5748 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    19:23:34.0291 5748 Boot (0x1200) (c1f5cb2c8f6559d0b9aa855b9b6ef3d0) \Device\Harddisk0\DR0\Partition0
    19:23:34.0354 5748 \Device\Harddisk0\DR0\Partition0 - ok
    19:23:34.0354 5748 ============================================================
    19:23:34.0354 5748 Scan finished
    19:23:34.0354 5748 ============================================================
    19:23:34.0354 3244 Detected object count: 1
    19:23:34.0354 3244 Actual detected object count: 1
    19:23:46.0057 3244 \Device\Harddisk0\DR0\# - copied to quarantine
    19:23:46.0057 3244 \Device\Harddisk0\DR0 - copied to quarantine
    19:23:46.0885 3244 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    19:23:46.0963 3244 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    19:23:47.0026 3244 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    19:23:47.0026 3244 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    19:23:47.0026 3244 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    19:23:47.0041 3244 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    19:23:47.0041 3244 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    19:23:47.0057 3244 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    19:23:47.0057 3244 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    19:23:47.0057 3244 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    19:23:47.0057 3244 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    19:23:47.0057 3244 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    19:23:47.0057 3244 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    19:23:47.0057 3244 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    19:23:47.0073 3244 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    19:23:47.0166 3244 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    19:23:47.0166 3244 \Device\Harddisk0\DR0 - ok
    19:23:47.0213 3244 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    19:23:51.0963 4704 Deinitialize success

    19:27:45.0531 2080 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
    19:27:46.0031 2080 ============================================================
    19:27:46.0031 2080 Current date / time: 2012/07/10 19:27:46.0031
    19:27:46.0031 2080 SystemInfo:
    19:27:46.0031 2080
    19:27:46.0031 2080 OS Version: 5.1.2600 ServicePack: 3.0
    19:27:46.0031 2080 Product type: Workstation
    19:27:46.0031 2080 ComputerName: TAMEUS
    19:27:46.0031 2080 UserName: user
    19:27:46.0031 2080 Windows directory: C:\WINDOWS
    19:27:46.0031 2080 System windows directory: C:\WINDOWS
    19:27:46.0031 2080 Processor architecture: Intel x86
    19:27:46.0031 2080 Number of processors: 2
    19:27:46.0031 2080 Page size: 0x1000
    19:27:46.0031 2080 Boot type: Normal boot
    19:27:46.0031 2080 ============================================================
    19:27:46.0421 2080 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    19:27:46.0453 2080 ============================================================
    19:27:46.0453 2080 \Device\Harddisk0\DR0:
    19:27:46.0453 2080 MBR partitions:
    19:27:46.0453 2080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
    19:27:46.0453 2080 ============================================================
    19:27:46.0500 2080 C: <-> \Device\Harddisk0\DR0\Partition0
    19:27:46.0500 2080 ============================================================
    19:27:46.0500 2080 Initialize success
    19:27:46.0500 2080 ============================================================
    19:28:51.0609 0180 Deinitialize success
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good :)

    See if RogueKiller will run now.
     
  7. tameus1

    tameus1 TS Rookie Topic Starter Posts: 23

    I did not hit the "Fix Shortcuts" button. Should I?

    RogueKiller V7.6.3 [07/08/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: user [Admin rights]
    Mode: Scan -- Date: 07/10/2012 21:31:29

    ¤¤¤ Bad processes: 1 ¤¤¤
    [SUSP PATH] xpbjxuqd.dll -- C:\Documents and Settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 7 ¤¤¤
    [BLACKLIST DLL] HKCU\[...]\Run : AskToolbar (rundll32.exe "C:\Documents and Settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll",CreateInstance) -> FOUND
    [BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Adobe (rundll32.exe "C:\Documents and Settings\user\Local Settings\Application Data\Ahead\Adobe\sntgqwvip.dll",CreateInstance) -> FOUND
    [BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : AskToolbar (rundll32.exe "C:\Documents and Settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll",CreateInstance) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-21-1715567821-1425521274-839522115-1003[...]\Run : AskToolbar (rundll32.exe "C:\Documents and Settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll",CreateInstance) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Adobe (rundll32.exe "C:\Documents and Settings\user\Local Settings\Application Data\Ahead\Adobe\sntgqwvip.dll",CreateInstance) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-18[...]\Run : AskToolbar (rundll32.exe "C:\Documents and Settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll",CreateInstance) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] n : c:\windows\installer\{51e41825-a513-84a7-8932-86398a66071f}\n --> FOUND
    [ZeroAccess][FILE] @ : c:\windows\installer\{51e41825-a513-84a7-8932-86398a66071f}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\windows\installer\{51e41825-a513-84a7-8932-86398a66071f}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\windows\installer\{51e41825-a513-84a7-8932-86398a66071f}\L --> FOUND
    [ZeroAccess][FILE] n : c:\documents and settings\user\local settings\application data\{51e41825-a513-84a7-8932-86398a66071f}\n --> FOUND
    [ZeroAccess][FILE] @ : c:\documents and settings\user\local settings\application data\{51e41825-a513-84a7-8932-86398a66071f}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\documents and settings\user\local settings\application data\{51e41825-a513-84a7-8932-86398a66071f}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\documents and settings\user\local settings\application data\{51e41825-a513-84a7-8932-86398a66071f}\L --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> FOUND

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 100sexlinks.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HDS721680PLA380 +++++
    --- User ---
    [MBR] 7481beb7bd9c404d1274cf222e068336
    [BSP] ff237d623419e8fe7a97a3e3b48fc9d8 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    No.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  9. tameus1

    tameus1 TS Rookie Topic Starter Posts: 23

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-07-2012
    Ran by user at 10-07-2012 21:58:09
    Running from K:\
    Service Pack 3 (X86) OS Language: English(US)
    Attention: Could not load system hive.
    Error: The process cannot access the file because it is being used by another process.
    ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


    ============ One Month Created Files and Folders ==============

    2012-07-10 21:58 - 2012-07-10 21:58 - 00000000 ____D C:\FRST
    2012-07-10 21:45 - 2012-07-10 21:45 - 00003761 ____A C:\Windows\KB2691442.log
    2012-07-10 21:45 - 2012-07-10 21:45 - 00003670 ____A C:\Windows\KB2655992.log
    2012-07-10 21:45 - 2012-07-10 21:45 - 00003611 ____A C:\Windows\KB2719985.log
    2012-07-10 21:45 - 2012-07-10 21:45 - 00000000 ____D C:\Windows\LastGood.Tmp
    2012-07-10 21:31 - 2012-07-10 21:31 - 00003883 ____A C:\Documents and Settings\user\Desktop\RKreport[1].txt
    2012-07-10 19:23 - 2012-07-10 19:23 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-07-09 22:46 - 2012-07-09 22:46 - 00000664 ____A C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
    2012-07-09 21:51 - 2012-07-09 21:50 - 00090112 ____A C:\Windows\Minidump\Mini070912-05.dmp
    2012-07-09 21:49 - 2012-07-09 21:49 - 01558016 ____A C:\Documents and Settings\user\Desktop\winlogon.exe
    2012-07-09 21:43 - 2012-07-09 21:42 - 00090112 ____A C:\Windows\Minidump\Mini070912-04.dmp
    2012-07-09 21:36 - 2012-07-09 21:36 - 00090112 ____A C:\Windows\Minidump\Mini070912-03.dmp
    2012-07-09 21:23 - 2012-07-09 21:33 - 00003955 ____A C:\Documents and Settings\user\Desktop\aswMBR.txt
    2012-07-09 21:23 - 2012-07-09 21:33 - 00000512 ____A C:\Documents and Settings\user\Desktop\MBR.dat
    2012-07-09 21:03 - 2012-07-09 21:03 - 00090112 ____A C:\Windows\Minidump\Mini070912-02.dmp
    2012-07-09 20:52 - 2012-07-10 21:31 - 00000000 ____D C:\Documents and Settings\user\Desktop\RK_Quarantine
    2012-07-09 19:41 - 2012-07-09 19:41 - 00023574 ____A C:\Documents and Settings\user\Desktop\attach.txt
    2012-07-09 19:41 - 2012-07-09 19:41 - 00017110 ____A C:\Documents and Settings\user\Desktop\dds.txt
    2012-07-09 19:11 - 2012-07-09 19:11 - 00000949 ____A C:\Documents and Settings\user\Desktop\gmerlog.log
    2012-07-09 19:01 - 2012-07-09 19:02 - 00003606 ____A C:\Windows\setupapi.log
    2012-07-09 18:54 - 2012-07-09 18:54 - 00090112 ____A C:\Windows\Minidump\Mini070912-01.dmp
    2012-07-08 12:50 - 2012-07-08 12:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-07 17:26 - 2012-07-07 17:26 - 00000000 ____D C:\Windows\pss
    2012-07-07 17:14 - 2012-07-07 17:14 - 00263094 ____A C:\Documents and Settings\user\Local Settings\Application Data\census.cache
    2012-07-07 17:14 - 2012-07-07 17:14 - 00195987 ____A C:\Documents and Settings\user\Local Settings\Application Data\ars.cache
    2012-07-07 17:03 - 2012-07-07 17:03 - 00000036 ____A C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
    2012-07-07 14:40 - 2012-07-07 14:40 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-07 14:40 - 2012-04-04 15:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-04 13:15 - 2012-07-04 13:15 - 00000115 ____A C:\Windows\wininit.ini
    2012-07-04 12:56 - 2011-04-01 18:04 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.20120704-125617.backup
    2012-07-01 14:11 - 2012-07-01 14:11 - 00000000 ___SD C:\Documents and Settings\LocalService\UserData
    2012-06-28 21:21 - 2012-07-06 23:29 - 00000682 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    2012-06-28 21:21 - 2012-07-06 23:29 - 00000000 ____D C:\Program Files\CCleaner
    2012-06-25 16:05 - 2012-06-25 16:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2012-06-25 16:05 - 2012-06-25 16:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
    2012-06-24 14:24 - 2012-07-10 19:21 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
    2012-06-16 23:23 - 2012-06-16 23:23 - 00000000 ____D C:\Documents and Settings\user\ZipForm
    2012-06-16 23:22 - 2012-06-16 23:22 - 00000088 ____A C:\Documents and Settings\user\.java.policy
    2012-06-12 23:56 - 2012-06-12 23:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2707511$
    2012-06-12 23:49 - 2012-06-12 23:49 - 00000000 __HDC C:\Windows\$NtUninstallKB2699988$
    2012-06-12 23:42 - 2012-06-12 23:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2685939$
    2012-06-12 23:38 - 2012-06-12 23:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2709162$

    ============ 3 Months Modified Files ========================

    2012-07-10 21:56 - 2007-10-16 13:22 - 00000062 __ASH C:\Documents and Settings\user\Local Settings\desktop.ini
    2012-07-10 21:56 - 2007-10-16 13:19 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
    2012-07-10 21:56 - 2004-10-08 05:01 - 00013646 ____A C:\Windows\System32\wpa.dbl
    2012-07-10 21:52 - 2007-11-08 19:46 - 00002064 ____A C:\Windows\System32\settingsbkup.sfm
    2012-07-10 21:52 - 2007-11-08 19:46 - 00002064 ____A C:\Windows\System32\settings.sfm
    2012-07-10 21:51 - 2007-10-16 13:21 - 00032588 ____A C:\Windows\SchedLgU.Txt
    2012-07-10 21:51 - 2007-10-16 13:21 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-10 21:51 - 2007-10-16 13:20 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
    2012-07-10 21:51 - 2007-10-16 13:16 - 01078437 ____A C:\Windows\WindowsUpdate.log
    2012-07-10 21:51 - 2007-10-16 05:37 - 00000216 ____A C:\Windows\wiadebug.log
    2012-07-10 21:51 - 2007-10-16 05:37 - 00000049 ____A C:\Windows\wiaservc.log
    2012-07-10 21:46 - 2011-06-21 19:26 - 00000232 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job
    2012-07-10 21:45 - 2012-07-10 21:45 - 00003761 ____A C:\Windows\KB2691442.log
    2012-07-10 21:45 - 2012-07-10 21:45 - 00003670 ____A C:\Windows\KB2655992.log
    2012-07-10 21:45 - 2012-07-10 21:45 - 00003611 ____A C:\Windows\KB2719985.log
    2012-07-10 21:31 - 2012-07-10 21:31 - 00003883 ____A C:\Documents and Settings\user\Desktop\RKreport[1].txt
    2012-07-10 21:05 - 2011-12-12 20:49 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-10 20:52 - 2012-05-01 21:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-10 19:26 - 2011-12-12 20:49 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-10 19:26 - 2007-10-16 13:35 - 00198791 ____A C:\Windows\System32\nvapps.xml
    2012-07-10 19:21 - 2012-06-24 14:24 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
    2012-07-09 22:46 - 2012-07-09 22:46 - 00000664 ____A C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
    2012-07-09 21:50 - 2012-07-09 21:51 - 00090112 ____A C:\Windows\Minidump\Mini070912-05.dmp
    2012-07-09 21:49 - 2012-07-09 21:49 - 01558016 ____A C:\Documents and Settings\user\Desktop\winlogon.exe
    2012-07-09 21:42 - 2012-07-09 21:43 - 00090112 ____A C:\Windows\Minidump\Mini070912-04.dmp
    2012-07-09 21:36 - 2012-07-09 21:36 - 00090112 ____A C:\Windows\Minidump\Mini070912-03.dmp
    2012-07-09 21:33 - 2012-07-09 21:23 - 00003955 ____A C:\Documents and Settings\user\Desktop\aswMBR.txt
    2012-07-09 21:33 - 2012-07-09 21:23 - 00000512 ____A C:\Documents and Settings\user\Desktop\MBR.dat
    2012-07-09 21:03 - 2012-07-09 21:03 - 00090112 ____A C:\Windows\Minidump\Mini070912-02.dmp
    2012-07-09 19:41 - 2012-07-09 19:41 - 00023574 ____A C:\Documents and Settings\user\Desktop\attach.txt
    2012-07-09 19:41 - 2012-07-09 19:41 - 00017110 ____A C:\Documents and Settings\user\Desktop\dds.txt
    2012-07-09 19:11 - 2012-07-09 19:11 - 00000949 ____A C:\Documents and Settings\user\Desktop\gmerlog.log
    2012-07-09 19:02 - 2012-07-09 19:01 - 00003606 ____A C:\Windows\setupapi.log
    2012-07-09 18:54 - 2012-07-09 18:54 - 00090112 ____A C:\Windows\Minidump\Mini070912-01.dmp
    2012-07-08 21:50 - 2007-10-16 13:22 - 00000178 ___SH C:\Documents and Settings\user\ntuser.ini
    2012-07-08 12:51 - 2012-03-04 22:08 - 00001945 ___AC C:\Windows\epplauncher.mif
    2012-07-07 17:14 - 2012-07-07 17:14 - 00263094 ____A C:\Documents and Settings\user\Local Settings\Application Data\census.cache
    2012-07-07 17:14 - 2012-07-07 17:14 - 00195987 ____A C:\Documents and Settings\user\Local Settings\Application Data\ars.cache
    2012-07-07 17:03 - 2012-07-07 17:03 - 00000036 ____A C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
    2012-07-07 14:40 - 2012-07-07 14:40 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-07 09:44 - 2011-03-15 20:44 - 00000963 ____A C:\Documents and Settings\user\Desktop\Spybot - Search & Destroy.lnk
    2012-07-06 23:29 - 2012-06-28 21:21 - 00000682 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    2012-07-04 13:15 - 2012-07-04 13:15 - 00000115 ____A C:\Windows\wininit.ini
    2012-07-02 09:48 - 2011-12-17 17:29 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
    2012-06-25 11:34 - 2011-03-29 11:19 - 00029048 ____A C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
    2012-06-16 23:22 - 2012-06-16 23:22 - 00000088 ____A C:\Documents and Settings\user\.java.policy
    2012-06-13 17:25 - 2007-10-16 05:33 - 00157952 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-12 23:55 - 2007-10-16 05:35 - 00551370 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-12 23:46 - 2008-12-07 23:04 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-05 11:37 - 2012-06-05 11:37 - 28106752 ____A C:\Documents and Settings\user\Desktop\Thomasito del Castillo - Attorney at Law (Backup Jun 05,2012 11 37 AM).QBB
    2012-06-05 00:28 - 2012-06-01 19:46 - 10039296 ___RA C:\Documents and Settings\user\Desktop\Gong, Hiyama, & Del Castillo, LLP.QBW
    2012-06-05 00:28 - 2012-06-01 19:46 - 00983040 ___RA C:\Documents and Settings\user\Desktop\Gong, Hiyama, & Del Castillo, LLP.QBW.TLG
    2012-06-05 00:28 - 2012-06-01 19:46 - 00000378 ____A C:\Documents and Settings\user\Desktop\Gong, Hiyama, & Del Castillo, LLP.QBW.nd
    2012-06-04 20:55 - 2012-06-04 20:55 - 00001542 ____A C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    2012-06-04 11:32 - 2012-06-04 11:32 - 333862968 ____A C:\Documents and Settings\user\Desktop\Baby's 8 week.MOV
    2012-06-02 15:19 - 2011-04-02 13:34 - 00015384 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll.mui
    2012-06-02 15:19 - 2007-10-16 13:16 - 01933848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuaueng.dll
    2012-06-02 15:19 - 2007-10-16 13:16 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 15:19 - 2007-10-16 13:16 - 00577048 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuapi.dll
    2012-06-02 15:19 - 2007-10-16 13:16 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 15:19 - 2007-10-16 13:16 - 00329240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wucltui.dll
    2012-06-02 15:19 - 2007-10-16 13:16 - 00329240 ____A (Microsoft Corporation) C:\Windows\System32\wucltui.dll
    2012-06-02 15:19 - 2007-10-16 13:16 - 00219160 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuaucpl.cpl
    2012-06-02 15:19 - 2007-10-16 13:16 - 00219160 ____A (Microsoft Corporation) C:\Windows\System32\wuaucpl.cpl
    2012-06-02 15:19 - 2007-10-16 13:16 - 00210968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuweb.dll
    2012-06-02 15:19 - 2007-10-16 13:16 - 00210968 ____A (Microsoft Corporation) C:\Windows\System32\wuweb.dll
    2012-06-02 15:19 - 2007-10-16 13:16 - 00053784 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wuauclt.exe
    2012-06-02 15:19 - 2007-10-16 13:16 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 15:19 - 2007-10-16 13:16 - 00035864 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wups.dll
    2012-06-02 15:19 - 2007-10-16 13:16 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 15:19 - 2007-07-30 19:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 15:19 - 2007-07-30 19:19 - 00015384 ____A (Microsoft Corporation) C:\Windows\System32\wuaucpl.cpl.mui
    2012-06-02 15:19 - 2007-07-30 19:18 - 00022040 ____A (Microsoft Corporation) C:\Windows\System32\wucltui.dll.mui
    2012-06-02 15:19 - 2007-07-30 19:18 - 00017944 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll.mui
    2012-06-02 15:19 - 2004-10-08 05:01 - 00097304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cdm.dll
    2012-06-02 15:19 - 2004-10-08 05:01 - 00097304 ____A (Microsoft Corporation) C:\Windows\System32\cdm.dll
    2012-06-02 15:18 - 2011-08-29 09:22 - 00275696 ____A (Microsoft Corporation) C:\Windows\System32\mucltui.dll
    2012-06-02 15:18 - 2011-08-29 09:22 - 00214256 ____A (Microsoft Corporation) C:\Windows\System32\muweb.dll
    2012-06-02 15:18 - 2011-08-29 09:22 - 00017136 ____A (Microsoft Corporation) C:\Windows\System32\mucltui.dll.mui
    2012-05-31 12:25 - 2012-03-04 22:28 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-31 06:22 - 2011-09-09 02:12 - 00599040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\crypt32.dll
    2012-05-31 06:22 - 2004-10-08 05:01 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-05-18 13:09 - 2012-04-15 04:33 - 01800063 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-1425521274-839522115-1003-0.dat
    2012-05-18 13:09 - 2012-04-15 04:33 - 00148662 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2012-05-17 13:01 - 2012-04-14 13:02 - 00002447 ____A C:\Documents and Settings\All Users\Desktop\TurboTax 2011.lnk
    2012-05-16 00:58 - 2010-12-20 15:15 - 00667136 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
    2012-05-16 00:58 - 2004-10-08 05:01 - 00667136 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-15 06:20 - 2010-12-31 06:10 - 01863168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
    2012-05-15 06:20 - 2004-10-08 05:01 - 01863168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-04 06:16 - 2011-04-02 13:37 - 02148352 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe
    2012-05-04 06:16 - 2004-10-08 05:01 - 02148352 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 06:12 - 2011-04-02 13:37 - 02192640 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntoskrnl.exe
    2012-05-04 05:32 - 2011-04-02 13:37 - 02026496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrpamp.exe
    2012-05-04 05:32 - 2009-02-07 20:02 - 02069120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlpa.exe
    2012-05-04 05:32 - 2004-08-03 15:59 - 02026496 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2012-05-02 06:46 - 2011-08-16 22:01 - 00139656 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rdpwd.sys
    2012-05-02 06:46 - 2007-10-16 13:14 - 00139656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-05-01 22:50 - 2012-05-01 22:33 - 178733300 ____A C:\Documents and Settings\user\Desktop\tommy.mov
    2012-05-01 21:27 - 2012-05-01 21:27 - 00418464 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-05-01 21:27 - 2011-06-21 20:52 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-05-01 21:26 - 2012-05-01 21:26 - 00000802 ____A C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
    2012-04-20 12:29 - 2011-06-21 11:18 - 00037888 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
    2012-04-20 12:29 - 2010-12-20 15:15 - 03088384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
    2012-04-20 12:29 - 2010-12-20 15:15 - 01510400 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\shdocvw.dll
    2012-04-20 12:29 - 2010-12-20 15:15 - 01025024 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\browseui.dll
    2012-04-20 12:29 - 2010-12-20 15:15 - 00633344 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
    2012-04-20 12:29 - 2010-12-20 15:15 - 00532480 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
    2012-04-20 12:29 - 2010-12-20 15:15 - 00449536 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
    2012-04-20 12:29 - 2010-12-20 15:15 - 00251904 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
    2012-04-20 12:29 - 2010-12-20 15:15 - 00081920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieencode.dll
    2012-04-20 12:29 - 2010-12-20 15:15 - 00061952 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\tdc.ocx
    2012-04-20 12:29 - 2004-10-08 05:01 - 03088384 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-04-20 12:29 - 2004-10-08 05:01 - 01510400 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2012-04-20 12:29 - 2004-10-08 05:01 - 01025024 ____A (Microsoft Corporation) C:\Windows\System32\browseui.dll
    2012-04-20 12:29 - 2004-10-08 05:01 - 00633344 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-04-20 12:29 - 2004-10-08 05:01 - 00532480 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
    2012-04-20 12:29 - 2004-10-08 05:01 - 00449536 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-04-20 12:29 - 2004-10-08 05:01 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-04-20 12:29 - 2004-10-08 05:01 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\ieencode.dll
    2012-04-20 12:29 - 2004-10-08 05:01 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-04-20 12:29 - 2004-10-08 05:01 - 00037888 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-04-19 05:44 - 2004-10-08 05:01 - 00369664 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-04-14 19:06 - 2012-04-14 13:31 - 00002405 ____A C:\Documents and Settings\All Users\Desktop\TurboTax Business 2011.lnk
    2012-04-14 13:22 - 2012-04-14 13:02 - 00000590 ____A C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc


    ZeroAccess:
    C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}
    C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\@
    C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\L
    C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\n
    C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U
    C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\L\00000004.@
    C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\L\201d3dde
    C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\00000004.@
    C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\000000cb.@
    C:\Windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\80000032.@

    ZeroAccess:
    C:\Documents and Settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}
    C:\Documents and Settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\@
    C:\Documents and Settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\L
    C:\Documents and Settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\n
    C:\Documents and Settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\U

    ZeroAccess:
    C:\Windows\assembly\GAC\Desktop.ini

    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points (XP) =====================

    RP: -> 2012-07-10 03:00 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP916

    RP: -> 2012-07-09 18:43 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP915

    RP: -> 2012-07-09 17:50 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP914

    RP: -> 2012-07-08 12:35 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP913

    RP: -> 2012-07-08 12:33 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP912

    RP: -> 2012-07-08 12:33 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP911

    RP: -> 2012-07-08 12:06 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP910

    RP: -> 2012-07-08 00:29 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP909

    RP: -> 2012-07-07 09:59 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP908

    RP: -> 2012-07-07 09:42 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP907

    RP: -> 2012-07-06 23:38 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP906

    RP: -> 2012-07-06 22:19 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP905

    RP: -> 2012-07-06 18:51 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP904

    RP: -> 2012-07-06 01:42 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP903

    RP: -> 2012-07-06 00:32 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP902

    RP: -> 2012-07-05 00:43 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP901

    RP: -> 2012-07-04 15:35 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP900

    RP: -> 2012-07-04 12:51 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP899

    RP: -> 2012-07-04 01:28 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP898

    RP: -> 2012-07-02 23:56 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP897

    RP: -> 2012-07-02 18:37 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP896

    RP: -> 2012-07-01 15:55 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP895

    RP: -> 2012-07-01 15:45 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP894

    RP: -> 2012-07-01 13:11 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP893

    RP: -> 2012-07-01 13:01 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP892

    RP: -> 2012-06-29 03:00 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP891

    RP: -> 2012-06-28 20:15 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP890

    RP: -> 2012-06-28 03:00 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP889

    RP: -> 2012-06-27 22:23 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP888

    RP: -> 2012-06-26 19:53 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP887

    RP: -> 2012-06-26 03:00 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP886

    RP: -> 2012-06-25 19:59 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP885

    RP: -> 2012-06-25 11:17 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP884

    RP: -> 2012-06-24 23:38 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP883

    RP: -> 2012-06-24 13:47 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP882

    RP: -> 2012-06-23 21:14 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP881

    RP: -> 2012-06-22 23:07 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP880

    RP: -> 2012-06-22 20:42 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP879

    RP: -> 2012-06-21 00:38 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP878

    RP: -> 2012-06-20 21:45 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP877

    RP: -> 2012-06-19 23:26 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP876

    RP: -> 2012-06-19 18:55 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP875

    RP: -> 2012-06-18 23:33 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP874

    RP: -> 2012-06-18 01:01 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP873

    RP: -> 2012-06-17 20:12 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP872

    RP: -> 2012-06-17 00:42 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP871

    RP: -> 2012-06-16 17:16 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP870

    RP: -> 2012-06-16 03:00 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP869

    RP: -> 2012-06-15 03:00 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP868

    RP: -> 2012-06-15 00:21 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP867

    RP: -> 2012-06-13 23:58 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP866

    RP: -> 2012-06-13 17:36 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP865

    RP: -> 2012-06-12 23:38 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP864

    RP: -> 2012-06-11 23:19 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP863

    RP: -> 2012-06-11 21:05 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP862

    RP: -> 2012-06-11 20:57 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP861

    RP: -> 2012-06-11 03:00 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP860

    RP: -> 2012-06-10 16:13 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP859

    RP: -> 2012-06-10 14:12 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP858

    RP: -> 2012-06-09 23:45 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP857

    RP: -> 2012-06-09 22:19 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP856

    RP: -> 2012-06-08 22:50 - 028672 _restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP855


    ========================= Memory info ======================

    Percentage of memory in use: 13%
    Total physical RAM: 2046.48 MB
    Available physical RAM: 1763.96 MB
    Total Pagefile: 3942.61 MB
    Available Pagefile: 3873.23 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2004.87 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:74.52 GB) (Free:20.71 GB) NTFS ==>[Drive with boot components (Windows XP)]
    7 Drive k: (TOSHIBA) (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT32

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 75 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 75 GB 32 KB
    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 75 GB Healthy System (partition with boot components)
    ==================================================================================
    ======================= End Of Log ==========================
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. tameus1

    tameus1 TS Rookie Topic Starter Posts: 23

    ComboFix 12-07-11.03 - user 07/11/2012 19:31:26.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1411 [GMT -7:00]
    Running from: c:\documents and settings\user\My Documents\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}
    c:\documents and settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\@
    c:\documents and settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\n
    c:\documents and settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll
    c:\documents and settings\user\Local Settings\Application Data\assembly\tmp
    c:\windows\assembly\GAC\Desktop.ini
    c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}
    c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\@
    c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\L\00000004.@
    c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\L\201d3dde
    c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\n
    c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\00000004.@
    c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\000000cb.@
    c:\windows\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\80000032.@
    c:\windows\system32\dllcache\dlimport.exe
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-11 04:58 . 2012-07-11 04:58 -------- d-----w- C:\FRST
    2012-07-11 02:23 . 2012-07-11 02:23 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-10 05:46 . 2012-07-10 05:46 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
    2012-07-08 19:56 . 2012-06-18 10:14 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C783904-AB2E-4133-B750-CB4FA49057F9}\mpengine.dll
    2012-07-08 19:50 . 2012-07-08 19:51 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-07 21:40 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-01 21:11 . 2012-07-01 21:11 -------- d-s---w- c:\documents and settings\LocalService\UserData
    2012-06-29 04:21 . 2012-07-07 06:29 -------- d-----w- c:\program files\CCleaner
    2012-06-25 23:05 . 2012-06-25 23:05 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-06-17 06:23 . 2012-06-17 06:23 -------- d-----w- c:\documents and settings\user\ZipForm
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-13 13:19 . 2004-10-08 12:01 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2004-10-08 12:01 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2004-10-08 12:01 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 22:19 . 2007-07-31 02:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 22:19 . 2007-10-16 20:16 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 22:19 . 2007-10-16 20:16 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 22:19 . 2007-10-16 20:16 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 22:19 . 2007-07-31 02:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 22:19 . 2011-04-02 20:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 22:19 . 2007-10-16 20:16 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2007-10-16 20:16 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2007-07-31 02:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2004-10-08 12:01 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 22:19 . 2007-07-31 02:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 22:19 . 2007-10-16 20:16 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2007-10-16 20:16 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:18 . 2011-08-29 16:22 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 22:18 . 2011-08-29 16:22 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 22:18 . 2011-08-29 16:22 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 19:25 . 2012-03-05 05:28 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-31 13:22 . 2004-10-08 12:01 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 07:58 . 2004-10-08 12:01 667136 ----a-w- c:\windows\system32\wininet.dll
    2012-05-04 13:16 . 2004-10-08 12:01 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46 . 2007-10-16 20:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-05-02 04:27 . 2012-05-02 04:27 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-02 04:27 . 2011-06-22 03:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-20 19:29 . 2004-10-08 12:01 81920 ----a-w- c:\windows\system32\ieencode.dll
    2012-04-20 19:29 . 2004-10-08 12:01 61952 ----a-w- c:\windows\system32\tdc.ocx
    2012-04-19 12:44 . 2004-10-08 12:01 369664 ----a-w- c:\windows\system32\html.iec
    2012-06-25 22:55 . 2012-06-25 22:55 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-04-10 00:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-10 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-10 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-19 17360520]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
    "nwiz"="nwiz.exe" [2008-12-26 1657376]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-05 49152]
    "CTHelper"="CTHELPER.EXE" [2006-05-24 17920]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 18944]
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-10 1557160]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
    "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2007-10-18 884840]
    NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-12-7 4577760]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    .
    R1 Ext2FS;Ext2FS;c:\windows\system32\drivers\ext2fs.sys [10/1/2009 4:33 PM 37840]
    R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [3/17/2011 7:03 PM 513408]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2/6/2012 4:25 PM 13672]
    R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [12/7/2011 9:30 PM 642432]
    S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2011 8:49 PM 136176]
    S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [12/7/2011 9:30 PM 285152]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/1/2012 9:27 PM 253600]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [10/18/2007 12:57 AM 17149]
    S3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [7/13/2001 5:29 AM 1745168]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2011 8:49 PM 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/25/2012 4:05 PM 113120]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [1/25/2011 7:37 PM 96488]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [1/25/2011 7:37 PM 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [1/25/2011 7:37 PM 121576]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 04:27]
    .
    2012-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 20:34]
    .
    2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-13 03:48]
    .
    2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-13 03:48]
    .
    2012-07-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2012-04-10 00:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.yahoo.com/?.home=ytie
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxps://login.secureserver.net/index.php?app=wbe&logout=1|https://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-AskToolbar - c:\documents and settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll
    HKU-Default-Run-Adobe - c:\documents and settings\user\Local Settings\Application Data\Ahead\Adobe\sntgqwvip.dll
    HKU-Default-Run-AskToolbar - c:\documents and settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll
    Notify-avgrsstarter - (no file)
    Notify-itlntfy - (no file)
    SafeBoot-MsMpSvc
    AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\20.0.1132.47\Installer\setup.exe
    AddRemove-InfraRecorder - c:\program files\InfraRecorder\uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-11 19:46
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1324)
    c:\windows\system32\msi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\SYSTEM32\CTXFISPI.EXE
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-11 19:52:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-12 02:52
    .
    Pre-Run: 21,942,607,872 bytes free
    Post-Run: 23,240,146,944 bytes free
    .
    - - End Of File - - 99E03AFAD3C80991ABE456930C820C00
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good :)

    How is computer doing?

    ============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. tameus1

    tameus1 TS Rookie Topic Starter Posts: 23

    OTL logfile created on: 7/11/2012 9:14:53 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.50% Memory free
    3.85 Gb Paging File | 3.26 Gb Available in Paging File | 84.74% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 21.69 Gb Free Space | 29.11% Space Free | Partition Type: NTFS
    Drive K: | 3.75 Gb Total Space | 3.75 Gb Free Space | 99.97% Space Free | Partition Type: FAT32

    Computer Name: TAMEUS | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/11 21:14:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
    PRC - [2012/04/09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    PRC - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2011/05/10 02:41:12 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
    PRC - [2011/03/17 19:03:32 | 000,513,408 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
    PRC - [2011/03/09 01:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    PRC - [2011/03/09 01:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
    PRC - [2010/09/14 12:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2010/08/26 18:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
    PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
    PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
    PRC - [2006/07/13 15:11:42 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    PRC - [2006/05/23 21:20:44 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
    PRC - [2006/05/23 21:20:41 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
    PRC - [2006/05/23 21:05:45 | 000,730,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
    PRC - [2006/01/25 15:49:02 | 000,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe
    PRC - [2005/11/04 19:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/13 18:32:55 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
    MOD - [2012/06/13 18:30:07 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
    MOD - [2012/06/12 23:55:42 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    MOD - [2012/06/12 23:55:41 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2012/06/12 23:55:41 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2012/06/12 23:55:40 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2012/06/12 23:55:39 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2012/06/12 23:55:39 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2012/06/12 23:55:31 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    MOD - [2012/06/12 23:55:30 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2012/06/12 23:55:29 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2012/06/12 23:55:26 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2012/06/12 23:53:10 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
    MOD - [2012/06/12 23:45:37 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
    MOD - [2012/05/12 11:08:19 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/12 11:08:16 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
    MOD - [2012/05/12 11:08:15 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
    MOD - [2012/05/11 23:19:24 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    MOD - [2012/05/11 23:19:05 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
    MOD - [2012/05/11 23:11:08 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
    MOD - [2012/05/11 23:10:55 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
    MOD - [2012/05/11 23:10:51 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
    MOD - [2012/05/11 23:10:46 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
    MOD - [2012/05/11 23:10:33 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
    MOD - [2012/05/11 23:10:23 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
    MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
    MOD - [2012/02/22 20:49:38 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
    MOD - [2011/11/03 08:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/04/18 18:31:14 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
    MOD - [2011/04/18 18:31:13 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    MOD - [2011/04/18 18:31:12 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
    MOD - [2011/04/18 18:31:12 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
    MOD - [2011/04/18 18:31:12 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
    MOD - [2011/04/18 18:31:12 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
    MOD - [2011/04/18 18:31:12 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
    MOD - [2011/04/18 18:31:11 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
    MOD - [2011/04/18 18:31:11 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
    MOD - [2011/04/18 18:31:11 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
    MOD - [2011/04/18 18:31:11 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
    MOD - [2011/02/28 15:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
    MOD - [2010/08/26 18:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
    MOD - [2010/04/12 12:19:50 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
    MOD - [2010/04/12 12:19:50 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    MOD - [2010/04/12 12:19:50 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
    MOD - [2010/04/12 12:19:48 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
    MOD - [2010/04/12 12:19:47 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
    MOD - [2010/04/12 12:19:46 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
    MOD - [2010/04/12 12:19:45 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
    MOD - [2010/04/12 12:19:44 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
    MOD - [2010/04/12 12:19:44 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
    MOD - [2010/04/12 12:19:44 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
    MOD - [2010/02/03 12:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll
    MOD - [2009/03/15 20:40:49 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
    MOD - [2009/03/15 20:40:49 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
    MOD - [2009/03/15 20:40:49 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
    MOD - [2009/03/15 20:40:48 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
    MOD - [2009/03/15 20:40:48 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
    MOD - [2009/03/15 20:40:48 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
    MOD - [2009/02/20 11:17:46 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
    MOD - [2009/02/20 11:17:45 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    MOD - [2009/02/20 11:17:44 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
    MOD - [2009/02/20 11:09:10 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
    MOD - [2009/02/20 11:09:09 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
    MOD - [2009/02/20 11:09:08 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
    MOD - [2009/02/20 11:09:08 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
    MOD - [2009/02/20 11:09:08 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
    MOD - [2009/02/20 11:09:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
    MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2006/06/11 20:33:08 | 000,003,072 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
    MOD - [2005/06/07 06:10:50 | 000,070,656 | ---- | M] () -- C:\WINDOWS\system32\CTMMACTL.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2012/06/25 15:55:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/05/01 21:27:09 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2011/03/17 19:03:32 | 000,513,408 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
    SRV - [2010/09/14 12:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2010/08/26 18:48:00 | 000,285,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
    SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2008/10/16 20:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
    SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/07/20 03:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
    DRV - [2010/07/20 03:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV - [2010/07/20 03:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
    DRV - [2009/11/06 09:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
    DRV - [2008/12/07 17:50:13 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
    DRV - [2008/12/07 17:50:13 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
    DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2006/11/14 23:34:40 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/06/16 16:55:20 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
    DRV - [2006/05/23 20:41:07 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2006/05/23 20:41:04 | 000,499,584 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV - [2006/05/23 20:40:21 | 001,110,016 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
    DRV - [2006/05/23 20:38:30 | 000,116,224 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2006/05/23 20:38:08 | 000,143,872 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2006/05/23 20:38:01 | 000,078,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
    DRV - [2006/05/23 20:37:44 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
    DRV - [2006/02/17 04:28:32 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/02/17 04:28:30 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/11/10 02:06:04 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
    DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)
    DRV - [2004/08/12 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2004/01/23 19:34:26 | 000,037,840 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\ext2fs.sys -- (Ext2FS)
    DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
    DRV - [2001/07/13 05:29:12 | 001,745,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e10kx2k.sys -- (emu10kx) Creative EMU10K1/EMU10K2 Audio Driver (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    IE - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
    IE - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
    FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"
    FF - prefs.js..browser.startup.homepage: "https://login.secureserver.net/index.php?app=wbe&logout=1|https://www.google.com/"
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/25 15:55:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 23:36:51 | 000,000,000 | ---D | M]

    [2011/01/24 17:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
    [2012/06/08 17:40:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions
    [2012/05/20 09:50:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/06/07 15:44:37 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
    [2012/06/06 20:14:22 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com
    [2011/03/21 14:46:56 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\searchplugins\conduit.xml
    [2012/01/16 20:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/08/29 09:26:09 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/05/17 21:19:58 | 000,004,733 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HIAQG9MZ.DEFAULT\EXTENSIONS\AJDFWFRAUG@AJDFWFRAUG.ORG.XPI
    [2012/06/25 15:55:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/06/25 15:55:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/06/25 15:55:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
     
  14. tameus1

    tameus1 TS Rookie Topic Starter Posts: 23

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

    O1 HOSTS File: ([2012/07/11 19:46:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
    O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
    O7 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301776445218 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E0FA88F-EB10-4A05-98C2-551AA30E7DCA}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{438FB883-A8D6-4C2F-90DC-8821C3C87A0B}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3BA2CA1-666E-467E-A7FA-CC11D685D771}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
    O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\itlntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/10/16 13:17:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/11 19:29:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/07/11 19:29:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/07/11 19:29:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/07/11 19:29:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/07/11 19:29:25 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/07/11 19:28:45 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/10 21:58:07 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/10 19:23:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/07/09 20:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\RK_Quarantine
    [2012/07/08 12:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/07 17:26:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2012/07/07 17:23:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
    [2012/07/07 14:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/07 14:40:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/06/28 21:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2012/06/28 21:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/06/25 16:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
    [2012/06/25 16:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/06/16 23:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\ZipForm
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/11 21:16:15 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2012/07/11 21:05:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/11 20:52:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/07/11 20:13:33 | 000,198,791 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2012/07/11 20:13:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/07/11 20:13:31 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/11 20:13:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/07/11 20:12:14 | 000,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000006-00001102-00000005-002C1102}.rfx
    [2012/07/11 20:12:14 | 000,054,692 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000005-002C1102}.rfx
    [2012/07/11 20:12:14 | 000,054,692 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000006-00001102-00000005-002C1102}.rfx
    [2012/07/11 20:12:14 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2012/07/11 20:12:14 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2012/07/11 19:46:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/07/11 03:19:36 | 000,157,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/07/11 03:02:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/07/10 19:21:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/07/09 21:49:33 | 001,558,016 | ---- | M] () -- C:\Documents and Settings\user\Desktop\winlogon.exe
    [2012/07/09 21:33:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MBR.dat
    [2012/07/08 13:44:33 | 000,672,041 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Listing 394089.pdf
    [2012/07/08 13:42:41 | 001,075,898 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Listing 394809.pdf
    [2012/07/08 12:51:20 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2012/07/07 17:14:29 | 000,263,094 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\census.cache
    [2012/07/07 17:14:12 | 000,195,987 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\ars.cache
    [2012/07/07 17:03:17 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
    [2012/07/07 14:40:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/07 09:44:48 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/07/07 09:44:48 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Spybot - Search & Destroy.lnk
    [2012/07/06 23:29:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2012/07/06 23:06:19 | 000,050,206 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Commissions.pdf
    [2012/07/04 13:15:14 | 000,000,115 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2012/07/02 09:48:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/07/01 14:02:42 | 000,401,682 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Listing 392088.pdf
    [2012/06/19 20:20:30 | 000,119,458 | ---- | M] () -- C:\Documents and Settings\user\Desktop\media_httpboingboingn_nCGtz.jpg.scaled980.jpg
    [2012/06/16 23:22:12 | 000,000,088 | ---- | M] () -- C:\Documents and Settings\user\.java.policy
    [2012/06/16 21:55:01 | 000,049,725 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Bath Salts.jpg
    [2012/06/12 23:55:52 | 000,481,222 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/06/12 23:55:52 | 000,079,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/11 19:29:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/07/11 19:29:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/07/11 19:29:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/07/11 19:29:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/07/11 19:29:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/07/11 03:00:57 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2012/07/09 21:49:27 | 001,558,016 | ---- | C] () -- C:\Documents and Settings\user\Desktop\winlogon.exe
    [2012/07/09 21:23:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MBR.dat
    [2012/07/08 13:42:41 | 001,075,898 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Listing 394809.pdf
    [2012/07/08 13:40:27 | 000,672,041 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Listing 394089.pdf
    [2012/07/08 12:51:05 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/07 17:14:29 | 000,263,094 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\census.cache
    [2012/07/07 17:14:12 | 000,195,987 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\ars.cache
    [2012/07/07 17:03:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
    [2012/07/07 14:40:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/06 23:06:32 | 000,050,206 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Commissions.pdf
    [2012/07/04 13:15:14 | 000,000,115 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2012/07/01 14:02:42 | 000,401,682 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Listing 392088.pdf
    [2012/06/28 21:21:28 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2012/06/24 14:24:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/06/19 20:20:28 | 000,119,458 | ---- | C] () -- C:\Documents and Settings\user\Desktop\media_httpboingboingn_nCGtz.jpg.scaled980.jpg
    [2012/06/16 23:22:12 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\user\.java.policy
    [2012/06/16 21:55:00 | 000,049,725 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Bath Salts.jpg
    [2012/04/15 04:33:19 | 001,800,063 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-1425521274-839522115-1003-0.dat
    [2012/04/15 04:33:18 | 000,148,662 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/04/14 13:02:53 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
    [2012/02/16 20:26:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/11/13 22:19:00 | 000,000,117 | ---- | C] () -- C:\WINDOWS\EWF435.ini
    [2011/06/03 16:31:44 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2011/04/22 00:35:10 | 000,021,984 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/02/09 21:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
    [2011/01/25 19:37:22 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\user\Application Data\$_hpcst$.hpc
    [2010/10/08 19:41:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2007/10/30 20:20:28 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/10/25 23:31:46 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat

    ========== LOP Check ==========

    [2012/03/04 22:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2009/05/25 13:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
    [2012/06/03 18:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2011/03/26 03:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
    [2011/06/21 21:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
    [2011/01/25 19:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
    [2009/05/29 08:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
    [2011/01/22 21:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/11/13 22:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Epson
    [2011/06/30 18:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AskToolbar
    [2011/12/25 20:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Epson
    [2011/03/26 03:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\f-secure
    [2011/06/21 18:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InfraRecorder
    [2011/11/14 00:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
    [2012/05/31 00:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PrimoPDF
    [2012/07/11 21:16:15 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

    ========== Purity Check ==========



    < End of report >
     
  15. tameus1

    tameus1 TS Rookie Topic Starter Posts: 23

    OTL Extras logfile created on: 7/11/2012 9:14:53 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.50% Memory free
    3.85 Gb Paging File | 3.26 Gb Available in Paging File | 84.74% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 21.69 Gb Free Space | 29.11% Space Free | Partition Type: NTFS
    Drive K: | 3.75 Gb Total Space | 3.75 Gb Free Space | 99.97% Space Free | Partition Type: FAT32

    Computer Name: TAMEUS | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

    [HKEY_USERS\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
    "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
    "{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
    "{1240EECF-D5E1-4C1A-8337-B236E950D983}" = TurboTax 2010 wcasbpm
    "{12BB534D-429F-401E-95BC-9ADBDDCDC1D8}" = TurboTax 2008 wcalbpm
    "{180D45DA-5140-48D4-BDEA-8B9CE3A6D9A4}" = TurboTax 2008 WinBizTaxSupport
    "{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
    "{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
    "{1CCD8F53-7D84-4388-B808-4DFC45F390BA}" = TurboTax 2008 wcasbpm
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 29
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
    "{361AC691-EAA2-012B-AD19-000000000000}" = TurboTax 2009 wcalbpm
    "{36302351-EAA2-012B-AD1E-000000000000}" = TurboTax 2009 wcasbpm
    "{376FA830-EAA2-012B-AD6B-000000000000}" = TurboTax 2009 whiiper
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3818E081-EAA2-012B-AD94-000000000000}" = TurboTax 2009 WinBizFedFormset
    "{3830D551-EAA2-012B-AD9A-000000000000}" = TurboTax 2009 WinBizReleaseEngine
    "{383CBC31-EAA2-012B-AD9D-000000000000}" = TurboTax 2009 WinBizTaxSupport
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3C5A81D1-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AEBD86C-C82E-401A-9AA0-8B8AF7A5A3CA}" = TurboTax 2008 WinBizFedFormset
    "{4D0AF541-AEB5-42C0-ADB5-09F7D6F7640F}" = TurboTax 2010 whiiper
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{56D4C8A0-6126-11DD-AD8B-0800200C9A66}" = TurboTax 2008 WinBizUserEducation
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
    "{5866F83F-5347-4324-A15E-070502A65866}" = TurboTax 2010 WinBizReleaseEngine
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
    "{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
    "{6334BBB0-8A2E-4679-B845-9CE27E72DBDA}" = TurboTax 2010 WinBizTaxSupport
    "{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7C555021-17BE-4C01-99D5-B7ED1ADEAF09}" = TurboTax 2010 wcalbpm
    "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
    "{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}" = NVDVD
    "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
    "{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
    "{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{8BA2648C-B0E5-4EAD-9789-22F807478D1E}" = TurboTax 2011 wrapper
    "{8ECB8220-F425-4BEB-9596-97033C533702}" = QuickBooks Premier: Retail Edition 2008
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96976098-9527-41E4-837E-EAA1DBEADB54}" = TurboTax 2008 whiiper
    "{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
    "{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
    "{9E3CDA4E-6522-43EB-AF6F-C8CA318A0772}" = TurboTax 2011 WinBizReleaseEngine
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
    "{A004ACC6-A33D-4083-9775-139C76852C49}" = TurboTax 2011 WinBizFedFormset
    "{A0E21A4A-27B6-4771-950A-64F9ED59BE53}" = TurboTax 2011 wcasbpm
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
    "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
    "{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
    "{B6C2466E-D773-4EF5-9350-9D3D68F668BE}" = TurboTax 2008 WinBizProgramHelp
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
    "{C3ADD937-FD5F-4CC6-AE15-AEDEE2A20165}" = TurboTax 2010 wrapper
    "{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
    "{C8B63671-0A2E-4C9C-8A86-B64C4CBF4561}" = TurboTax 2011 whiiper
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCFFC1DA-7A65-4C1B-98DC-3F7861F50254}" = TurboTax 2008 wrapper
    "{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
    "{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
    "{DB9AB084-C93E-4D07-8BB9-0EC5CA5467BC}" = TurboTax 2011 WinBizTaxSupport
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E6C0F926-446B-4450-8D15-4405A9431EB7}" = TurboTax 2010 WinBizFedFormset
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F8D8A515-3D81-431D-BCBB-9EBA3CFE0987}" = TurboTax 2008 WinBizReleaseEngine
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon Software Downloader" = Amazon Software Downloader
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
    "EPSON Scanner" = EPSON Scan
    "EPSON WorkForce 435 Series" = EPSON WorkForce 435 Series Printer Uninstall
    "ESET Online Scanner" = ESET Online Scanner v3
    "HPOCR" = OCR Software by I.R.I.S. 12.0
    "InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
    "IrfanView" = IrfanView (remove only)
    "Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "NVIDIA Drivers" = NVIDIA Drivers
    "OCCT_is1" = OCCT Perestroika 2.0.1
    "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
    "Shop for HP Supplies" = Shop for HP Supplies
    "SysInfo" = Creative System Information
    "TurboTax 2008" = TurboTax 2008
    "TurboTax 2009" = TurboTax 2009
    "TurboTax 2010" = TurboTax 2010
    "TurboTax 2011" = TurboTax 2011
    "TurboTax Business 2007" = TurboTax Business 2007
    "TurboTax Business 2008" = TurboTax Business 2008
    "TurboTax Business 2009" = TurboTax Business 2009
    "TurboTax Business 2010" = TurboTax Business 2010
    "TurboTax Business 2011" = TurboTax Business 2011
    "TurboTax Deluxe 2007" = TurboTax Deluxe 2007
    "TurboTax Home & Business 2007" = TurboTax Home & Business 2007
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Toolbar" = Yahoo! Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Nero Toolbar Updater

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/10/2012 6:00:40 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
    Description =

    Error - 7/10/2012 6:00:41 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
    Description =

    Error - 7/10/2012 10:33:07 PM | Computer Name = TAMEUS | Source = Application Hang | ID = 1002
    Description = Hanging application YahooMessenger.exe, version 11.5.0.192, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
    Description =

    Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
    Description =

    Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
    Description =

    Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
    Description =

    Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
    Description =

    Error - 7/11/2012 6:02:39 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
    Description =

    Error - 7/11/2012 10:32:42 PM | Computer Name = TAMEUS | Source = Application Error | ID = 1000
    Description = Faulting application yahoomessenger.exe, version 11.5.0.192, faulting
    module unknown, version 0.0.0.0, fault address 0x00222c2f.

    [ QB GDS Plugi Events ]
    Error - 7/10/2012 6:00:40 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
    Description =

    Error - 7/10/2012 6:00:41 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
    Description =

    Error - 7/10/2012 10:33:07 PM | Computer Name = TAMEUS | Source = Application Hang | ID = 1002
    Description =

    Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
    Description =

    Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
    Description =

    Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
    Description =

    Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
    Description =

    Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
    Description =

    Error - 7/11/2012 6:02:39 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
    Description =

    Error - 7/11/2012 10:32:42 PM | Computer Name = TAMEUS | Source = Application Error | ID = 1000
    Description =

    [ System Events ]
    Error - 7/11/2012 1:02:49 AM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASKUTIL

    Error - 7/11/2012 6:00:33 AM | Computer Name = TAMEUS | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
    Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

    Error - 7/11/2012 6:02:44 AM | Computer Name = TAMEUS | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
    Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).

    Error - 7/11/2012 6:21:12 AM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 7/11/2012 6:21:12 AM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASKUTIL

    Error - 7/11/2012 10:23:42 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 7/11/2012 10:23:42 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASKUTIL

    Error - 7/11/2012 10:29:46 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Windows Management Instrumentation
    service, but this action failed with the following error: %%1056

    Error - 7/11/2012 10:45:55 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASKUTIL

    Error - 7/11/2012 11:13:24 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASKUTIL


    < End of report >
     
  16. tameus1

    tameus1 TS Rookie Topic Starter Posts: 23

    OTL Extras logfile created on: 7/11/2012 9:14:53 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.50% Memory free
    3.85 Gb Paging File | 3.26 Gb Available in Paging File | 84.74% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 21.69 Gb Free Space | 29.11% Space Free | Partition Type: NTFS
    Drive K: | 3.75 Gb Total Space | 3.75 Gb Free Space | 99.97% Space Free | Partition Type: FAT32

    Computer Name: TAMEUS | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

    [HKEY_USERS\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
    "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
    "{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
    "{1240EECF-D5E1-4C1A-8337-B236E950D983}" = TurboTax 2010 wcasbpm
    "{12BB534D-429F-401E-95BC-9ADBDDCDC1D8}" = TurboTax 2008 wcalbpm
    "{180D45DA-5140-48D4-BDEA-8B9CE3A6D9A4}" = TurboTax 2008 WinBizTaxSupport
    "{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
    "{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
    "{1CCD8F53-7D84-4388-B808-4DFC45F390BA}" = TurboTax 2008 wcasbpm
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 29
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
    "{361AC691-EAA2-012B-AD19-000000000000}" = TurboTax 2009 wcalbpm
    "{36302351-EAA2-012B-AD1E-000000000000}" = TurboTax 2009 wcasbpm
    "{376FA830-EAA2-012B-AD6B-000000000000}" = TurboTax 2009 whiiper
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3818E081-EAA2-012B-AD94-000000000000}" = TurboTax 2009 WinBizFedFormset
    "{3830D551-EAA2-012B-AD9A-000000000000}" = TurboTax 2009 WinBizReleaseEngine
    "{383CBC31-EAA2-012B-AD9D-000000000000}" = TurboTax 2009 WinBizTaxSupport
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3C5A81D1-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AEBD86C-C82E-401A-9AA0-8B8AF7A5A3CA}" = TurboTax 2008 WinBizFedFormset
    "{4D0AF541-AEB5-42C0-ADB5-09F7D6F7640F}" = TurboTax 2010 whiiper
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{56D4C8A0-6126-11DD-AD8B-0800200C9A66}" = TurboTax 2008 WinBizUserEducation
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
    "{5866F83F-5347-4324-A15E-070502A65866}" = TurboTax 2010 WinBizReleaseEngine
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
    "{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
    "{6334BBB0-8A2E-4679-B845-9CE27E72DBDA}" = TurboTax 2010 WinBizTaxSupport
    "{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7C555021-17BE-4C01-99D5-B7ED1ADEAF09}" = TurboTax 2010 wcalbpm
    "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
    "{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}" = NVDVD
    "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
    "{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
    "{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{8BA2648C-B0E5-4EAD-9789-22F807478D1E}" = TurboTax 2011 wrapper
    "{8ECB8220-F425-4BEB-9596-97033C533702}" = QuickBooks Premier: Retail Edition 2008
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96976098-9527-41E4-837E-EAA1DBEADB54}" = TurboTax 2008 whiiper
    "{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
    "{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
    "{9E3CDA4E-6522-43EB-AF6F-C8CA318A0772}" = TurboTax 2011 WinBizReleaseEngine
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
    "{A004ACC6-A33D-4083-9775-139C76852C49}" = TurboTax 2011 WinBizFedFormset
    "{A0E21A4A-27B6-4771-950A-64F9ED59BE53}" = TurboTax 2011 wcasbpm
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
    "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
    "{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
    "{B6C2466E-D773-4EF5-9350-9D3D68F668BE}" = TurboTax 2008 WinBizProgramHelp
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
     
  17. tameus1

    tameus1 TS Rookie Topic Starter Posts: 23

    "{C3ADD937-FD5F-4CC6-AE15-AEDEE2A20165}" = TurboTax 2010 wrapper
    "{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
    "{C8B63671-0A2E-4C9C-8A86-B64C4CBF4561}" = TurboTax 2011 whiiper
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCFFC1DA-7A65-4C1B-98DC-3F7861F50254}" = TurboTax 2008 wrapper
    "{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
    "{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
    "{DB9AB084-C93E-4D07-8BB9-0EC5CA5467BC}" = TurboTax 2011 WinBizTaxSupport
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E6C0F926-446B-4450-8D15-4405A9431EB7}" = TurboTax 2010 WinBizFedFormset
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F8D8A515-3D81-431D-BCBB-9EBA3CFE0987}" = TurboTax 2008 WinBizReleaseEngine
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon Software Downloader" = Amazon Software Downloader
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
    "EPSON Scanner" = EPSON Scan
    "EPSON WorkForce 435 Series" = EPSON WorkForce 435 Series Printer Uninstall
    "ESET Online Scanner" = ESET Online Scanner v3
    "HPOCR" = OCR Software by I.R.I.S. 12.0
    "InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
    "IrfanView" = IrfanView (remove only)
    "Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "NVIDIA Drivers" = NVIDIA Drivers
    "OCCT_is1" = OCCT Perestroika 2.0.1
    "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
    "Shop for HP Supplies" = Shop for HP Supplies
    "SysInfo" = Creative System Information
    "TurboTax 2008" = TurboTax 2008
    "TurboTax 2009" = TurboTax 2009
    "TurboTax 2010" = TurboTax 2010
    "TurboTax 2011" = TurboTax 2011
    "TurboTax Business 2007" = TurboTax Business 2007
    "TurboTax Business 2008" = TurboTax Business 2008
    "TurboTax Business 2009" = TurboTax Business 2009
    "TurboTax Business 2010" = TurboTax Business 2010
    "TurboTax Business 2011" = TurboTax Business 2011
    "TurboTax Deluxe 2007" = TurboTax Deluxe 2007
    "TurboTax Home & Business 2007" = TurboTax Home & Business 2007
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Toolbar" = Yahoo! Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Nero Toolbar Updater

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/10/2012 6:00:40 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
    Description =

    Error - 7/10/2012 6:00:41 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
    Description =

    Error - 7/10/2012 10:33:07 PM | Computer Name = TAMEUS | Source = Application Hang | ID = 1002
    Description = Hanging application YahooMessenger.exe, version 11.5.0.192, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
    Description =

    Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
    Description =

    Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
    Description =

    Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
    Description =

    Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
    Description =

    Error - 7/11/2012 6:02:39 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
    Description =

    Error - 7/11/2012 10:32:42 PM | Computer Name = TAMEUS | Source = Application Error | ID = 1000
    Description = Faulting application yahoomessenger.exe, version 11.5.0.192, faulting
    module unknown, version 0.0.0.0, fault address 0x00222c2f.

    [ QB GDS Plugi Events ]
    Error - 7/10/2012 6:00:40 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
    Description =

    Error - 7/10/2012 6:00:41 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
    Description =

    Error - 7/10/2012 10:33:07 PM | Computer Name = TAMEUS | Source = Application Hang | ID = 1002
    Description =

    Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
    Description =

    Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
    Description =

    Error - 7/11/2012 6:00:27 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
    Description =

    Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 11719
    Description =

    Error - 7/11/2012 6:02:38 AM | Computer Name = TAMEUS | Source = MsiInstaller | ID = 1023
    Description =

    Error - 7/11/2012 6:02:39 AM | Computer Name = TAMEUS | Source = NativeWrapper | ID = 5000
    Description =

    Error - 7/11/2012 10:32:42 PM | Computer Name = TAMEUS | Source = Application Error | ID = 1000
    Description =

    [ System Events ]
    Error - 7/11/2012 1:02:49 AM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASKUTIL

    Error - 7/11/2012 6:00:33 AM | Computer Name = TAMEUS | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
    Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

    Error - 7/11/2012 6:02:44 AM | Computer Name = TAMEUS | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
    Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).

    Error - 7/11/2012 6:21:12 AM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 7/11/2012 6:21:12 AM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASKUTIL

    Error - 7/11/2012 10:23:42 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 7/11/2012 10:23:42 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASKUTIL

    Error - 7/11/2012 10:29:46 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Windows Management Instrumentation
    service, but this action failed with the following error: %%1056

    Error - 7/11/2012 10:45:55 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASKUTIL

    Error - 7/11/2012 11:13:24 PM | Computer Name = TAMEUS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASKUTIL


    < End of report >
     
  18. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You didn't say:
    [​IMG]

    ===========================================

    If MSE is not working correctly reinstall it.

    ==========================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2012/04/09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
      [2012/06/06 20:14:22 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
      O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
      O15 - HKU\S-1-5-21-1715567821-1425521274-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      [2012/03/04 22:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
      [2011/06/30 18:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AskToolbar
      [2012/07/11 21:16:15 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===========================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. tameus1

    tameus1 TS Rookie Topic Starter Posts: 23

    Hey Broni, sorry about that. Computer is working well. Redirect appears to be resolved.

    All processes killed
    ========== OTL ==========
    No active process named Updater.exe was found!
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\logs folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\defaults folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\datastore folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-01-May-2012-07-16-05-GMT folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-13-Oct-2011-19-12-52-GMT folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-25-Dec-2011-22-05-00-GMT folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-17-Jul-2011-18-58-52-GMT folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-12-Nov-2011-19-13-58-GMT folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-06-Aug-2011-21-00-04-GMT folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-28-Nov-2011-17-43-10-GMT folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-16-Jan-2012-04-51-09-GMT folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-23-Sep-2011-23-55-13-GMT folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-10-Feb-2012-03-36-02-GMT folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com\chrome folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hiaqg9mz.default\extensions\toolbar@ask.com folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-1715567821-1425521274-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
    C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
    Registry key HKEY_USERS\S-1-5-21-1715567821-1425521274-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
    C:\Documents and Settings\All Users\Application Data\AVAST Software folder moved successfully.
    C:\Documents and Settings\user\Application Data\AskToolbar folder moved successfully.
    C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\Ask.com\Updater folder moved successfully.
    C:\Program Files\Ask.com\assets\oobe folder moved successfully.
    C:\Program Files\Ask.com\assets folder moved successfully.
    C:\Program Files\Ask.com folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 4014214 bytes
    ->Flash cache emptied: 5500 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 67731 bytes

    User: user
    ->Temp folder emptied: 975921 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 11034349 bytes
    ->FireFox cache emptied: 157641246 bytes
    ->Google Chrome cache emptied: 185371057 bytes
    ->Flash cache emptied: 3882 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 9241 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 343.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: user
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: user
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 07112012_214546

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    Microsoft Security Essentials
    Antivirus up to date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Spybot - Search & Destroy
    Java(TM) 6 Update 29
    Out of date Java installed!
    Adobe Flash Player 11.0.1.152
    Adobe Reader X (10.1.3)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````

    Farbar Service Scanner Version: 08-07-2012
    Ran by user (administrator) on 11-07-2012 at 21:56:03
    Running from "C:\Documents and Settings\user\My Documents\Downloads"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    AegisP(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x09000000050000000100000002000000030000000400000056000000060000000700000008000000
    IpSec Tag value is correct.

    **** End of log ****

    ESETScan

    C:\Documents and Settings\user\Desktop\RK_Quarantine\xpbjxuqd.dll.vir a variant of Win32/Kryptik.AIGB trojan cleaned by deleting - quarantined
    C:\Documents and Settings\user\My Documents\Downloads\infrarecorder_34.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\user\Local Settings\Application Data\assembly\AskToolbar\xpbjxuqd.dll.vir a variant of Win32/Kryptik.AIGB trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\user\Local Settings\Application Data\{51e41825-a513-84a7-8932-86398a66071f}\n.vir Win32/Sirefef.EV trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\Installer\{51e41825-a513-84a7-8932-86398a66071f}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP913\A0110157.ini Win32/Sirefef.EZ trojan deleted - quarantined
    C:\System Volume Information\_restore{08BEC55A-F914-4581-83D8-64651CCBC04B}\RP917\A0116293.dll a variant of Win32/Kryptik.AIGB trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.MY trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0007.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.07.2012_19.22.39\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==============================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  21. tameus1

    tameus1 TS Rookie Topic Starter Posts: 23

    Hi Broni! Computer is working well. Thanks for your help!
     
  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...