AV Suite/Malwareinfolist

View previous topic View next topic Go down

AV Suite/Malwareinfolist

Post by MarkNS on 19th October 2010, 11:38 pm

My computer was infected with AV8. I followed all suggested for the manual removal including using HijackThis and Malwarebytes along with the manual registry deletions but it persists.
When I ran HiJackThis I didn't see the
O4 – HKLM\..\Run: [random] c:\documents and settings\user\local settings\application data\random\random.exe
O4 – HKCU\..\Run: [random] c:\documents and settings\user\local settings\application data\random\random.exe
entries I was expecting.
When I run Firefox or Explorer I get taken to the MalwareInfolists.com site with the warning that the URL I was trying to get to was blocked. I've selected "no proxy server" in both the browsers but it doesn't help.

The OTL and Extras logfiles are below:


MarkNS
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-19
OS OS : Windows7
Points Points : 22543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Suite/Malwareinfolist

Post by MarkNS on 19th October 2010, 11:41 pm

OTL logfile created on: 19/10/2010 20:23:42 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = G:\
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.20 Gb Total Space | 142.57 Gb Free Space | 64.16% Space Free | Partition Type: NTFS
Drive D: | 10.68 Gb Total Space | 1.79 Gb Free Space | 16.77% Space Free | Partition Type: NTFS
Drive F: | 3.68 Gb Total Space | 3.30 Gb Free Space | 89.64% Space Free | Partition Type: FAT32
Drive G: | 7.47 Gb Total Space | 1.23 Gb Free Space | 16.41% Space Free | Partition Type: FAT32

Computer Name: JOAN-PC | User Name: Joan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/20 03:48:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- G:\OTL.com
PRC - [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/20 03:48:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- G:\OTL.com
MOD - [2010/08/21 02:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 22:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 22:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 22:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 22:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 22:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 22:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 22:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 22:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 22:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 22:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/10/19 17:57:46 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - [2010/10/17 08:35:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/16 12:08:52 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 22:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 22:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 22:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 22:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 22:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 22:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 22:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 22:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 22:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 22:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 22:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 22:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 22:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 22:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 22:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 22:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 22:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/20 14:47:53 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2008/10/06 14:54:52 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)


========== Driver Services (SafeList) ==========

DRV - [2010/07/16 12:08:57 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 12:08:47 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 10:28:38 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/11 04:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/02 04:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/13 22:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 22:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 22:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 22:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 22:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 22:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 22:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 22:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 22:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 22:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 22:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 22:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 22:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 22:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 22:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 22:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 22:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 22:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 22:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 22:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 22:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 22:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 22:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 22:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 22:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 22:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 22:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 22:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 22:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 22:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 22:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 22:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 22:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 22:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 22:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 22:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 22:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 22:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 21:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 21:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 21:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 20:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 20:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 20:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 20:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 20:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 20:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 20:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 20:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 20:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 20:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 20:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 20:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 20:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 20:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 20:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 19:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 19:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 19:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 19:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 19:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 19:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 19:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 19:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 19:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/10 18:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/04/23 11:33:34 | 000,064,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/10/03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/29 11:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/04/17 15:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/10/31 22:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 22:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 22:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 20:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 22:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "google.ca"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003
FF - prefs.js..extensions.enabledItems: {07E47276-7B44-4B9A-ACEC-3EE50A1E3650}:1.9.1
FF - prefs.js..keyword.URL: "http://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/11 19:47:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/11 19:54:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/10/11 19:47:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/11 20:00:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{07E47276-7B44-4B9A-ACEC-3EE50A1E3650}: C:\Windows\system32\config\systemprofile\AppData\Local\{07E47276-7B44-4B9A-ACEC-3EE50A1E3650}\ [2010/10/19 15:14:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/11 19:58:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/12 17:12:20 | 000,000,000 | ---D | M]

[2010/10/11 20:19:21 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Mozilla\Extensions
[2010/10/19 19:34:42 | 000,000,000 | ---D | M] -- C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\3s7s4dfs.default\extensions
[2010/10/11 20:19:22 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\3s7s4dfs.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/10/11 20:19:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\3s7s4dfs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/19 19:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/11 19:58:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/11 19:58:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/19 18:23:17 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [WeatherEye] C:\Users\Joan\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - C:\Windows\System32\FastUv32.dll ()
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: sdAuxService - Reg Error: Value error.
SafeBootMin: sdCoreService - Reg Error: Value error.

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: sdAuxService - Reg Error: Value error.
SafeBootNet: sdCoreService - Reg Error: Value error.

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2010/10/19 19:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/10/19 19:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/10/19 19:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/10/19 18:34:45 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\Malwarebytes
[2010/10/19 18:34:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/19 18:34:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/19 18:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/19 18:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/19 18:15:18 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe
[2010/10/19 18:15:18 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe
[2010/10/19 18:15:18 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe
[2010/10/19 18:15:18 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe
[2010/10/19 18:15:18 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.exe
[2010/10/19 18:15:18 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe
[2010/10/19 18:15:18 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe
[2010/10/19 18:15:18 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe
[2010/10/19 18:15:18 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe
[2010/10/19 18:15:18 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\Agent.OMZ.Fix.exe
[2010/10/19 18:15:18 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe
[2010/10/19 18:14:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/19 16:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/18 10:32:37 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Local\Diagnostics
[2010/10/17 08:35:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/10/15 12:21:22 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/10/15 12:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2010/10/13 16:26:50 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/13 16:26:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/13 16:26:49 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/13 16:26:49 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/13 16:26:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/13 16:26:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/13 16:26:48 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/13 16:26:48 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/13 16:26:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/13 16:26:48 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/13 16:26:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

MarkNS
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-19
OS OS : Windows7
Points Points : 22543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Suite/Malwareinfolist

Post by MarkNS on 19th October 2010, 11:42 pm

[2010/10/13 16:26:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/13 16:23:39 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/13 16:23:38 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/13 16:23:16 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/13 16:23:05 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/13 16:22:24 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/13 16:22:17 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010/10/13 16:20:35 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/10/13 16:20:35 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/10/13 16:20:28 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/10/13 16:20:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/10/13 16:20:01 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/10/13 16:20:01 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/10/13 16:19:11 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/10/13 16:16:50 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/10/13 16:16:50 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/10/13 16:16:49 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/10/13 16:15:46 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/10/13 06:35:00 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/10/12 23:17:40 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/10/12 23:17:40 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/10/12 23:17:40 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/10/12 23:17:39 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/10/12 23:17:39 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/10/12 23:12:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/10/12 23:12:14 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/10/12 23:12:14 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/10/12 23:12:14 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/10/12 23:12:08 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/10/12 23:12:08 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/10/12 23:11:52 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/10/12 23:11:46 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/10/12 23:11:46 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/10/12 23:11:46 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/10/12 23:11:46 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/10/12 23:11:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/10/12 23:11:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/10/12 23:11:45 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/10/12 23:11:45 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/10/12 17:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/12 06:22:16 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/10/12 06:22:16 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/10/12 06:22:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/10/12 00:36:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/10/12 00:25:12 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2010/10/12 00:14:22 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2010/10/11 21:14:27 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Local\ApplicationHistory
[2010/10/11 21:12:02 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/10/11 21:12:02 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/10/11 21:12:02 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/10/11 21:08:07 | 000,000,000 | -H-D | C] -- C:\Users\Joan\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/10/11 21:06:48 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/10/11 20:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/10/11 19:44:35 | 000,000,000 | --SD | C] -- C:\Users\Joan\AppData\Roaming\Microsoft
[2010/10/11 19:44:35 | 000,000,000 | R--D | C] -- C:\Users\Joan\Videos
[2010/10/11 19:44:35 | 000,000,000 | R--D | C] -- C:\Users\Joan\Saved Games
[2010/10/11 19:44:35 | 000,000,000 | R--D | C] -- C:\Users\Joan\Pictures
[2010/10/11 19:44:35 | 000,000,000 | R--D | C] -- C:\Users\Joan\Music
[2010/10/11 19:44:35 | 000,000,000 | R--D | C] -- C:\Users\Joan\Links
[2010/10/11 19:44:35 | 000,000,000 | R--D | C] -- C:\Users\Joan\Favorites
[2010/10/11 19:44:35 | 000,000,000 | R--D | C] -- C:\Users\Joan\Downloads
[2010/10/11 19:44:35 | 000,000,000 | R--D | C] -- C:\Users\Joan\My Documents
[2010/10/11 19:44:35 | 000,000,000 | R--D | C] -- C:\Users\Joan\Desktop
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\AppData\Local\Temporary Internet Files
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\Templates
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\Start Menu
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\SendTo
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\Recent
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\PrintHood
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\NetHood
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\Documents\My Videos
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\Documents\My Pictures
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\Documents\My Music
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\My Documents
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\Local Settings
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\AppData\Local\History
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\Cookies
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\Application Data
[2010/10/11 19:44:35 | 000,000,000 | -HSD | C] -- C:\Users\Joan\AppData\Local\Application Data
[2010/10/11 19:44:35 | 000,000,000 | -H-D | C] -- C:\Users\Joan\AppData
[2010/10/11 19:44:35 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Local\Temp
[2010/10/11 19:44:35 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Local\Microsoft
[2010/10/11 19:44:35 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\Media Center Programs
[2010/10/11 19:43:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2010/10/11 19:42:55 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/10/11 19:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/10/11 19:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/10/11 19:38:33 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/10/11 18:10:26 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\HPAppData
[2010/10/11 17:50:07 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Local\Microsoft Corporation
[2010/10/11 17:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/10/06 17:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/06 17:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/22 15:09:33 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\GTek

========== Files - Modified Within 30 Days ==========

[2010/10/20 03:01:16 | 000,507,360 | ---- | M] () -- C:\Users\Joan\Desktop\sdsetup_aff.exe
[2010/10/19 20:22:27 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-236737679-1575642315-1318895439-1000.job
[2010/10/19 19:26:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/19 19:26:30 | 2361,806,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/19 19:17:13 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/19 19:17:13 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/19 19:10:09 | 000,000,313 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/10/19 18:34:40 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 18:31:37 | 000,047,705 | ---- | M] () -- C:\Users\Joan\Desktop\HP Installation Error - Windows 7.hta
[2010/10/19 18:23:17 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/19 18:20:30 | 000,006,098 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/10/19 18:17:16 | 000,000,691 | ---- | M] () -- C:\Users\Joan\AppData\Roaming\GetValue.vbs
[2010/10/19 18:17:16 | 000,000,035 | ---- | M] () -- C:\Users\Joan\AppData\Roaming\SetValue.bat
[2010/10/19 18:14:14 | 328,257,093 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/19 18:13:25 | 000,196,962 | ---- | M] () -- C:\Windows\hpoins30.dat
[2010/10/19 18:13:15 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2010/10/19 18:11:12 | 000,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/10/19 18:06:03 | 000,640,132 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/19 18:06:03 | 000,115,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/19 17:57:46 | 000,053,248 | ---- | M] () -- C:\Windows\System32\FastUv32.dll
[2010/10/19 16:11:49 | 000,002,959 | ---- | M] () -- C:\Users\Joan\Desktop\HiJackThis.lnk
[2010/10/19 15:00:28 | 000,164,876 | ---- | M] () -- C:\Windows\hpoins30.dat.temp
[2010/10/19 08:01:34 | 066,570,953 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/10/17 11:10:48 | 000,629,443 | ---- | M] () -- C:\Users\Joan\Desktop\newhouse.JPG
[2010/10/15 12:21:18 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2010/10/15 08:36:11 | 000,485,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/14 09:35:06 | 000,000,238 | ---- | M] () -- C:\Users\Joan\Desktop\HP Windows 7 Full Feature Printer Software alert 1.url
[2010/10/12 17:12:20 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/12 10:09:43 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/12 00:36:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/10/11 21:10:31 | 000,002,125 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.0.lnk
[2010/10/11 21:08:14 | 000,001,407 | ---- | M] () -- C:\Users\Joan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/11 21:06:54 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/10/11 20:48:24 | 000,041,962 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/10/11 20:30:59 | 000,021,924 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2010/10/11 19:41:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/10/11 19:40:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/11 19:09:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/11 19:09:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/11 18:01:04 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/10/11 18:01:04 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/10/09 20:43:47 | 000,002,473 | ---- | M] () -- C:\Users\Joan\Desktop\Quit Meter.lnk
[2010/10/06 17:19:22 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/03 20:57:26 | 000,015,149 | ---- | M] () -- C:\Users\Joan\Documents\vicky chat.docx
[2010/10/03 08:32:17 | 000,033,807 | ---- | M] () -- C:\Users\Joan\Documents\sparkly coat2.jpg
[2010/09/24 10:51:00 | 025,955,328 | ---- | M] () -- C:\Users\Joan\Documents\My only other concern is when she.doc
[2010/09/24 10:23:27 | 000,002,609 | ---- | M] () -- C:\Users\Joan\Desktop\Microsoft Office Word 2003.lnk
[2010/09/21 15:41:51 | 000,694,612 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/09/21 15:41:51 | 000,136,354 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

========== Files Created - No Company Name ==========

[2010/10/19 20:20:14 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-236737679-1575642315-1318895439-1000.job
[2010/10/19 19:43:18 | 000,507,360 | ---- | C] () -- C:\Users\Joan\Desktop\sdsetup_aff.exe
[2010/10/19 18:34:40 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 18:31:37 | 000,047,705 | ---- | C] () -- C:\Users\Joan\Desktop\HP Installation Error - Windows 7.hta
[2010/10/19 18:17:16 | 000,000,691 | ---- | C] () -- C:\Users\Joan\AppData\Roaming\GetValue.vbs
[2010/10/19 18:17:16 | 000,000,035 | ---- | C] () -- C:\Users\Joan\AppData\Roaming\SetValue.bat
[2010/10/19 18:15:30 | 000,006,098 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010/10/19 18:15:18 | 000,075,776 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2010/10/19 18:15:18 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2010/10/19 18:15:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2010/10/19 18:14:14 | 328,257,093 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/19 18:13:15 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2010/10/19 17:57:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FastUv32.dll
[2010/10/19 16:11:49 | 000,002,959 | ---- | C] () -- C:\Users\Joan\Desktop\HiJackThis.lnk
[2010/10/18 10:25:34 | 000,164,876 | ---- | C] () -- C:\Windows\hpoins30.dat.temp
[2010/10/18 10:25:34 | 000,004,079 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/10/18 10:25:33 | 000,000,844 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
[2010/10/17 11:10:48 | 000,629,443 | ---- | C] () -- C:\Users\Joan\Desktop\newhouse.JPG
[2010/10/15 12:21:18 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2010/10/14 09:35:06 | 000,000,238 | ---- | C] () -- C:\Users\Joan\Desktop\HP Windows 7 Full Feature Printer Software alert 1.url
[2010/10/12 17:12:20 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/11 21:09:17 | 000,000,313 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/10/11 21:09:09 | 000,000,000 | ---- | C] () -- C:\Users\Joan\AppData\Local\QSwitch.txt
[2010/10/11 21:09:09 | 000,000,000 | ---- | C] () -- C:\Users\Joan\AppData\Local\DSwitch.txt
[2010/10/11 21:09:09 | 000,000,000 | ---- | C] () -- C:\Users\Joan\AppData\Local\AtStart.txt
[2010/10/11 21:06:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/11 20:49:59 | 2361,806,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/11 20:30:59 | 000,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/10/11 19:44:35 | 000,000,290 | ---- | C] () -- C:\Users\Joan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/11 19:44:35 | 000,000,272 | ---- | C] () -- C:\Users\Joan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/11 19:41:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/10/11 19:41:19 | 000,009,728 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/11 19:41:19 | 000,009,728 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/11 19:40:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/11 19:08:08 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/10/11 18:01:03 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/10/11 18:01:03 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/10/06 17:22:44 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/06 17:19:22 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/03 20:57:26 | 000,015,149 | ---- | C] () -- C:\Users\Joan\Documents\vicky chat.docx
[2010/10/03 08:32:17 | 000,033,807 | ---- | C] () -- C:\Users\Joan\Documents\sparkly coat2.jpg
[2010/09/24 10:50:55 | 025,955,328 | ---- | C] () -- C:\Users\Joan\Documents\My only other concern is when she.doc
[2009/09/23 23:25:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/04/03 18:38:11 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/03/05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/28 19:31:17 | 000,027,205 | ---- | C] () -- C:\Users\Joan\AppData\Roaming\Personal Address Book.ADR
[2009/02/28 19:25:40 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/06/29 11:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/01/20 23:24:38 | 000,032,769 | ---- | C] () -- C:\Windows\System32\ltltwin.dll
[2006/03/09 06:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Custom Scans ==========


< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 22:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/10/12 00:36:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/19 19:26:30 | 2361,806,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/19 19:26:34 | 3149,078,528 | -HS- | M] () -- C:\pagefile.sys
[2010/10/19 18:21:05 | 000,004,229 | ---- | M] () -- C:\rapport.txt
[2010/10/19 19:27:30 | 000,000,340 | ---- | M] () -- C:\rkill.log
[2010/07/15 09:26:16 | 000,000,184 | ---- | M] () -- C:\setup.log

< %PROGRAMFILES%*. >
[2010/10/11 19:46:58 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/10/15 16:37:12 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/10/11 19:47:03 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/10/11 19:47:03 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros
[2010/10/11 19:47:03 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/10/11 19:47:12 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2010/10/11 19:47:12 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/10/11 19:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2010/10/19 19:44:45 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/10/11 20:31:13 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/10/11 19:48:21 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/10/11 19:50:10 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/10/11 19:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/07/14 04:49:36 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2010/10/11 19:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2010/10/11 19:50:28 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/10/11 19:50:32 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/10/11 19:54:24 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/10/11 19:54:24 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard Company
[2010/10/19 18:13:15 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/10/11 19:57:08 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games
[2010/10/11 19:57:20 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/10/11 19:57:20 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/15 08:34:38 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/10/11 19:57:20 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/10/11 19:57:51 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/10/11 19:57:56 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/19 18:34:41 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 19:58:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/10/11 19:58:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/10/11 19:58:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/10/11 19:58:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/10/11 19:58:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/10/11 19:58:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/10/11 19:58:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/10/11 19:58:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/10/11 19:58:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/10/11 19:58:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/10/11 21:13:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/10/11 19:58:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/14 01:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/10/11 19:58:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2010/10/11 19:58:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/02/28 17:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/10/11 19:58:50 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2010/10/11 19:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2010/10/11 19:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\NetZeroPreloader
[2010/10/11 19:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2010/10/11 19:58:53 | 000,000,000 | R--D | M] -- C:\Program Files\Online Services
[2010/10/11 19:58:55 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTax 2009
[2010/10/11 19:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/10/11 19:59:13 | 000,000,000 | ---D | M] -- C:\Program Files\real
[2010/10/11 19:59:13 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/07/14 01:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/10/11 19:59:15 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2010/10/11 19:59:24 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/10/11 19:59:28 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/10/11 19:59:29 | 000,000,000 | ---D | M] -- C:\Program Files\SMINST
[2010/10/11 19:59:29 | 000,000,000 | ---D | M] -- C:\Program Files\Softland
[2010/10/11 19:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/10/19 20:02:49 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2010/10/11 19:41:17 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/10/11 19:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\TheWeatherNetwork
[2010/10/19 16:11:49 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/10/15 12:21:18 | 000,000,000 | ---D | M] -- C:\Program Files\TweetDeck
[2009/07/14 01:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/11 19:59:33 | 000,000,000 | ---D | M] -- C:\Program Files\V-CC
[2010/10/11 19:59:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/10/11 19:59:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/07/14 01:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/10/11 19:59:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/10/11 19:59:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/10/11 19:59:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/10/15 08:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/15 08:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 01:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/10/11 19:59:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/07/14 01:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 01:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/10/11 19:59:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/10/11 19:59:49 | 000,000,000 | ---D | M] -- C:\Program Files\WordBiz

< %appdata%*.* >
[2009/07/14 21:18:30 | 000,000,006 | -HS- | M] () -- C:\Users\Joan\AppData\Roaming\desktop.ini
[2010/10/19 18:17:16 | 000,000,691 | ---- | M] () -- C:\Users\Joan\AppData\Roaming\GetValue.vbs
[2009/02/28 19:31:17 | 000,027,205 | ---- | M] () -- C:\Users\Joan\AppData\Roaming\Personal Address Book.ADR
[2010/10/19 18:17:16 | 000,000,035 | ---- | M] () -- C:\Users\Joan\AppData\Roaming\SetValue.bat


< MD5 for: AGP440.SYS >
[2009/07/13 22:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 22:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 22:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 22:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 22:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/13 22:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/13 22:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/13 22:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: EVENTLOG.DLL >
[2007/05/18 02:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 22:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 22:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 22:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 22:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 22:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 22:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 22:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 22:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 22:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 22:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/13 20:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/07/13 20:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_83027f5d5b2468d3\USBSTOR.SYS
[2009/07/13 20:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_485ca4d9f926b0b4\USBSTOR.SYS

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Joan\Documents\university issues.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Joan\Documents\request to reduce.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Joan\Documents\recipes.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Joan\Documents\pembridge claim cover page.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Joan\Documents\paans 2009 poster.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Joan\Documents\my new tattoo.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Joan\Documents\millennium scholarship fax.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Joan\Documents\mediablitzvicky no home care.doc:Roxio EMC Stream
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

MarkNS
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-19
OS OS : Windows7
Points Points : 22543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Suite/Malwareinfolist

Post by MarkNS on 19th October 2010, 11:43 pm

OTL Extras logfile created on: 19/10/2010 20:23:43 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = G:\
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.20 Gb Total Space | 142.57 Gb Free Space | 64.16% Space Free | Partition Type: NTFS
Drive D: | 10.68 Gb Total Space | 1.79 Gb Free Space | 16.77% Space Free | Partition Type: NTFS
Drive F: | 3.68 Gb Total Space | 3.30 Gb Free Space | 89.64% Space Free | Partition Type: FAT32
Drive G: | 7.47 Gb Total Space | 1.23 Gb Free Space | 16.41% Space Free | Partition Type: FAT32

Computer Name: JOAN-PC | User Name: Joan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81D03995-27AC-4C2B-8401-F6B07938658B}" = Quit Meter
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9DC11D9A-6DCD-4064-8363-63914A0122AB}" = C4500
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}" = Harry Potter and the Prisoner of Azkaban(TM)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AA6F009F-0CCD-4DD6-A462-28419C101D54}" = HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter and the Order of the Phoenix™
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CF408B76-8698-4298-B549-5E6A94931B64}" = PS_AIO_04_C4500_Software_Min
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EFA27A6C-DF46-568B-4BB1-1DBD064F67A8}" = TweetDeck
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18456CF-7ABB-4FD1-B99E-0B7CCB62CCFD}" = .NET Utilities
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"AVG9Uninstall" = AVG Free 9.0
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digital Editions" = Adobe Digital Editions
"doPDF 6 printer_is1" = doPDF 6.2 printer
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Internet Scrabble Club_is1" = WordBiz version 1.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"STANDARDR" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WeatherEye" = WeatherEye

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

MarkNS
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-19
OS OS : Windows7
Points Points : 22543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Suite/Malwareinfolist

Post by Belahzur on 20th October 2010, 11:23 pm

Hello.

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AV Suite/Malwareinfolist

Post by MarkNS on 21st October 2010, 11:11 am

Thanks for the directions. Here's ComboFix.txt:

ComboFix 10-10-20.04 - Joan 21/10/2010 7:52:38.1.2 - x86
Running from: C:\Users\Joan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Recent\Mark Terhune.jpg
C:\Windows\system32\404Fix.exe
C:\Windows\system32\Agent.OMZ.Fix.exe
C:\Windows\system32\dumphive.exe
C:\Windows\system32\IEDFix.C.exe
C:\Windows\system32\IEDFix.exe
C:\Windows\system32\o4Patch.exe
C:\Windows\system32\Process.exe
C:\Windows\system32\SrchSTS.exe
C:\Windows\system32\tmp.reg
C:\Windows\system32\VACFix.exe
C:\Windows\system32\VCCLSID.exe
C:\Windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))
.

2010-10-21 11:02:04 . 2010-10-21 11:02:04 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-10-20 18:16:09 . 2010-10-20 18:16:15 -------- d-----w- C:\Program Files\Safari
2010-10-19 22:43:18 . 2010-10-19 23:02:48 -------- d-----w- C:\ProgramData\PC Tools
2010-10-19 21:34:37 . 2010-04-29 18:39:38 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-10-19 21:34:36 . 2010-10-19 21:34:41 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-19 21:34:36 . 2010-10-19 21:34:36 -------- d-----w- C:\ProgramData\Malwarebytes
2010-10-19 21:34:36 . 2010-04-29 18:39:26 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys
2010-10-19 19:11:49 . 2010-10-19 19:11:49 -------- d-----w- C:\Program Files\Trend Micro
2010-10-19 18:14:45 . 2010-10-19 18:14:45 0 ----a-w- C:\Windows\system32\config\systemprofile\AppData\Local\Ltatogehusucamu.bin
2010-10-19 18:14:38 . 2010-10-19 18:14:38 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\{07E47276-7B44-4B9A-ACEC-3EE50A1E3650}
2010-10-17 11:35:03 . 2010-10-17 11:35:06 -------- d-----w- C:\Windows\system32\Wat
2010-10-15 15:21:17 . 2010-10-15 15:21:18 -------- d-----w- C:\Program Files\TweetDeck
2010-10-13 19:23:46 . 2010-08-21 05:33:24 530432 ----a-w- C:\Windows\system32\comctl32.dll
2010-10-13 19:23:39 . 2010-08-31 04:32:30 954752 ----a-w- C:\Windows\system32\mfc40.dll
2010-10-13 19:23:38 . 2010-08-31 04:32:30 954288 ----a-w- C:\Windows\system32\mfc40u.dll
2010-10-13 19:23:17 . 2010-09-01 04:26:04 164864 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-13 19:23:16 . 2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\system32\wmploc.DLL
2010-10-13 19:23:05 . 2010-09-01 02:34:52 2327552 ----a-w- C:\Windows\system32\win32k.sys
2010-10-13 19:22:32 . 2010-08-27 05:46:48 168448 ----a-w- C:\Windows\system32\srvsvc.dll
2010-10-13 19:22:32 . 2010-08-27 03:31:30 310784 ----a-w- C:\Windows\system32\drivers\srv.sys
2010-10-13 19:22:32 . 2010-08-27 03:30:47 308736 ----a-w- C:\Windows\system32\drivers\srv2.sys
2010-10-13 19:22:32 . 2010-08-27 03:30:40 113664 ----a-w- C:\Windows\system32\drivers\srvnet.sys
2010-10-13 19:22:24 . 2010-08-21 05:36:33 738816 ----a-w- C:\Windows\system32\wmpmde.dll
2010-10-13 19:22:17 . 2010-05-05 06:46:55 363520 ----a-w- C:\Windows\system32\StructuredQuery.dll
2010-10-13 19:22:09 . 2010-06-14 06:12:30 1286016 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2010-10-13 19:21:40 . 2009-09-26 05:58:35 194488 ----a-w- C:\Windows\system32\drivers\fvevol.sys
2010-10-13 19:21:34 . 2010-08-21 05:32:37 316928 ----a-w- C:\Windows\system32\spoolsv.exe
2010-10-13 19:20:35 . 2010-07-29 06:30:49 197632 ----a-w- C:\Windows\system32\ir32_32.dll
2010-10-13 19:20:35 . 2010-07-29 06:30:34 82944 ----a-w- C:\Windows\system32\iccvid.dll
2010-10-13 19:20:28 . 2009-10-31 05:45:39 2614272 ----a-w- C:\Windows\explorer.exe
2010-10-13 19:20:28 . 2009-10-28 06:17:59 285696 ----a-w- C:\Windows\system32\winlogon.exe
2010-10-13 19:20:24 . 2010-06-19 06:15:54 2048 ----a-w- C:\Windows\system32\tzres.dll
2010-10-13 19:20:08 . 2009-08-29 06:57:31 34816 ----a-w- C:\Windows\system32\msasn1.dll
2010-10-13 19:20:01 . 2009-12-11 07:44:02 133720 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2010-10-13 19:20:01 . 2009-12-11 07:38:58 1037312 ----a-w- C:\Windows\system32\lsasrv.dll
2010-10-13 19:19:11 . 2010-06-19 06:23:50 37376 ----a-w- C:\Windows\system32\rtutils.dll
2010-10-13 19:19:05 . 2010-03-04 07:33:28 1619968 ----a-w- C:\Program Files\Windows Mail\msoe.dll
2010-10-13 19:19:04 . 2010-03-04 07:33:23 740864 ----a-w- C:\Windows\system32\inetcomm.dll
2010-10-13 19:18:57 . 2010-06-08 06:02:06 1233920 ----a-w- C:\Windows\system32\msxml3.dll
2010-10-13 19:18:51 . 2010-03-24 06:37:04 1286456 ----a-w- C:\Windows\system32\ntdll.dll
2010-10-13 19:16:50 . 2009-10-02 04:06:59 728648 ----a-w- C:\Windows\system32\drivers\dxgkrnl.sys
2010-10-13 19:16:50 . 2009-09-03 07:04:15 1320960 ----a-w- C:\Windows\system32\CertEnroll.dll
2010-10-13 19:16:50 . 2009-08-19 07:20:31 507568 ----a-w- C:\Windows\system32\winload.exe
2010-10-13 19:16:49 . 2009-08-19 07:20:32 442920 ----a-w- C:\Windows\system32\winresume.exe
2010-10-13 19:15:46 . 2010-03-05 07:42:42 67584 ----a-w- C:\Windows\system32\asycfilt.dll
2010-10-13 09:40:03 . 2009-09-10 05:52:05 257024 ----a-w- C:\Windows\system32\msv1_0.dll
2010-10-13 09:35:00 . 2010-03-04 04:04:40 146304 ----a-w- C:\Windows\system32\drivers\usbvideo.sys
2010-10-13 09:35:00 . 2010-03-04 03:57:55 190976 ----a-w- C:\Windows\system32\drivers\ks.sys
2010-10-13 02:17:40 . 2010-05-09 09:14:55 641536 ----a-w- C:\Windows\system32\CPFilters.dll
2010-10-13 02:17:40 . 2010-05-09 09:14:50 417792 ----a-w- C:\Windows\system32\msdri.dll
2010-10-13 02:17:40 . 2010-05-09 09:13:30 204288 ----a-w- C:\Windows\system32\MSNP.ax
2010-10-13 02:17:39 . 2010-05-09 09:13:30 199680 ----a-w- C:\Windows\system32\mpg2splt.ax
2010-10-13 02:17:39 . 2009-12-13 09:30:50 465408 ----a-w- C:\Windows\system32\psisdecd.dll
2010-10-13 02:11:52 . 2010-03-08 21:33:56 427520 ----a-w- C:\Windows\system32\vbscript.dll
2010-10-13 02:11:46 . 2010-01-18 23:29:31 85504 ----a-w- C:\Windows\system32\secproc_ssp_isv.dll
2010-10-13 02:11:46 . 2010-01-18 23:29:31 85504 ----a-w- C:\Windows\system32\secproc_ssp.dll
2010-10-13 02:11:46 . 2010-01-18 23:29:31 365568 ----a-w- C:\Windows\system32\secproc_isv.dll
2010-10-13 02:11:46 . 2010-01-18 23:29:30 369152 ----a-w- C:\Windows\system32\secproc.dll
2010-10-13 02:11:46 . 2010-01-18 23:28:33 324608 ----a-w- C:\Windows\system32\RMActivate_isv.exe
2010-10-13 02:11:46 . 2010-01-18 23:28:30 320512 ----a-w- C:\Windows\system32\RMActivate.exe
2010-10-13 02:11:45 . 2010-01-18 23:28:33 277504 ----a-w- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-10-13 02:11:45 . 2010-01-18 23:28:30 280064 ----a-w- C:\Windows\system32\RMActivate_ssp.exe
2010-10-13 02:11:37 . 2010-02-27 07:32:26 221696 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
2010-10-13 02:11:37 . 2010-02-27 07:32:05 123392 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys
2010-10-13 02:11:36 . 2010-08-27 05:30:52 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-10-13 02:11:36 . 2010-02-27 07:32:12 95744 ----a-w- C:\Windows\system32\drivers\mrxsmb20.sys
2010-10-12 20:12:13 . 2010-10-12 20:12:18 -------- d-----w- C:\Program Files\Common Files\Adobe
2010-10-12 09:22:16 . 2010-05-27 03:49:37 293888 ----a-w- C:\Windows\system32\atmfd.dll
2010-10-12 09:22:16 . 2009-10-19 14:10:06 70656 ----a-w- C:\Windows\system32\fontsub.dll
2010-10-12 09:22:15 . 2010-05-27 07:24:13 34304 ----a-w- C:\Windows\system32\atmlib.dll
2010-10-12 03:36:58 . 2010-10-12 00:06:51 -------- d-----w- C:\Windows\Panther
2010-10-12 03:25:12 . 2010-10-11 23:33:34 -------- d-----w- C:\$WINDOWS.~Q
2010-10-12 03:14:22 . 2010-10-12 03:19:48 -------- d-----w- C:\$INPLACE.~TR
2010-10-12 00:12:49 . 2009-12-29 06:55:34 172032 ----a-w- C:\Windows\system32\wintrust.dll
2010-10-12 00:12:48 . 2010-01-09 06:52:59 132608 ----a-w- C:\Windows\system32\cabview.dll
2010-10-12 00:12:02 . 2009-11-25 15:47:34 99176 ----a-w- C:\Windows\system32\PresentationHostProxy.dll
2010-10-12 00:12:02 . 2009-11-25 15:47:34 49472 ----a-w- C:\Windows\system32\netfxperf.dll
2010-10-12 00:12:02 . 2009-11-25 15:47:34 297808 ----a-w- C:\Windows\system32\mscoree.dll
2010-10-12 00:12:02 . 2009-11-25 15:47:34 295264 ----a-w- C:\Windows\system32\PresentationHost.exe
2010-10-12 00:12:02 . 2009-11-25 15:47:34 1130824 ----a-w- C:\Windows\system32\dfshim.dll
2010-10-12 00:06:48 . 2010-10-12 00:06:49 -------- d-----w- C:\Recovery
2010-10-11 23:56:21 . 2010-10-21 10:57:46 -------- d-----w- C:\Windows\system32\wbem\Performance
2010-10-11 23:24:03 . 2010-10-11 23:24:03 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help
2010-10-11 22:44:35 . 2010-10-12 00:07:06 -------- d-----w- C:\Users\Joan
2010-10-11 22:43:14 . 2010-10-11 22:43:14 -------- d-----w- C:\Windows\system32\URTTEMP
2010-10-11 22:42:55 . 2010-10-20 18:16:16 -------- d-sh--w- C:\Windows\Installer
2010-10-11 22:41:17 . 2010-10-11 22:41:17 -------- d-----w- C:\Program Files\Synaptics
2010-10-11 22:40:59 . 2010-10-11 22:48:21 -------- d-----w- C:\Program Files\CONEXANT
2010-10-11 20:46:51 . 2010-10-11 22:58:42 -------- d-----w- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2010-10-06 20:21:59 . 2010-10-11 22:57:20 -------- d-----w- C:\Program Files\iPod
2010-10-06 20:15:57 . 2010-10-11 22:47:12 -------- d-----w- C:\Program Files\Bonjour
2010-09-22 21:10:52 . 2010-09-22 21:10:52 103864 ----a-w- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 21:10:52 . 2010-09-22 21:10:52 103864 ----a-w- C:\Program Files\Internet Explorer\plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.


MarkNS
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-19
OS OS : Windows7
Points Points : 22543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Suite/Malwareinfolist

Post by MarkNS on 21st October 2010, 11:15 am

I don't know if this matters but I downloaded Safari yesterday and it was immediately affected, redirecting to malwareinfolist.com as soon as I opened it.

MarkNS
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-19
OS OS : Windows7
Points Points : 22543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Suite/Malwareinfolist

Post by Belahzur on 21st October 2010, 11:55 pm

Hello.

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AV Suite/Malwareinfolist

Post by MarkNS on 22nd October 2010, 12:32 am

Here it is:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:29 on 21/10/2010 (Joan)
Firefox version 3.6.10 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{07E47276-7B44-4B9A-ACEC-3EE50A1E3650} -> Success!
Deleting C:\Windows\system32\config\systemprofile\AppData\Local\{07E47276-7B44-4B9A-ACEC-3EE50A1E3650} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [13:30 14/09/2009]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [22:35 20/10/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [23:35 23/11/2009]
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [11:59 31/03/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [11:30 02/06/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [13:03 02/08/2010]

C:\Users\Joan\Application Data\Mozilla\Firefox\Profiles\3s7s4dfs.default\extensions\
{02450954-cdd9-410f-b1da-db804e18c671} [11:09 26/03/2010]
{20a82645-c095-46ed-80e3-08825760534b} [13:33 14/09/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"avg@igeared"="C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared" [23:04 04/10/2010]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [11:15 01/05/2010]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [21:03 28/02/2009]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [12:06 10/03/2010]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [10:07 01/04/2010]

-=E.O.F=-

MarkNS
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-19
OS OS : Windows7
Points Points : 22543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Suite/Malwareinfolist

Post by MarkNS on 22nd October 2010, 2:56 pm

I think I fixed it! In earlier instructions there was a winFD registry entry that had to be deleted. I didn't see that in my registry although there was a winJC entry which I was reluctant to remove as I didn't know what it was. I just removed it and the redirects have stopped.

Thanks for all your help and I hope you can use what I found to help others.
This is a great site.

MarkNS
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-19
OS OS : Windows7
Points Points : 22543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Suite/Malwareinfolist

Post by Belahzur on 22nd October 2010, 11:33 pm

Nope, you also had a sneaky Goored infection. ;)

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AV Suite/Malwareinfolist

Post by MarkNS on 23rd October 2010, 12:32 am

Ok, I'm doing all that (scan is running on the infected computer) but I'm not sure why. All the symptoms have disappeared.

MarkNS
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-10-19
OS OS : Windows7
Points Points : 22543
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum