banker fox A+ win32/nugulE + system guard 2009

View previous topic View next topic Go down

banker fox A+ win32/nugulE + system guard 2009

Post by jvprn on Mon Nov 23, 2009 7:31 pm

My other computer, Vista 64, has all three of these somewhat interrelated bugs. I understand that they are harmless, however they have mounted almost total control of the computer. No internet! Cannot open helpful programs.

By downlaoding your "HI-jack this" onto a flash I inserted onto the desktop of the infected computer...but I can't reach the "scan" button before the window closes.

I also tried to get ad-ware by lavasoft and Malwarebyte to run by the same method..it gets to Loading then shuts down.

BTW...I have removed the infected computer from my network.

In the past I have manually extracted such bugs when given the list of reg-edit and file offenders.

I'm really stuck.
jvprn Thank You! Let me think


Last edited by jvprn on Mon Nov 23, 2009 8:00 pm; edited 1 time in total (Reason for editing : more info)

jvprn
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-11-23
OS OS : vista
Points Points : 25781
# Likes # Likes : 0

View user profile

Back to top Go down

Re: banker fox A+ win32/nugulE + system guard 2009

Post by Belahzur on Mon Nov 23, 2009 8:28 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: banker fox A+ win32/nugulE + system guard 2009

Post by jvprn on Tue Nov 24, 2009 5:58 pm

I cannot grab the OLT.txt..it's just a flash on the screen...suggestions?

Here is the extra.txt in several posts...

OTL logfile created on: 11/24/2009 12:36:03 PM - Run 2
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Users\owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 68.17% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.97 Gb Total Space | 180.79 Gb Free Space | 63.00% Space Free | Partition Type: NTFS
Drive D: | 11.12 Gb Total Space | 1.86 Gb Free Space | 16.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/24 12:21:54 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2009/11/22 19:26:17 | 00,285,712 | ---- | M] (Microsoft Corporation) -- C:\Users\owner\AppData\Local\kardwb\mogvsysguard.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/01/21 15:32:06 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/01/21 15:32:06 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/07/03 17:32:00 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/07/03 17:32:00 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/07/03 17:32:00 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/24 01:52:06 | 00,112,008 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2008/04/24 01:51:58 | 00,292,232 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2008/04/15 19:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 19:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 19:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/15 19:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/03/26 17:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/01/20 21:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2008/01/20 21:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2007/01/09 04:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/09 04:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe


========== Modules (SafeList) ==========

MOD - [2009/11/24 12:21:54 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
MOD - [2009/07/17 09:35:11 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2008/02/29 01:53:38 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2008/01/20 21:52:09 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2008/01/20 21:50:01 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2008/01/20 21:49:43 | 01,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2008/01/20 21:49:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2008/01/20 21:49:32 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2008/01/20 21:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/04/15 13:18:44 | 00,246,272 | ---- | M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_48fbb870\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/03/18 18:25:40 | 00,023,040 | ---- | M] () -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/02/12 15:05:54 | 00,086,016 | ---- | M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 21:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 14:11:30 | 00,015,872 | ---- | M] () -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/26 21:05:12 | 00,182,768 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/15 14:46:29 | 01,245,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/08/04 10:20:16 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/27 13:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/24 13:23:39 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/07/03 17:32:00 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/06/19 20:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/19 20:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/04/24 01:52:06 | 00,112,008 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2008/04/24 01:51:58 | 00,292,232 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2008/04/15 19:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/04/15 15:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/03/26 17:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/21 17:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/02/07 13:23:34 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/01/25 20:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/01/20 21:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/20 21:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2007/12/04 19:41:34 | 00,181,784 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/08/22 03:22:08 | 00,267,096 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/09 04:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/11/02 10:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 08:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/03/19 15:34:18 | 00,029,544 | ---- | M] () -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/19 11:31:42 | 00,028,720 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/02/19 11:31:18 | 00,047,664 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2009/02/19 11:31:00 | 00,266,800 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/02/19 11:30:58 | 00,145,456 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2009/02/19 11:30:58 | 00,028,720 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV:64bit: - [2009/02/19 11:30:58 | 00,016,432 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV:64bit: - [2009/01/18 19:20:03 | 00,172,080 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2008/07/30 16:55:06 | 00,025,424 | ---- | M] () -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon)
DRV:64bit: - [2008/06/29 18:14:49 | 01,374,712 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/06/29 18:14:49 | 01,374,712 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2008/06/10 10:58:48 | 00,170,496 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/05/22 22:29:00 | 00,054,816 | ---- | M] () -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/04/15 19:54:16 | 00,388,120 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/15 13:19:56 | 00,453,120 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/04/01 06:13:34 | 00,120,720 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/03/28 01:06:00 | 00,324,656 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/03/27 14:10:56 | 00,026,984 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 00,040,296 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 17:59:32 | 01,252,352 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/31 20:51:18 | 00,476,720 | ---- | M] () -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2008/01/31 20:51:18 | 00,440,880 | ---- | M] () -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2008/01/31 20:51:18 | 00,032,304 | ---- | M] () -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2008/01/24 08:24:24 | 00,060,928 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 21:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 21:46:57 | 01,523,712 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 21:46:57 | 00,724,480 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 21:46:57 | 00,286,720 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 21:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/07/11 12:30:34 | 00,009,088 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/06/18 19:13:12 | 00,018,432 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/11/29 17:24:49 | 00,024,064 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw) WAN Miniport (ATW)
DRV:64bit: - [2006/11/02 00:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/09 21:09:03 | 00,742,696 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV - [2009/08/26 03:00:00 | 00,475,696 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/08/26 03:00:00 | 00,132,656 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/25 03:00:00 | 01,742,896 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091122.003\EX64.SYS -- (NAVEX15)
DRV - [2009/08/25 03:00:00 | 00,116,272 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091122.003\ENG64.SYS -- (NAVENG)
DRV - [2009/02/09 17:59:12 | 00,370,224 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20091111.001\IDSviA64.sys -- (IDSvia64)
DRV - [2008/07/30 16:28:04 | 00,000,841 | ---- | M] () -- C:\Windows\SysWOW64\drivers\COH_Mon.inf -- (COH_Mon)
DRV - [2008/04/24 01:50:54 | 00,032,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2006/09/18 16:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 08:29:44 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files (x86)\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Artisan 800(Network)] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIEMA.EXE File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [stlamgiv] C:\Users\owner\AppData\Local\kardwb\mogvsysguard.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1231b3a3-ea35-11dd-ab44-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{1231b3a3-ea35-11dd-ab44-00038a000015}\Shell\AutoRun\command - "" = F:\StormF1.exe -- File not found
O33 - MountPoints2\{a4f35123-d1f6-11dd-b8c9-00038a000015}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{c9bbc5b2-df5f-11dd-a6f5-00038a000015}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = wdsync.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (/p) - File not found
O34 - HKLM BootExecute: (\??\F:) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/24 12:32:52 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2009/11/23 14:52:53 | 00,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2009/11/23 14:52:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/11/23 14:52:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/11/23 14:52:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/22 22:28:47 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/22 22:28:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/11/22 22:28:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/11/22 21:51:48 | 00,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Symantec
[2009/11/22 20:38:55 | 77,086,488 | ---- | C] (Lavasoft ) -- C:\Users\owner\Desktop\Ad-AwareInstallation.exe
[2009/11/22 19:26:28 | 00,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\kardwb
[2009/11/12 09:40:23 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSDApi.dll
[2009/11/04 22:13:48 | 03,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/29 19:23:16 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2009/10/29 19:23:16 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2009/10/29 19:23:16 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2009/10/29 19:23:04 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2009/10/29 19:23:04 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2009/10/27 17:32:59 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2009/10/27 17:32:57 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/27 17:32:45 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2008/08/05 15:36:18 | 02,492,040 | ---- | C] (CANON INC.) -- C:\Program Files (x86)\VU600EN.exe

jvprn
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-11-23
OS OS : vista
Points Points : 25781
# Likes # Likes : 0

View user profile

Back to top Go down

Re: banker fox A+ win32/nugulE + system guard 2009

Post by jvprn on Tue Nov 24, 2009 5:59 pm

========== Files - Modified Within 30 Days ==========

[2009/11/24 12:35:59 | 00,111,883 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/24 12:35:59 | 00,111,883 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/24 12:35:54 | 02,359,296 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT
[2009/11/24 12:35:35 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/24 12:35:34 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/24 12:35:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/24 12:35:27 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/24 12:35:20 | 42,920,38656 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/24 12:34:07 | 00,524,288 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/11/24 12:34:07 | 00,065,536 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/11/24 12:33:54 | 03,812,847 | -H-- | M] () -- C:\Users\owner\AppData\Local\IconCache.db
[2009/11/24 12:30:04 | 00,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6A791EC9-9F86-47E7-8568-67ED22AD00BB}.job
[2009/11/24 12:21:54 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2009/11/23 14:52:52 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/23 14:45:59 | 00,000,230 | ---- | M] () -- C:\Users\owner\Desktop\Run.lnk
[2009/11/22 22:34:38 | 00,001,073 | ---- | M] () -- C:\Users\owner\Desktop\Ad-Aware.lnk
[2009/11/22 22:28:48 | 00,000,183 | ---- | M] () -- C:\Users\owner\Desktop\Review of Optometry.url
[2009/11/22 22:28:46 | 00,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/11/22 20:35:36 | 77,086,488 | ---- | M] (Lavasoft ) -- C:\Users\owner\Desktop\Ad-AwareInstallation.exe
[2009/11/22 16:16:40 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/22 16:16:40 | 00,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/22 16:16:40 | 00,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/19 22:19:05 | 00,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForowner.job
[2009/11/19 19:34:10 | 00,000,214 | ---- | M] () -- C:\Users\owner\Desktop\people of WalMart.url
[2009/11/15 18:48:54 | 00,000,130 | ---- | M] () -- C:\Users\owner\Desktop\COPE.url
[2009/11/13 19:26:14 | 00,397,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/11/05 13:05:58 | 28,155,840 | ---- | M] () -- C:\Windows\SysNative\mrt.exe
[2009/10/27 20:40:39 | 00,000,923 | ---- | M] () -- C:\Users\owner\Desktop\Final Ant Seg Disease and CL Wearer with Mary Jo - Shortcut.lnk

========== Files Created - No Company Name ==========

[2009/11/23 14:52:52 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/23 14:52:48 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/11/23 14:45:59 | 00,000,230 | ---- | C] () -- C:\Users\owner\Desktop\Run.lnk
[2009/11/22 22:34:38 | 00,001,073 | ---- | C] () -- C:\Users\owner\Desktop\Ad-Aware.lnk
[2009/11/22 22:28:46 | 00,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/11/19 19:34:10 | 00,000,214 | ---- | C] () -- C:\Users\owner\Desktop\people of WalMart.url
[2009/11/15 18:48:54 | 00,000,130 | ---- | C] () -- C:\Users\owner\Desktop\COPE.url
[2009/11/12 09:40:23 | 00,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2009/11/12 09:40:22 | 02,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2009/11/04 22:13:49 | 05,685,760 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/10/29 19:23:35 | 00,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2009/10/29 19:23:34 | 02,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2009/10/29 19:23:34 | 02,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2009/10/29 19:23:34 | 00,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2009/10/29 19:23:16 | 00,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2009/10/29 19:23:16 | 00,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2009/10/29 19:23:16 | 00,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2009/10/29 19:23:04 | 00,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2009/10/29 19:23:04 | 00,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2009/10/27 20:40:39 | 00,000,923 | ---- | C] () -- C:\Users\owner\Desktop\Final Ant Seg Disease and CL Wearer with Mary Jo - Shortcut.lnk
[2009/10/27 17:32:59 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/10/27 17:32:59 | 00,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2009/10/27 17:32:45 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/09/03 09:09:26 | 00,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/09/03 09:01:14 | 00,000,044 | ---- | C] () -- C:\Windows\EPART800.ini
[2009/04/25 19:58:55 | 00,000,000 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2008/12/18 21:06:24 | 00,000,108 | ---- | C] () -- C:\Windows\WFT-E2Utility.INI
[2008/08/15 11:40:32 | 00,007,680 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/18 11:45:36 | 03,812,847 | -H-- | C] () -- C:\Users\owner\AppData\Local\IconCache.db
[2008/07/18 11:17:13 | 00,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\QSwitch.txt
[2008/07/18 11:17:13 | 00,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\DSwitch.txt
[2008/07/18 11:17:13 | 00,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\AtStart.txt
[2008/07/18 11:17:11 | 00,108,864 | ---- | C] () -- C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/06/29 18:43:51 | 00,111,883 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/06/29 18:39:54 | 00,111,883 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/06/10 04:59:06 | 00,000,371 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 10:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 10:07:25 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 10:07:25 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 10:07:25 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:07:25 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:06 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 07:34:27 | 00,000,261 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
< End of report >
PRC - [2009/11/24 12:21:54 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2009/11/22 19:26:17 | 00,285,712 | ---- | M] (Microsoft Corporation) -- C:\Users\owner\AppData\Local\kardwb\mogvsysguard.exe
PRC - [2009/01/21 15:32:06 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/01/21 15:32:06 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/04/15 19:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/15 19:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/20 21:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2008/01/20 21:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (SafeList) ==========

MOD - [2009/11/24 12:21:54 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
MOD - [2009/07/17 09:35:11 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2008/11/26 23:35:06 | 01,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll
MOD - [2008/02/29 01:53:38 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2008/01/20 21:52:09 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2008/01/20 21:51:41 | 02,537,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2008/01/20 21:50:46 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2008/01/20 21:50:03 | 00,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 21:50:01 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2008/01/20 21:49:43 | 01,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2008/01/20 21:49:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2008/01/20 21:49:32 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2008/01/20 21:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/04/15 13:18:44 | 00,246,272 | ---- | M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_48fbb870\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/03/18 18:25:40 | 00,023,040 | ---- | M] () -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/02/12 15:05:54 | 00,086,016 | ---- | M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 21:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 14:11:30 | 00,015,872 | ---- | M] () -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/26 21:05:12 | 00,182,768 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/15 14:46:29 | 01,245,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/08/04 10:20:16 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/27 13:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/24 13:23:39 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/07/03 17:32:00 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/06/19 20:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/19 20:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/04/24 01:52:06 | 00,112,008 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2008/04/24 01:51:58 | 00,292,232 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2008/04/15 19:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/04/15 15:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/03/26 17:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/21 17:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/02/07 13:23:34 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/01/25 20:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/01/20 21:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/20 21:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2007/12/04 19:41:34 | 00,181,784 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/08/22 03:22:08 | 00,267,096 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/09 04:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/11/02 10:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 08:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/03/19 15:34:18 | 00,029,544 | ---- | M] () -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/19 11:31:42 | 00,028,720 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/02/19 11:31:18 | 00,047,664 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2009/02/19 11:31:00 | 00,266,800 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/02/19 11:30:58 | 00,145,456 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2009/02/19 11:30:58 | 00,028,720 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV:64bit: - [2009/02/19 11:30:58 | 00,016,432 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV:64bit: - [2009/01/18 19:20:03 | 00,172,080 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2008/07/30 16:55:06 | 00,025,424 | ---- | M] () -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon)
DRV:64bit: - [2008/06/29 18:14:49 | 01,374,712 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/06/29 18:14:49 | 01,374,712 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2008/06/10 10:58:48 | 00,170,496 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/05/22 22:29:00 | 00,054,816 | ---- | M] () -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/04/15 19:54:16 | 00,388,120 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/15 13:19:56 | 00,453,120 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/04/01 06:13:34 | 00,120,720 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/03/28 01:06:00 | 00,324,656 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/03/27 14:10:56 | 00,026,984 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 00,040,296 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 17:59:32 | 01,252,352 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/31 20:51:18 | 00,476,720 | ---- | M] () -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2008/01/31 20:51:18 | 00,440,880 | ---- | M] () -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2008/01/31 20:51:18 | 00,032,304 | ---- | M] () -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2008/01/24 08:24:24 | 00,060,928 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 21:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 21:46:57 | 01,523,712 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 21:46:57 | 00,724,480 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 21:46:57 | 00,286,720 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 21:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/07/11 12:30:34 | 00,009,088 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/06/18 19:13:12 | 00,018,432 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/11/29 17:24:49 | 00,024,064 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw) WAN Miniport (ATW)
DRV:64bit: - [2006/11/02 00:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/09 21:09:03 | 00,742,696 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV - [2009/08/26 03:00:00 | 00,475,696 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/08/26 03:00:00 | 00,132,656 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/25 03:00:00 | 01,742,896 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091122.003\EX64.SYS -- (NAVEX15)
DRV - [2009/08/25 03:00:00 | 00,116,272 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091122.003\ENG64.SYS -- (NAVENG)
DRV - [2009/02/09 17:59:12 | 00,370,224 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20091111.001\IDSviA64.sys -- (IDSvia64)
DRV - [2008/07/30 16:28:04 | 00,000,841 | ---- | M] () -- C:\Windows\SysWOW64\drivers\COH_Mon.inf -- (COH_Mon)
DRV - [2008/04/24 01:50:54 | 00,032,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2006/09/18 16:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 08:29:44 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files (x86)\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Artisan 800(Network)] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIEMA.EXE File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [stlamgiv] C:\Users\owner\AppData\Local\kardwb\mogvsysguard.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1231b3a3-ea35-11dd-ab44-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{1231b3a3-ea35-11dd-ab44-00038a000015}\Shell\AutoRun\command - "" = F:\StormF1.exe -- File not found
O33 - MountPoints2\{a4f35123-d1f6-11dd-b8c9-00038a000015}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{c9bbc5b2-df5f-11dd-a6f5-00038a000015}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = wdsync.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (/p) - File not found
O34 - HKLM BootExecute: (\??\F:) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/24 12:32:52 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2009/11/23 14:52:53 | 00,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2009/11/23 14:52:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/11/23 14:52:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/11/23 14:52:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/22 22:28:47 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/22 22:28:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/11/22 22:28:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/11/22 21:51:48 | 00,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Symantec
[2009/11/22 20:38:55 | 77,086,488 | ---- | C] (Lavasoft ) -- C:\Users\owner\Desktop\Ad-AwareInstallation.exe
[2009/11/22 19:26:28 | 00,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\kardwb
[2009/11/12 09:40:23 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSDApi.dll
[2009/11/04 22:13:48 | 03,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/29 19:23:16 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2009/10/29 19:23:16 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2009/10/29 19:23:16 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2009/10/29 19:23:04 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2009/10/29 19:23:04 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2009/10/27 17:32:59 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2009/10/27 17:32:57 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/27 17:32:45 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2008/08/05 15:36:18 | 02,492,040 | ---- | C] (CANON INC.) -- C:\Program Files (x86)\VU600EN.exe

========== Files - Modified Within 30 Days ==========

[2009/11/24 12:38:46 | 02,359,296 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT
[2009/11/24 12:35:59 | 00,111,883 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/24 12:35:59 | 00,111,883 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/24 12:35:35 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/24 12:35:34 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/24 12:35:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/24 12:35:27 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/24 12:35:20 | 42,920,38656 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/24 12:34:07 | 00,524,288 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/11/24 12:34:07 | 00,065,536 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/11/24 12:33:54 | 03,812,847 | -H-- | M] () -- C:\Users\owner\AppData\Local\IconCache.db
[2009/11/24 12:30:04 | 00,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6A791EC9-9F86-47E7-8568-67ED22AD00BB}.job
[2009/11/24 12:21:54 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2009/11/23 14:52:52 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/23 14:45:59 | 00,000,230 | ---- | M] () -- C:\Users\owner\Desktop\Run.lnk
[2009/11/22 22:34:38 | 00,001,073 | ---- | M] () -- C:\Users\owner\Desktop\Ad-Aware.lnk
[2009/11/22 22:28:48 | 00,000,183 | ---- | M] () -- C:\Users\owner\Desktop\Review of Optometry.url
[2009/11/22 22:28:46 | 00,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/11/22 20:35:36 | 77,086,488 | ---- | M] (Lavasoft ) -- C:\Users\owner\Desktop\Ad-AwareInstallation.exe
[2009/11/22 16:16:40 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/22 16:16:40 | 00,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/22 16:16:40 | 00,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/19 22:19:05 | 00,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForowner.job
[2009/11/19 19:34:10 | 00,000,214 | ---- | M] () -- C:\Users\owner\Desktop\people of WalMart.url
[2009/11/15 18:48:54 | 00,000,130 | ---- | M] () -- C:\Users\owner\Desktop\COPE.url
[2009/11/13 19:26:14 | 00,397,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/11/05 13:05:58 | 28,155,840 | ---- | M] () -- C:\Windows\SysNative\mrt.exe
[2009/10/27 20:40:39 | 00,000,923 | ---- | M] () -- C:\Users\owner\Desktop\Final Ant Seg Disease and CL Wearer with Mary Jo - Shortcut.lnk

========== Files Created - No Company Name ==========

[2009/11/23 14:52:52 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/23 14:52:48 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/11/23 14:45:59 | 00,000,230 | ---- | C] () -- C:\Users\owner\Desktop\Run.lnk
[2009/11/22 22:34:38 | 00,001,073 | ---- | C] () -- C:\Users\owner\Desktop\Ad-Aware.lnk
[2009/11/22 22:28:46 | 00,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/11/19 19:34:10 | 00,000,214 | ---- | C] () -- C:\Users\owner\Desktop\people of WalMart.url
[2009/11/15 18:48:54 | 00,000,130 | ---- | C] () -- C:\Users\owner\Desktop\COPE.url
[2009/11/12 09:40:23 | 00,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2009/11/12 09:40:22 | 02,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2009/11/04 22:13:49 | 05,685,760 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/10/29 19:23:35 | 00,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2009/10/29 19:23:34 | 02,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2009/10/29 19:23:34 | 02,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2009/10/29 19:23:34 | 00,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2009/10/29 19:23:16 | 00,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2009/10/29 19:23:16 | 00,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2009/10/29 19:23:16 | 00,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2009/10/29 19:23:04 | 00,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2009/10/29 19:23:04 | 00,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2009/10/27 20:40:39 | 00,000,923 | ---- | C] () -- C:\Users\owner\Desktop\Final Ant Seg Disease and CL Wearer with Mary Jo - Shortcut.lnk
[2009/10/27 17:32:59 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/10/27 17:32:59 | 00,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2009/10/27 17:32:45 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/09/03 09:09:26 | 00,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/09/03 09:01:14 | 00,000,044 | ---- | C] () -- C:\Windows\EPART800.ini
[2009/04/25 19:58:55 | 00,000,000 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2008/12/18 21:06:24 | 00,000,108 | ---- | C] () -- C:\Windows\WFT-E2Utility.INI
[2008/08/15 11:40:32 | 00,007,680 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/18 11:45:36 | 03,812,847 | -H-- | C] () -- C:\Users\owner\AppData\Local\IconCache.db
[2008/07/18 11:17:13 | 00,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\QSwitch.txt
[2008/07/18 11:17:13 | 00,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\DSwitch.txt
[2008/07/18 11:17:13 | 00,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\AtStart.txt
[2008/07/18 11:17:11 | 00,108,864 | ---- | C] () -- C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/06/29 18:43:51 | 00,111,883 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/06/29 18:39:54 | 00,111,883 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/06/10 04:59:06 | 00,000,371 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 10:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 10:07:25 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 10:07:25 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 10:07:25 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:07:25 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:06 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 07:34:27 | 00,000,261 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

jvprn
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-11-23
OS OS : vista
Points Points : 25781
# Likes # Likes : 0

View user profile

Back to top Go down

Re: banker fox A+ win32/nugulE + system guard 2009

Post by Belahzur on Tue Nov 24, 2009 9:19 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying

    :OTL
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O4 - HKCU..\Run: [stlamgiv] C:\Users\owner\AppData\Local\kardwb\mogvsysguard.exe (Microsoft Corporation)


    :files
    C:\Users\owner\AppData\Local\kardwb


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: banker fox A+ win32/nugulE + system guard 2009

Post by jvprn on Wed Nov 25, 2009 6:30 pm

NOTEPAD is not working. I did find the OTL.txt from yesterday on the clipboard. Put it into my good computer to make sure it was in NOTEPAD..and put it back into the other one.

PROBLEM: with theOldtimer open...I cannot get the information into the CUSTOMSCAN/FIXES. RIGHT CLICK and CONTOL+V both failed to produce a PASTE. I cannot OPEN the file as NOTEPAD ..is that the issue?

Here are the results...of that scan...BTW..I thank you for your patience.

OTL logfile created on: 11/25/2009 12:43:16 PM - Run 3
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Users\owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.94 Gb Available Physical Memory | 73.46% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.97 Gb Total Space | 180.31 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive D: | 11.12 Gb Total Space | 1.86 Gb Free Space | 16.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.87 Gb Total Space | 1.75 Gb Free Space | 93.99% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/24 12:21:54 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2009/11/24 12:21:54 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2009/11/22 19:26:17 | 00,285,712 | ---- | M] (Microsoft Corporation) -- C:\Users\owner\AppData\Local\kardwb\mogvsysguard.exe
PRC - [2009/11/22 19:26:17 | 00,285,712 | ---- | M] (Microsoft Corporation) -- C:\Users\owner\AppData\Local\kardwb\mogvsysguard.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/01/21 15:32:06 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/07/03 17:32:00 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/07/03 17:32:00 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/07/03 17:32:00 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/24 01:52:06 | 00,112,008 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2008/04/24 01:51:58 | 00,292,232 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2008/04/15 19:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 19:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 19:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/15 19:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/03/26 17:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/02/21 17:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/01/20 21:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2008/01/20 21:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2007/01/09 04:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/09 04:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe


========== Modules (SafeList) ==========

MOD - [2009/11/24 12:21:54 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
MOD - [2009/07/17 09:35:11 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2008/02/29 01:53:38 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2008/01/20 21:52:09 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2008/01/20 21:50:01 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2008/01/20 21:49:43 | 01,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2008/01/20 21:49:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2008/01/20 21:49:32 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2008/01/20 21:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/04/15 13:18:44 | 00,246,272 | ---- | M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_48fbb870\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/03/18 18:25:40 | 00,023,040 | ---- | M] () -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/02/12 15:05:54 | 00,086,016 | ---- | M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 21:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 14:11:30 | 00,015,872 | ---- | M] () -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/26 21:05:12 | 00,182,768 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/15 14:46:29 | 01,245,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/08/04 10:20:16 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/27 13:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/24 13:23:39 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/07/03 17:32:00 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/06/19 20:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/19 20:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/04/24 01:52:06 | 00,112,008 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2008/04/24 01:51:58 | 00,292,232 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2008/04/15 19:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/04/15 15:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/03/26 17:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/21 17:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/02/07 13:23:34 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/01/25 20:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/01/20 21:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/20 21:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2007/12/04 19:41:34 | 00,181,784 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/08/22 03:22:08 | 00,267,096 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/09 04:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/11/02 10:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 08:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/03/19 15:34:18 | 00,029,544 | ---- | M] () -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/19 11:31:42 | 00,028,720 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/02/19 11:31:18 | 00,047,664 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2009/02/19 11:31:00 | 00,266,800 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/02/19 11:30:58 | 00,145,456 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2009/02/19 11:30:58 | 00,028,720 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV:64bit: - [2009/02/19 11:30:58 | 00,016,432 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV:64bit: - [2009/01/18 19:20:03 | 00,172,080 | ---- | M] () -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2008/07/30 16:55:06 | 00,025,424 | ---- | M] () -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon)
DRV:64bit: - [2008/06/29 18:14:49 | 01,374,712 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/06/29 18:14:49 | 01,374,712 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2008/06/10 10:58:48 | 00,170,496 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/05/22 22:29:00 | 00,054,816 | ---- | M] () -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/04/15 19:54:16 | 00,388,120 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/15 13:19:56 | 00,453,120 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/04/01 06:13:34 | 00,120,720 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/03/28 01:06:00 | 00,324,656 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/03/27 14:10:56 | 00,026,984 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 00,040,296 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 17:59:32 | 01,252,352 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/31 20:51:18 | 00,476,720 | ---- | M] () -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2008/01/31 20:51:18 | 00,440,880 | ---- | M] () -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2008/01/31 20:51:18 | 00,032,304 | ---- | M] () -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2008/01/24 08:24:24 | 00,060,928 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 21:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 21:46:57 | 01,523,712 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 21:46:57 | 00,724,480 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 21:46:57 | 00,286,720 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 21:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/07/11 12:30:34 | 00,009,088 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/06/18 19:13:12 | 00,018,432 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/11/29 17:24:49 | 00,024,064 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw) WAN Miniport (ATW)
DRV:64bit: - [2006/11/02 00:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/09 21:09:03 | 00,742,696 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV - [2009/08/26 03:00:00 | 00,475,696 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/08/26 03:00:00 | 00,132,656 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/25 03:00:00 | 01,742,896 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091122.003\EX64.SYS -- (NAVEX15)
DRV - [2009/08/25 03:00:00 | 00,116,272 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091122.003\ENG64.SYS -- (NAVENG)
DRV - [2009/02/09 17:59:12 | 00,370,224 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20091111.001\IDSviA64.sys -- (IDSvia64)
DRV - [2008/07/30 16:28:04 | 00,000,841 | ---- | M] () -- C:\Windows\SysWOW64\drivers\COH_Mon.inf -- (COH_Mon)
DRV - [2008/04/24 01:50:54 | 00,032,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2006/09/18 16:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 08:29:44 | 00,000,000 | ---D | M]

jvprn
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-11-23
OS OS : vista
Points Points : 25781
# Likes # Likes : 0

View user profile

Back to top Go down

Re: banker fox A+ win32/nugulE + system guard 2009

Post by jvprn on Wed Nov 25, 2009 6:48 pm

the rest of the report.................
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 08:29:44 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files (x86)\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Artisan 800(Network)] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIEMA.EXE File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [stlamgiv] C:\Users\owner\AppData\Local\kardwb\mogvsysguard.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1231b3a3-ea35-11dd-ab44-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{1231b3a3-ea35-11dd-ab44-00038a000015}\Shell\AutoRun\command - "" = F:\StormF1.exe -- File not found
O33 - MountPoints2\{a4f35123-d1f6-11dd-b8c9-00038a000015}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{c9bbc5b2-df5f-11dd-a6f5-00038a000015}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = wdsync.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (/p) - File not found
O34 - HKLM BootExecute: (\??\F:) - F: File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/25 12:41:31 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/25 12:33:47 | 00,000,000 | ---D | C] -- C:\5dc6c804a16bb8e3e69b20201408
[2009/11/24 12:32:52 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2009/11/23 14:52:53 | 00,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2009/11/23 14:52:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/11/23 14:52:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/11/23 14:52:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/22 22:28:47 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/22 22:28:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/11/22 22:28:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/11/22 21:51:48 | 00,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Symantec
[2009/11/22 20:38:55 | 77,086,488 | ---- | C] (Lavasoft ) -- C:\Users\owner\Desktop\Ad-AwareInstallation.exe
[2009/11/22 19:26:28 | 00,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\kardwb
[2009/11/12 09:40:23 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSDApi.dll
[2009/11/04 22:13:48 | 03,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/29 19:23:16 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2009/10/29 19:23:16 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2009/10/29 19:23:16 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2009/10/29 19:23:04 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2009/10/29 19:23:04 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2009/10/27 17:32:59 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2009/10/27 17:32:57 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/27 17:32:45 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2008/08/05 15:36:18 | 02,492,040 | ---- | C] (CANON INC.) -- C:\Program Files (x86)\VU600EN.exe

========== Files - Modified Within 30 Days ==========

[2009/11/25 12:43:17 | 02,359,296 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT
[2009/11/25 12:40:07 | 00,111,883 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/25 12:40:07 | 00,111,883 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/25 12:39:46 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/25 12:39:45 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/25 12:39:39 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/25 12:39:37 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/25 12:39:07 | 42,920,38656 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/25 12:36:20 | 00,524,288 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/11/25 12:36:20 | 00,065,536 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/11/25 12:35:04 | 00,001,034 | ---- | M] () -- C:\Users\owner\Desktop\mogvsysguard.exe - Shortcut.lnk
[2009/11/25 12:30:29 | 00,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6A791EC9-9F86-47E7-8568-67ED22AD00BB}.job
[2009/11/24 13:17:49 | 03,818,793 | -H-- | M] () -- C:\Users\owner\AppData\Local\IconCache.db
[2009/11/24 12:21:54 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2009/11/23 14:52:52 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/23 14:45:59 | 00,000,230 | ---- | M] () -- C:\Users\owner\Desktop\Run.lnk
[2009/11/22 22:34:38 | 00,001,073 | ---- | M] () -- C:\Users\owner\Desktop\Ad-Aware.lnk
[2009/11/22 22:28:48 | 00,000,183 | ---- | M] () -- C:\Users\owner\Desktop\Review of Optometry.url
[2009/11/22 22:28:46 | 00,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/11/22 20:35:36 | 77,086,488 | ---- | M] (Lavasoft ) -- C:\Users\owner\Desktop\Ad-AwareInstallation.exe
[2009/11/22 16:16:40 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/22 16:16:40 | 00,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/22 16:16:40 | 00,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/19 22:19:05 | 00,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForowner.job
[2009/11/19 19:34:10 | 00,000,214 | ---- | M] () -- C:\Users\owner\Desktop\people of WalMart.url
[2009/11/15 18:48:54 | 00,000,130 | ---- | M] () -- C:\Users\owner\Desktop\COPE.url
[2009/11/13 19:26:14 | 00,397,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/11/05 13:05:58 | 28,155,840 | ---- | M] () -- C:\Windows\SysNative\mrt.exe
[2009/10/27 20:40:39 | 00,000,923 | ---- | M] () -- C:\Users\owner\Desktop\Final Ant Seg Disease and CL Wearer with Mary Jo - Shortcut.lnk

========== Files Created - No Company Name ==========

[2009/11/25 12:35:04 | 00,001,034 | ---- | C] () -- C:\Users\owner\Desktop\mogvsysguard.exe - Shortcut.lnk
[2009/11/23 14:52:52 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/23 14:52:48 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/11/23 14:45:59 | 00,000,230 | ---- | C] () -- C:\Users\owner\Desktop\Run.lnk
[2009/11/22 22:34:38 | 00,001,073 | ---- | C] () -- C:\Users\owner\Desktop\Ad-Aware.lnk
[2009/11/22 22:28:46 | 00,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/11/19 19:34:10 | 00,000,214 | ---- | C] () -- C:\Users\owner\Desktop\people of WalMart.url
[2009/11/15 18:48:54 | 00,000,130 | ---- | C] () -- C:\Users\owner\Desktop\COPE.url
[2009/11/12 09:40:23 | 00,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2009/11/12 09:40:22 | 02,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2009/11/04 22:13:49 | 05,685,760 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/10/29 19:23:35 | 00,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2009/10/29 19:23:34 | 02,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2009/10/29 19:23:34 | 02,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2009/10/29 19:23:34 | 00,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2009/10/29 19:23:16 | 00,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2009/10/29 19:23:16 | 00,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2009/10/29 19:23:16 | 00,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2009/10/29 19:23:04 | 00,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2009/10/29 19:23:04 | 00,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2009/10/27 20:40:39 | 00,000,923 | ---- | C] () -- C:\Users\owner\Desktop\Final Ant Seg Disease and CL Wearer with Mary Jo - Shortcut.lnk
[2009/10/27 17:32:59 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/10/27 17:32:59 | 00,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2009/10/27 17:32:45 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/09/03 09:09:26 | 00,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/09/03 09:01:14 | 00,000,044 | ---- | C] () -- C:\Windows\EPART800.ini
[2009/04/25 19:58:55 | 00,000,000 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2008/12/18 21:06:24 | 00,000,108 | ---- | C] () -- C:\Windows\WFT-E2Utility.INI
[2008/08/15 11:40:32 | 00,007,680 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/18 11:45:36 | 03,818,793 | -H-- | C] () -- C:\Users\owner\AppData\Local\IconCache.db
[2008/07/18 11:17:13 | 00,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\QSwitch.txt
[2008/07/18 11:17:13 | 00,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\DSwitch.txt
[2008/07/18 11:17:13 | 00,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\AtStart.txt
[2008/07/18 11:17:11 | 00,108,864 | ---- | C] () -- C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/06/29 18:43:51 | 00,111,883 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/06/29 18:39:54 | 00,111,883 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/06/10 04:59:06 | 00,000,371 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 10:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 10:07:25 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 10:07:25 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 10:07:25 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:07:25 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:06 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 07:34:27 | 00,000,261 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
< End of report >

Happy Thanksgving!

jvprn
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-11-23
OS OS : vista
Points Points : 25781
# Likes # Likes : 0

View user profile

Back to top Go down

Re: banker fox A+ win32/nugulE + system guard 2009

Post by Belahzur on Wed Nov 25, 2009 7:34 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\Users\owner\AppData\Local\kardwb\mogvsysguard.exe

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "stlamgiv"=-


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: banker fox A+ win32/nugulE + system guard 2009

Post by jvprn on Sun Nov 29, 2009 1:32 am

I'm still here!
I manually extracted...
HKEY-CURRENT_USER\software\avscan
This allowed me to get A WIndows update. which allowed Malwarebyte to run and then to update.
THE BUGS ARE GONE!!

NEW PROBLEM:
Access to Documents and Settings is DENIED. I went into properties to TAKE control as administrator. That didn't work.

jvprn
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-11-23
OS OS : vista
Points Points : 25781
# Likes # Likes : 0

View user profile

Back to top Go down

documents and settings folder...others too.

Post by jvprn on Tue Dec 01, 2009 3:07 am

While clearing bankerA Fox..Win32\nugel and system guard 2009 I discovered this....
Access to Documents and Settings is DENIED.

I was supposed to look for ROGUE files in
Computer>c>users>documents and settings....on a Vista system. THe file was there but looked like it had a shortcut arrow. The folder is NOT password protected.

I checked the folder again after the other bugs were coompletely removed..and followed MSs directions on how to take control.I went into properties to TAKE control as administrator. That didn't work

BTW..the computer is functioning fine...but well...YOU tell me. What's up with this??
Thanks!
J

This post was merged in to this topic to prevent confusion. Please do not start a new topic, but reply in this topic. Thanks! ~ DragonMaster Jay


Last edited by DragonMaster Jay on Tue Dec 01, 2009 10:58 am; edited 5 times in total (Reason for editing : Merged topics)

jvprn
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-11-23
OS OS : vista
Points Points : 25781
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum