Trojan

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Trojan

Post by Itachi21 on Tue Oct 26, 2010 9:14 pm

A Trojan is causing my fiance's computer to keep restarting every time I log onto her account. I can't access her computer and I am doing the GeekPolice academy but I haven't gotten to that part yet.

It sets it to a blue screen when I log onto her account.


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Tue Oct 26, 2010 11:45 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Wed Oct 27, 2010 3:24 am

The problem is the computer wont let me run any program cause by the time it does it goes to what I call the Blue Screen of Death and then restarts.


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Thu Oct 28, 2010 12:33 am

Hello.

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.

Try OTL now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Thu Oct 28, 2010 1:19 pm

I can't get it to stay long enough to execute the rkill program. What is safe mode, and should I do that instead to run rkill to stop the Trojan?


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Fri Oct 29, 2010 3:34 am

bump


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Fri Oct 29, 2010 5:22 pm

Hello.

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Try RKill now, plus OTL.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Fri Oct 29, 2010 6:40 pm

Ok rkill didnt run under any of the 3 names. I did get OTL to run and here are the results.

OTL logfile created on: 10/29/2010 2:34:52 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Amanda\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 180.05 Gb Free Space | 82.52% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.39 Gb Free Space | 99.15% Space Free | Partition Type: FAT32

Computer Name: MITTENSANGEL | User Name: Amanda | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/29 14:11:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe


========== Modules (SafeList) ==========

MOD - [2010/10/29 14:11:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 21:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 21:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/24 13:16:08 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/02/17 16:45:16 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/07/01 08:25:59 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/06/04 00:27:09 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/07/12 14:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/06/11 23:01:32 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/02/17 16:52:42 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/02/17 16:52:42 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/02/17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010/02/17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/12/26 03:41:32 | 000,280,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/11/06 23:05:32 | 007,370,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/07 04:49:27 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 250(UVC)
DRV:64bit: - [2009/10/07 04:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 04:45:37 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/15 00:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/18 10:15:16 | 000,041,032 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/19 23:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/04/09 14:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z006&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z006&form=ZGAADF&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/18 12:32:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/18 12:32:04 | 000,000,000 | ---D | M]

[2010/10/20 12:27:34 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2010/10/20 12:27:34 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/06/12 14:43:11 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/20 11:22:42 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\extensions
[2010/08/25 12:49:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/04 11:52:47 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\extensions\searchtoolbar@zugo.com
[2010/07/25 19:24:14 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\extensions\sudoku@matt.fraser
[2010/07/20 15:21:37 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\extensions\textlinks@playsushi.com
[2010/09/28 14:46:27 | 000,002,565 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\searchplugins\askcom.xml
[2010/10/04 11:55:54 | 000,001,919 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\searchplugins\bing-zugo.xml
[2010/09/18 12:26:54 | 000,002,155 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\searchplugins\MyStart Search.xml
[2010/07/30 14:10:17 | 000,010,025 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\searchplugins\mywebsearch.xml
[2010/07/28 19:02:26 | 000,004,140 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\ml3ke5zf.default\searchplugins\youtube.xml
[2010/06/11 22:49:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files (x86)\PlaySushi\PSText.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\Amanda\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files (x86)\PlaySushi\PSText.dll ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Amanda\AppData\Roaming\hotfix.exe) - C:\Users\Amanda\AppData\Roaming\hotfix.exe ()
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{315fe9b1-6fa0-11df-bde8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{315fe9b1-6fa0-11df-bde8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{315fe9b1-6fa0-11df-bde8-806e6f6e6963}\Shell\LVIPCAP\command - "" = Tool - Amcap&8.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/29 14:22:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2010/10/26 17:19:17 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2010/10/21 21:26:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/20 12:27:32 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\IMVU
[2010/10/20 12:27:22 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\IMVUClient
[2010/10/14 13:53:56 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 13:53:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 13:53:55 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 13:53:53 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 13:53:51 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/14 13:53:49 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 13:53:48 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 13:53:48 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 13:53:48 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 13:53:42 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 13:53:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 13:53:41 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 13:53:41 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 13:53:41 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 13:53:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 13:53:41 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 13:53:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 13:53:41 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 13:53:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 13:53:40 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 13:53:40 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 13:53:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 13:53:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 13:53:37 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 13:53:34 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 13:53:33 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 13:53:32 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 13:53:31 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/09 15:46:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2010/10/09 15:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2010/10/09 15:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/10/09 15:46:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0207030.022
[2010/10/09 15:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/10/09 15:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/10/09 15:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/10/09 10:55:15 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\DivX
[2010/10/09 10:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/10/09 10:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/10/09 10:52:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/10/09 10:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/10/09 10:51:40 | 000,876,824 | ---- | C] (DivX, Inc. ) -- C:\Users\Amanda\Desktop\DivXInstaller.exe
[2010/10/04 11:52:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Toolbar
[2010/09/30 18:25:26 | 006,379,288 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lvuvc64.sys
[2010/09/30 18:25:26 | 000,767,000 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUI64.dll
[2010/09/30 18:25:26 | 000,559,640 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUIRC64.dll
[2010/09/30 18:25:26 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2RC.dll
[2010/09/30 18:25:26 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2.dll
[2010/09/30 18:25:26 | 000,416,280 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\lvcodec2.dll
[2010/09/30 18:25:26 | 000,398,360 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\lvcod64.dll
[2010/09/30 18:25:19 | 000,327,704 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lvrs64.sys
[2010/09/30 18:25:19 | 000,271,640 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lvpopf64.sys
[2010/09/30 18:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2010/09/30 18:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2010/09/29 15:52:13 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Documents\SightSpeed Recordings

========== Files - Modified Within 30 Days ==========

[2010/10/29 14:27:18 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/29 14:27:18 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/29 14:27:18 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/29 14:20:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/29 14:19:17 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/29 14:18:15 | 000,001,507 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/10/29 14:11:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2010/10/28 09:29:28 | 347,242,909 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/26 17:10:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-535494546-3647714240-3240444239-1001UA.job
[2010/10/26 17:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-535494546-3647714240-3240444239-1001Core.job
[2010/10/21 21:22:58 | 000,000,187 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\34718.bat
[2010/10/21 21:22:57 | 000,514,560 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\hotfix.exe
[2010/10/21 19:35:30 | 000,000,500 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Amanda.job
[2010/10/21 17:13:02 | 000,002,410 | ---- | M] () -- C:\Users\Amanda\Desktop\Google Chrome.lnk
[2010/10/20 12:39:15 | 000,000,926 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2010/10/20 12:27:28 | 000,001,888 | ---- | M] () -- C:\Users\Amanda\Desktop\IMVU.lnk
[2010/10/20 12:25:55 | 000,077,416 | ---- | M] () -- C:\Users\Amanda\Desktop\InstallIMVU_444.0_st.exe
[2010/10/20 11:19:26 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/20 11:19:26 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 15:40:31 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/09 15:46:27 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
[2010/10/09 10:55:36 | 000,001,618 | ---- | M] () -- C:\Users\Amanda\Desktop\DivX Movies.lnk
[2010/10/09 10:55:14 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/10/09 10:54:47 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/10/09 10:51:41 | 000,876,824 | ---- | M] (DivX, Inc. ) -- C:\Users\Amanda\Desktop\DivXInstaller.exe
[2010/10/01 13:40:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/09/30 19:06:58 | 000,001,163 | ---- | M] () -- C:\Users\Amanda\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/09/30 19:06:58 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/09/30 18:27:10 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2010/09/30 18:23:28 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk

========== Files Created - No Company Name ==========

[2010/10/21 21:26:21 | 347,242,909 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/21 21:22:58 | 000,000,187 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\34718.bat
[2010/10/21 21:22:57 | 000,514,560 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\hotfix.exe
[2010/10/20 12:39:15 | 000,000,926 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2010/10/20 12:27:28 | 000,001,888 | ---- | C] () -- C:\Users\Amanda\Desktop\IMVU.lnk
[2010/10/20 12:25:55 | 000,077,416 | ---- | C] () -- C:\Users\Amanda\Desktop\InstallIMVU_444.0_st.exe
[2010/10/09 15:46:30 | 000,000,500 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Amanda.job
[2010/10/09 15:46:27 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
[2010/10/09 10:55:36 | 000,001,618 | ---- | C] () -- C:\Users\Amanda\Desktop\DivX Movies.lnk
[2010/10/09 10:55:14 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/10/09 10:54:47 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/09/30 19:06:58 | 000,001,163 | ---- | C] () -- C:\Users\Amanda\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/09/30 19:06:58 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/09/30 18:27:10 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2010/09/30 18:25:19 | 000,082,289 | ---- | C] () -- C:\Windows\SysNative\lvcoin64.ini
[2010/09/30 18:25:19 | 000,034,068 | ---- | C] () -- C:\Windows\SysNative\Repository.reg
[2010/09/30 18:23:28 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

< End of report >


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Fri Oct 29, 2010 6:41 pm

OTL Extras logfile created on: 10/29/2010 2:34:52 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Amanda\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 180.05 Gb Free Space | 82.52% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.39 Gb Free Space | 99.15% Space Free | Partition Type: FAT32

Computer Name: MITTENSANGEL | User Name: Amanda | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"Dell Dock" = Dell Dock
"DivX Setup.divx.com" = DivX Setup
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LimeWire" = LimeWire 5.5.9
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSC" = McAfee SecurityCenter
"Network Play System (Patching)" = Network Play System (Patching)
"NSS" = Norton Security Scan
"PhotoMail" = PhotoMail Maker
"Playsushi" = Playsushi
"Search Toolbar" = Search Toolbar
"The Sims" = The Sims
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2010 3:46:18 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/29/2010 9:21:32 PM | Computer Name = MittensAngel | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: The
remote name could not be resolved: 'wsvcdell.backup.com' at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 9/30/2010 5:32:39 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/30/2010 7:06:21 PM | Computer Name = MittensAngel | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 1.9.2.3909,
time stamp: 0x4c8fdc89 Faulting module name: ntdll.dll, version: 6.1.7600.16559,
time stamp: 0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x00022262 Faulting
process id: 0xee8 Faulting application start time: 0x01cb60f0bfad9be6 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 568956aa-cce7-11df-b371-a4badbc7e273

Error - 9/30/2010 7:21:26 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/1/2010 1:41:23 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/1/2010 2:22:12 PM | Computer Name = MittensAngel | Source = Application Error | ID = 1000
Description = Faulting application name: YAHOOM~1.EXE, version: 10.0.0.1270, time
stamp: 0x4c053ffe Faulting module name: ymsdk.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4c0540c3 Exception code: 0xc0000005 Fault offset: 0x6109427d Faulting process
id: 0x5f0 Faulting application start time: 0x01cb60f439af9ecb Faulting application
path: C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE Faulting module path: ymsdk.dll Report
Id: cecfc335-cd88-11df-b371-a4badbc7e273

Error - 10/1/2010 7:57:45 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/2/2010 7:38:52 AM | Computer Name = MittensAngel | Source = Google Update | ID = 20
Description =

Error - 10/2/2010 8:04:05 AM | Computer Name = MittensAngel | Source = Google Update | ID = 20
Description =

[ Media Center Events ]
Error - 10/7/2010 11:10:19 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 11:10:15 AM - Error connecting to the internet. 11:10:15 AM - Unable
to contact server..

Error - 10/9/2010 3:15:19 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 3:15:05 AM - Error connecting to the internet. 3:15:05 AM - Unable
to contact server..

Error - 10/9/2010 4:15:43 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 4:15:36 AM - Error connecting to the internet. 4:15:36 AM - Unable
to contact server..

Error - 10/9/2010 5:16:02 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 5:16:00 AM - Error connecting to the internet. 5:16:00 AM - Unable
to contact server..

Error - 10/9/2010 6:16:09 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 6:16:08 AM - Error connecting to the internet. 6:16:08 AM - Unable
to contact server..

Error - 10/9/2010 7:32:49 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 7:32:49 AM - Error connecting to the internet. 7:32:49 AM - Unable
to contact server..

Error - 10/9/2010 7:33:03 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 7:32:54 AM - Error connecting to the internet. 7:32:54 AM - Unable
to contact server..

Error - 10/10/2010 12:04:32 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 12:04:21 AM - Error connecting to the internet. 12:04:21 AM - Unable
to contact server..

Error - 10/12/2010 11:33:36 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 11:33:36 AM - Error connecting to the internet. 11:33:36 AM - Unable
to contact server..

Error - 10/12/2010 11:33:57 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 11:33:41 AM - Error connecting to the internet. 11:33:41 AM - Unable
to contact server..

[ System Events ]
Error - 10/15/2010 7:43:13 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 7:55:15 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:07:20 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:19:23 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:31:25 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:39:41 PM | Computer Name = MittensAngel | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.104. The computer with the IP address 192.168.0.102 did
not allow the name to be claimed by this computer.

Error - 10/15/2010 9:55:26 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/21/2010 9:24:13 PM | Computer Name = MittensAngel | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:23:11 PM on ?10/?21/?2010 was unexpected.

Error - 10/21/2010 9:26:34 PM | Computer Name = MittensAngel | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:25:13 PM on ?10/?21/?2010 was unexpected.

Error - 10/21/2010 9:27:01 PM | Computer Name = MittensAngel | Source = BugCheck | ID = 1001
Description =


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"Dell Dock" = Dell Dock
"DivX Setup.divx.com" = DivX Setup
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LimeWire" = LimeWire 5.5.9
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSC" = McAfee SecurityCenter
"Network Play System (Patching)" = Network Play System (Patching)
"NSS" = Norton Security Scan
"PhotoMail" = PhotoMail Maker
"Playsushi" = Playsushi
"Search Toolbar" = Search Toolbar
"The Sims" = The Sims
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2010 3:46:18 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/29/2010 9:21:32 PM | Computer Name = MittensAngel | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: The
remote name could not be resolved: 'wsvcdell.backup.com' at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 9/30/2010 5:32:39 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/30/2010 7:06:21 PM | Computer Name = MittensAngel | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 1.9.2.3909,
time stamp: 0x4c8fdc89 Faulting module name: ntdll.dll, version: 6.1.7600.16559,
time stamp: 0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x00022262 Faulting
process id: 0xee8 Faulting application start time: 0x01cb60f0bfad9be6 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 568956aa-cce7-11df-b371-a4badbc7e273

Error - 9/30/2010 7:21:26 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/1/2010 1:41:23 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/1/2010 2:22:12 PM | Computer Name = MittensAngel | Source = Application Error | ID = 1000
Description = Faulting application name: YAHOOM~1.EXE, version: 10.0.0.1270, time
stamp: 0x4c053ffe Faulting module name: ymsdk.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4c0540c3 Exception code: 0xc0000005 Fault offset: 0x6109427d Faulting process
id: 0x5f0 Faulting application start time: 0x01cb60f439af9ecb Faulting application
path: C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE Faulting module path: ymsdk.dll Report
Id: cecfc335-cd88-11df-b371-a4badbc7e273

Error - 10/1/2010 7:57:45 PM | Computer Name = MittensAngel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/2/2010 7:38:52 AM | Computer Name = MittensAngel | Source = Google Update | ID = 20
Description =

Error - 10/2/2010 8:04:05 AM | Computer Name = MittensAngel | Source = Google Update | ID = 20
Description =

[ Media Center Events ]
Error - 10/7/2010 11:10:19 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 11:10:15 AM - Error connecting to the internet. 11:10:15 AM - Unable
to contact server..

Error - 10/9/2010 3:15:19 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 3:15:05 AM - Error connecting to the internet. 3:15:05 AM - Unable
to contact server..

Error - 10/9/2010 4:15:43 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 4:15:36 AM - Error connecting to the internet. 4:15:36 AM - Unable
to contact server..

Error - 10/9/2010 5:16:02 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 5:16:00 AM - Error connecting to the internet. 5:16:00 AM - Unable
to contact server..

Error - 10/9/2010 6:16:09 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 6:16:08 AM - Error connecting to the internet. 6:16:08 AM - Unable
to contact server..

Error - 10/9/2010 7:32:49 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 7:32:49 AM - Error connecting to the internet. 7:32:49 AM - Unable
to contact server..

Error - 10/9/2010 7:33:03 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 7:32:54 AM - Error connecting to the internet. 7:32:54 AM - Unable
to contact server..

Error - 10/10/2010 12:04:32 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 12:04:21 AM - Error connecting to the internet. 12:04:21 AM - Unable
to contact server..

Error - 10/12/2010 11:33:36 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 11:33:36 AM - Error connecting to the internet. 11:33:36 AM - Unable
to contact server..

Error - 10/12/2010 11:33:57 AM | Computer Name = MittensAngel | Source = MCUpdate | ID = 0
Description = 11:33:41 AM - Error connecting to the internet. 11:33:41 AM - Unable
to contact server..

[ System Events ]
Error - 10/15/2010 7:43:13 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 7:55:15 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:07:20 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:19:23 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:31:25 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/15/2010 9:39:41 PM | Computer Name = MittensAngel | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.104. The computer with the IP address 192.168.0.102 did
not allow the name to be claimed by this computer.

Error - 10/15/2010 9:55:26 PM | Computer Name = MittensAngel | Source = bowser | ID = 8003
Description =

Error - 10/21/2010 9:24:13 PM | Computer Name = MittensAngel | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:23:11 PM on ?10/?21/?2010 was unexpected.

Error - 10/21/2010 9:26:34 PM | Computer Name = MittensAngel | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:25:13 PM on ?10/?21/?2010 was unexpected.

Error - 10/21/2010 9:27:01 PM | Computer Name = MittensAngel | Source = BugCheck | ID = 1001
Description =


< End of report >


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Fri Oct 29, 2010 11:47 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O20 - HKCU Winlogon: Shell - (C:\Users\Amanda\AppData\Roaming\hotfix.exe) - C:\Users\Amanda\AppData\Roaming\hotfix.exe ()
    [2010/10/21 21:22:58 | 000,000,187 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\34718.bat
    [2010/10/21 21:22:57 | 000,514,560 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\hotfix.exe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Sat Oct 30, 2010 3:51 pm

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Amanda\AppData\Roaming\hotfix.exe deleted successfully.
C:\Users\Amanda\AppData\Roaming\hotfix.exe moved successfully.
C:\Users\Amanda\AppData\Roaming\34718.bat moved successfully.
File C:\Users\Amanda\AppData\Roaming\hotfix.exe not found.

OTL by OldTimer - Version 3.2.17.1 log created on 10302010_115123


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Sat Oct 30, 2010 11:01 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Sun Oct 31, 2010 1:30 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 5005

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/31/2010 9:22:57 AM
mbam-log-2010-10-31 (09-22-57).txt

Scan type: Quick scan
Objects scanned: 141805
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 28
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files (x86)\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Amanda\Desktop\IWON.exe (Adware.Iwon) -> Quarantined and deleted successfully.
C:\Users\Amanda\Desktop\Zwinky.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-535494546-3647714240-3240444239-1001\$RY02VLS.exe (Rogue.RegAlive) -> Quarantined and deleted successfully.
C:\Users\Amanda\AppData\Local\Temp\c52aa22e.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Mon Nov 01, 2010 1:22 am

Hello.
Okay good, now we need to do a few more checks.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Tue Nov 02, 2010 5:25 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1545
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 146):
0x0285F000 \SystemRoot\system32\ntoskrnl.exe
0x02816000 \SystemRoot\system32\hal.dll
0x00BCC000 \SystemRoot\system32\kdcom.dll
0x00CAF000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CF3000 \SystemRoot\system32\PSHED.dll
0x00D07000 \SystemRoot\system32\CLFS.SYS
0x00E83000 \SystemRoot\system32\CI.dll
0x00F43000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FE7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E57000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E60000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00D65000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E6A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00D98000 \SystemRoot\System32\drivers\partmgr.sys
0x00E77000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00DAD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00DB9000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x01072000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0118E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01199000 \SystemRoot\system32\drivers\fltmgr.sys
0x011E5000 \SystemRoot\system32\drivers\fileinfo.sys
0x01000000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01015000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0124E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01450000 \SystemRoot\System32\Drivers\msrpc.sys
0x014AE000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014C8000 \SystemRoot\System32\Drivers\cng.sys
0x0153B000 \SystemRoot\System32\drivers\pcw.sys
0x0154C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016F3000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0168B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x016D7000 \SystemRoot\System32\Drivers\spldr.sys
0x01556000 \SystemRoot\System32\drivers\rdyboost.sys
0x016DF000 \SystemRoot\System32\Drivers\mup.sys
0x017E5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01590000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015CA000 \SystemRoot\system32\DRIVERS\disk.sys
0x01400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02A00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02A2A000 \SystemRoot\System32\Drivers\Null.SYS
0x02A33000 \SystemRoot\System32\Drivers\Beep.SYS
0x02A3A000 \SystemRoot\System32\drivers\vga.sys
0x02A48000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02A6D000 \SystemRoot\System32\drivers\watchdog.sys
0x02A7D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02A86000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02A8F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02A98000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02BE0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03802000 \SystemRoot\System32\drivers\tcpip.sys
0x01200000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01022000 \SystemRoot\System32\Drivers\Mpfp.sys
0x02BF1000 \SystemRoot\System32\Drivers\TDI.SYS
0x01430000 \SystemRoot\system32\DRIVERS\tdx.sys
0x015E0000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x03A6C000 \SystemRoot\system32\drivers\afd.sys
0x03AF6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03B3B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B44000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B6A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03B80000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B8F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BAA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03C22000 \SystemRoot\system32\drivers\mfehidk.sys
0x03C6C000 \SystemRoot\System32\drivers\discache.sys
0x03C7B000 \SystemRoot\System32\Drivers\dfsc.sys
0x03C99000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03CAA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04645000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x03CD0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04D4D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04D93000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04DA0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04600000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04611000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x054B2000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x05B5F000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05B6C000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x05BD0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05400000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x0544B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0545A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05469000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0546E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05477000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0548D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03DC4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03DDA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0549D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03BBE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03C00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00C76000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00DCE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x054A9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03EF3000 \SystemRoot\system32\DRIVERS\ks.sys
0x03F36000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03F48000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03FA2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03E00000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x03E7B000 \SystemRoot\system32\DRIVERS\portcls.sys
0x03EB8000 \SystemRoot\system32\DRIVERS\drmk.sys
0x03EDA000 \SystemRoot\system32\drivers\ksthunk.sys
0x03FB7000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x03FF1000 \SystemRoot\System32\Drivers\USBD.SYS
0x00070000 \SystemRoot\System32\win32k.sys
0x03FF3000 \SystemRoot\System32\drivers\Dxapi.sys
0x03EE0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02AA3000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x03BED000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05BEE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x00770000 \SystemRoot\System32\cdd.dll
0x020DB000 \SystemRoot\system32\drivers\luafv.sys
0x020FE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02113000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02166000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02179000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02000000 \SystemRoot\system32\drivers\HTTP.sys
0x02191000 \SystemRoot\system32\DRIVERS\bowser.sys
0x021AF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x021C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02820000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0286E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02891000 \SystemRoot\system32\drivers\peauth.sys
0x02937000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02942000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0296F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02981000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07054000 \SystemRoot\System32\DRIVERS\srv.sys
0x070EA000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
0x070F4000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0712A000 \SystemRoot\system32\drivers\mfeavfk.sys
0x07142000 \SystemRoot\system32\drivers\mfesmfk.sys
0x0714D000 \SystemRoot\system32\drivers\spsys.sys
0x76FA0000 \Windows\System32\ntdll.dll
0x47CF0000 \Windows\System32\smss.exe
0xFF2C0000 \Windows\System32\apisetschema.dll
0xFF740000 \Windows\System32\autochk.exe

Processes (total 81):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
396 csrss.exe
456 C:\Windows\System32\wininit.exe
464 csrss.exe
528 C:\Windows\System32\winlogon.exe
544 C:\Windows\System32\services.exe
560 C:\Windows\System32\lsass.exe
568 C:\Windows\System32\lsm.exe
736 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
484 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
1028 C:\Windows\System32\svchost.exe
1100 C:\Program Files\Dell\DellDock\DockLogin.exe
1152 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\spoolsv.exe
1348 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\svchost.exe
1536 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
1572 C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
1588 LVPrS64H.exe
1620 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
1760 C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
1800 C:\Program Files (x86)\McAfee\MSK\msksrver.exe
1844 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1972 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
1064 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
1720 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2220 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2348 C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
2488 C:\Windows\System32\svchost.exe
2632 WmiPrvSE.exe
672 C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
2148 C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
2604 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
848 C:\Program Files\Windows Media Player\wmpnetwk.exe
1488 C:\Windows\System32\SearchIndexer.exe
684 WmiPrvSE.exe
1112 C:\Windows\servicing\TrustedInstaller.exe
3424 C:\Windows\System32\taskhost.exe
3488 C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
3556 C:\Windows\System32\dwm.exe
3628 C:\Windows\explorer.exe
3792 C:\Program Files\DellTPad\Apoint.exe
3816 C:\Program Files\IDT\WDM\sttray64.exe
3832 C:\Program Files\Dell\QuickSet\quickset.exe
3844 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3864 C:\Windows\System32\igfxtray.exe
3880 C:\Windows\System32\hkcmd.exe
3924 C:\Windows\System32\igfxpers.exe
3956 C:\Windows\System32\audiodg.exe
4052 C:\Program Files\DellTPad\ApMsgFwd.exe
3088 C:\Users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe
2196 C:\Windows\System32\igfxsrvc.exe
3144 C:\Program Files\DellTPad\hidfind.exe
3196 C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
3616 C:\Program Files\DellTPad\ApntEx.exe
3380 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3384 C:\Windows\System32\conhost.exe
4000 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
4108 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
4120 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
4144 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
4232 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
4256 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
4728 C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
5116 C:\Windows\System32\svchost.exe
3920 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
3900 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
4660 C:\Windows\System32\wuauclt.exe
3800 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
992 C:\Windows\System32\sppsvc.exe
4968 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3292 C:\Windows\System32\SearchProtocolHost.exe
3440 C:\Windows\System32\SearchFilterHost.exe
4536 C:\Users\Amanda\Desktop\MBRCheck.exe
2160 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVT-75A23T0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 0C0E7F154151469D03B17DE3B60CAFCFD0398D69


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Wed Nov 03, 2010 12:44 am

Hah, bootkit infection.

Do you have the recovery discs for this machine?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Wed Nov 03, 2010 2:04 am

I have the original disks that came with her computer.

Is this going to end up being reformatted? I haven't had a problem so far booting the computer up out of safe mode.


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Thu Nov 04, 2010 12:35 am

No, we just need to do a repair.

Reboot the machine, after it starts to boot, start tapping the F8 key, under the advanced boot menu, is there an option that says "Repair Your Computer"?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Thu Nov 04, 2010 7:53 pm

yes there is


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Belahzur on Thu Nov 04, 2010 10:20 pm

Select that option, then it will ask what OS you want to repair, select the OS this machine has.

If ask, select the Command Prompt option, and type in this command.

bootrec.exe /fixmbr

Note the space between e and /, press enter. If it comes up with "operation successful", reboot the machine and then re-run MBRCheck.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Sat Nov 06, 2010 12:06 pm

I entered the command prompt with the space and now the computer wont start up in safe mode or normally


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Sun Nov 07, 2010 6:37 pm

bump


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Sneakyone on Sun Nov 07, 2010 6:45 pm

Hi,

Your MBR was infected with TDL4 and fixing the MBR that way must have borked your MBR.

Could you please try and boot into Last Known Good Configuration (Same way as Safe Mode) or go into recovery options (usually F11) and perform a system restore.

If you can get into Windows please run this:

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Sun Nov 07, 2010 7:21 pm

Would before I made the MBR check the best way to do it. So Friday 11/5?


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Dr Jay on Sun Nov 07, 2010 7:37 pm

HI

Do you have the Windows 7 DVD and able to boot from it?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Mon Nov 08, 2010 3:39 am

I have all the initial disks that was given with the computer. I don't want to delete anything because she isn't sure of what she had on there.


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Dr Jay on Mon Nov 08, 2010 3:42 am

We do not need to erase any data. If we do not get something fixed, that computer will continually fail to boot.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Mon Nov 08, 2010 1:57 pm

So should I boot from Friday which is before i did the command prompt exe because I did that saturday morning


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Mon Nov 08, 2010 11:55 pm

bump


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Dr Jay on Tue Nov 09, 2010 10:58 am

No bumping

Please do not bump your topic, unless it has been more than 48 hours with no reply from your helper.

Please tell me a yes or no about having the Windows 7 DVD so we can proceed to fix the MBR and getting the system booting once again.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Tue Nov 09, 2010 1:59 pm

Sorry about the bumping.

As for the Windows 7 Disk. No I do not have it. I only received 3 disks from Dell.


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Dr Jay on Wed Nov 10, 2010 6:16 am

When your computer first boots up, press F8 a few times till you get the Boot Options menu, and (if exists) select Repair Your Computer. Access the Command Prompt option, and type in bootrec.exe /fixmbr


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Wed Nov 10, 2010 1:57 pm

That didn't work. That is what me and Belazhur tried last time and windows now wont start at all.


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Dr Jay on Thu Nov 11, 2010 3:34 am

We need to rebuild the Boot sector

This is done by deleting the boot files and rebuilding them.

In the Windows RE environment, re-enter Command Prompt, and type in the following (in order), pressing enter after each line:

bcdedit /export C:\BCD_Backup
c:
cd boot
attrib bcd -s -h -r
ren c:\boot\bcd bcd.old
bootrec /RebuildBcd
fixboot


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Thu Nov 11, 2010 4:09 pm

bcdedit /export C:\BCD_Backup
The operation completed successfully

c:

cd boot
The system cannot find the path specified

attrib bcd -s -h -r
File not found - bcd

ren c:\boot\bcd bcd.old
The system cannot find the path specified

bootrec /RebuildBcd
Successfully scanned Windows installations.
Total identified Windows installations: 0

fixboot
'fixboot' is not recognized as an internal or external command,
operable program or batch file


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Sat Nov 13, 2010 6:10 pm

no reply for 2 days.


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Dr Jay on Sun Nov 14, 2010 1:49 am

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Wed Nov 17, 2010 9:36 pm

It keeps saying program might not have installed correctly for the otlpestd.exe

I am going to attempt to run the disk cause i do believe it is burned correctly.

None of my screens look even close to the directions so I am unfortunately lost.


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Dr Jay on Thu Nov 18, 2010 5:53 am

If it does not work on your computer, please try on another.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Thu Nov 18, 2010 2:53 pm

The computer I need help with isn't mine. The disk must have burned correctly because there are burn marks on the back of the cdrom. Is there a more uptodate form to follow when dealing with the BIOS? I can attempt to follow but when I get to a certain part of the directions my interface is different


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Dr Jay on Sat Nov 20, 2010 4:10 am

Ok. So you have tried to burn the disc on another computer, but it did not work?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Sat Nov 20, 2010 6:33 pm

It looked like it did cause of the burn marks on the back which take up about 1/2 the disk. But the directions from the link you gave me are out of date for my model. Its a Dell Inspiron 1545


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Dr Jay on Sun Nov 21, 2010 12:39 am

Do you have a USB stick drive (flash drive)?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Sun Nov 21, 2010 2:18 am

Yes I have several of different GB Sizes


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Dr Jay on Sun Nov 21, 2010 6:19 pm

Driver diagnosis

First, download [You must be registered and logged in to see this link.] to the desktop of your working computer.

Next, download [You must be registered and logged in to see this link.] from noahdfear.net and save it to the desktop as well.

Once the download(s) have completed, double click the unetbootin-xpud-windows-387.exe file to run the installer.
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file
  • Verify the correct drive letter is selected for your usb device then click OK
  • Once the files have been written to the device you will be prompted to
    reboot. However, do not reboot. Instead, just Exit the UNetbootin interface.


Now, download [You must be registered and logged in to see this link.] to your USB
  • Remove the USB and insert it in the infected computer
  • Boot the infected computer
  • Immediately press the F12 key and choose to boot from the USB
  • Follow the prompts


A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt


Copy and paste the report.txt for my review

Please note - all text entries are case sensitive


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Mon Nov 22, 2010 4:25 pm

I can't find the driver.sh file, it only shows sda 1 sda 2 and sda 3


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Dr Jay on Mon Nov 22, 2010 8:41 pm

Even though you downloaded driver.sh, you cannot find it?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Mon Nov 22, 2010 8:54 pm

The correct interface shows up and the mnt shows up but underneath the mnt area its sda 1 2 and 3 but no file from the usb drive but it boots fine. Should I move the file to the boot folder on the flash drive that was installed?


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan

Post by Dr Jay on Mon Nov 22, 2010 8:58 pm

Yes, try that, please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan

Post by Itachi21 on Tue Nov 23, 2010 1:54 pm

Tue Nov 23 03:39:55 UTC 2010
Driver report for /mnt/sda3/Windows/System32/drivers

64edd3f59db321947969fdf1dd747323 1394bus.sys
Microsoft Corporation

69aa89a20dee08bfa650aab6ce37bd10 1394ohci.sys
Microsoft Corporation

63b05a0420ce4bf0e4af6dcc7cada254 acpipmi.sys
Microsoft Corporation

6f11e88748cdefd2f76aa215f97ddfe5 acpi.sys
Microsoft Corporation

2f6b34b83843f0c5118b63ac634f5bf4 adp94xx.sys
Adaptec

597f78224ee9224ea1a13d6350ced962 adpahci.sys
Adaptec

e109549c90f62fb570b9540c4b148e54 adpu320.sys
Adaptec

b9384e03479d2506bc924c16a3db87bc afd.sys
Microsoft Corporation

7ecff9b22276b73f43a99a15a6094e90 agilevpn.sys
Microsoft Corporation

608c14dba7299d8cb6ed035a68a15799 AGP440.sys
Microsoft Corporation

5812713a477a3ad7363c7438ca2ee038 aliide.sys
Acer Laboratories

1ff8b4431c353ce385c875f194924c0c amdide.sys
Microsoft Corporation

7024f087cff1833a806193ef9d22cda9 amdk8.sys
Microsoft Corporation

1e56388b3fe0d031c44144eb8c4d6217 amdppm.sys
Microsoft Corporation

7a4b413614c055935567cf88a9734d38 amdsata.sys
Advanced Micro Devices

f67f933e79241ed32ff46a4f29b5120b amdsbs.sys
AMD Technologies

b4ad0cacbab298671dd6f6ef7e20679d amdxata.sys
Advanced Micro Devices

9b0b7fde049cb283fabe5877a49f2611 Apfiltr.sys
Alps Electric

42fd751b27fa0e9c69bb39f39e409594 appid.sys
Microsoft Corporation

019af6924aefe7839f61c830227fe79c arcsas.sys
Adaptec

c484f8ceb1717c540242531db7845c4e arc.sys
Adaptec

769765ce2cc62867468cea93969b2242 asyncmac.sys
Microsoft Corporation

02062c0b390b7729edc9e69c680a6f3c atapi.sys
Microsoft Corporation

aa2186f7944104a16d6ed176ed462cec ataport.sys
Microsoft Corporation

b5ace6968304a3900eeb1ebfd9622df2 b57nd60a.sys
Broadcom Corporation

f4de2ae7a9e1badac70bc71ea2c17612 battc.sys
Microsoft Corporation

16a47ce2decc9b099349a5f840654746 beep.sys
Microsoft Corporation

61583ee3c3a17003c4acd0475646b4d3 blbdrive.sys
Microsoft Corporation

91ce0d3dc57dd377e690a2d324022b08 bowser.sys
Microsoft Corporation

f09eee9edc320b5e1501f749fde686c8 BrFiltLo.sys
Brother Industries

b114d3098e9bdb8bea8b053685831be6 BrFiltUp.sys
Brother Industries

5c2f352a4e961d72518261257aae204b bridge.sys
Microsoft Corporation

43bea8d483bf1870f018e2d02e06a5bd BrSerId.sys
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries
Brother Industries

a6eca2151b08a09caceca35c07f05b42 BrSerWdm.sys
Brother Industries

b79968002c277e869cf38bd22cd61524 BrUsbMdm.sys
Brother Industries

a87528880231c54e75ea7a44943b38bf BrUsbSer.sys
Brother Industries

9da669f11d1f894ab4eb69bf546a42e8 bthmodem.sys
Microsoft Corporation

3e5b191307609f7514148c6832bb0842 bxvbda.sys
Broadcom Corporation

b8bd2bb284668c84865658c77574381a cdfs.sys
Microsoft Corporation

7dc54d1d7b66ebfc09f1defcf32dfa3f cdr4_xp.sys
Sonic Solutions

bf22b3f663e6d1662e6159ab8ea7d113 cdralw2k.sys
Sonic Solutions

83d2d75e1efb81b3450c18131443f7db cdrom.sys
Microsoft Corporation

d7cd5c4e1b71fa62050515314cfb52cf circlass.sys
Microsoft Corporation

62f1ed63f0cb0b5a2f65d15a6490c2fd Classpnp.sys
Microsoft Corporation

0840155d0bddf1190f84a663c284bd33 CmBatt.sys
Microsoft Corporation

e19d3f095812725d88f9001985b94edd cmdide.sys
CMD Technology

f95fd4cb7da00ba2a63ce9f6b5c053e1 cng.sys
Microsoft Corporation

102de219c3f61415f964c88e9085ad14 compbatt.sys
Microsoft Corporation

f26b3a86f6fa87ca360b879581ab4123 CompositeBus.sys
Microsoft Corporation

3e588b60ec061686ba05d33574a344c6 crashdmp.sys
Microsoft Corporation

1c827878a998c18847245fe1f34ee597 crcdisk.sys
Microsoft Corporation

3f1dc527070acb87e40afe46ef6da749 dfsc.sys
Microsoft Corporation

13096b05847ec78f0977f2c0f79e9ab3 discache.sys
Microsoft Corporation

b8b501f03486d8dc76d1bf304436c692 Diskdump.sys
Microsoft Corporation

9819eee8b5ea3784ec4af3b137a5244c disk.sys
Microsoft Corporation

9b19f34400d24df84c858a421c205754 drmkaud.sys
Microsoft Corporation

21d26064aedb4988f785bb4a3a2c051e drmk.sys
Microsoft Corporation

839b5fe3d48e9f35b22c21a3d5103f6c Dumpata.sys
Microsoft Corporation

814db88f2641691575a455cf25354098 dumpfve.sys
Microsoft Corporation

bf24d6f2ed97fe830bfd52b246f98e67 dxapi.sys
Microsoft Corporation

ebce0b0924835f635f620d19f0529dce dxgkrnl.sys
Microsoft Corporation

ddb7ad1ba01005521010db3e30adc972 dxgmms1.sys
Microsoft Corporation

fede0629ecb23650d48989517d4914da dxg.sys
Microsoft Corporation

0e5da5369a0fcaea12456dd852545184 elxstor.sys
Emulex

34a3c54752046e79a126e15c51db409b errdev.sys
Microsoft Corporation

dc5d737f51be844d8c82c695eb17372f evbda.sys
Broadcom Corporation

a510c654ec00c1e9bdd91eeb3a59823b exfat.sys
Microsoft Corporation

0adc83218b66a6db380c330836f3e36d fastfat.sys
Microsoft Corporation

d765d19cd8ef61f650c384f62fac00ab fdc.sys
Microsoft Corporation

655661be46b5f5f3fd454e2c3095b930 fileinfo.sys
Microsoft Corporation

5f671ab5bc87eea04ec38a6cd5962a47 filetrace.sys
Microsoft Corporation

c172a0f53008eaeb8ea33fe10e177af5 flpydisk.sys
Microsoft Corporation

f7866af72abbaf84b1fa5aa195378c59 fltMgr.sys
Microsoft Corporation

d43703496149971890703b4b1b723eac fsdepends.sys
Microsoft Corporation

e95ef8547de20cf0603557c0cf7a9462 fs_rec.sys
Microsoft Corporation

ae87ba80d0ec3b57126ed2cdc15b24ed fvevol.sys
Microsoft Corporation

50555005e22a56aef10be607472d0bdc FWPKCLNT.SYS
Microsoft Corporation

8c778d335c9d272cfd3298ab02abe3b6 GAGP30KX.SYS
Microsoft Corporation

f2523ef6460fc42405b12248338ab2f0 hcw85cir.sys
Hauppauge Computer Works

0a49913402747a0b67de940fb42cbdbb hdaudbus.sys
Microsoft Corporation

78e86380454a7b10a5eb255dc44a355f hidbatt.sys
Microsoft Corporation

7fd2a313f7afe5c4dab14798c48dd104 hidbth.sys
Microsoft Corporation

685fec2407fc121eb937cb658b3c0f35 hidclass.sys
Microsoft Corporation

0a77d29f311b88cfae3b13f9c1a73825 hidir.sys
Microsoft Corporation

49ee2e52e6cd03947dad72f65367be06 hidparse.sys
Microsoft Corporation

b3bf6b5b50006def50b66306d99fcf6f hidusb.sys
Microsoft Corporation

0886d440058f203eba0e1825e4355914 HpSAMD.sys
Hewlett-Packard

cee049cac4efa7f4e1e4ad014414a5d4 http.sys
Microsoft Corporation

f17766a19145f111856378df337a5d79 hwpolicy.sys
Microsoft Corporation

fa55c73d4affa7ee23ac4be53b4592d3 i8042prt.sys
Microsoft Corporation

1d004cb1da6323b1f55caef7f94b61d9 iaStor.sys
Intel Corporation

d83efb6fd45df9d55e9a1afc63640d50 iaStorV.sys
Intel Corporation

44a4cfdf95dec95cfe8a5c111a2cbf71 igdkmd64.sys
Intel Corporation

5c18831c61933628f5bb0ea2675b9d21 iirsp.sys
Intel Corp

f00f20e70c6ec3aa366910083a0518aa intelide.sys
Microsoft Corporation

ada036632c664caa754079041cf1f8c1 intelppm.sys
Microsoft Corporation

722dd294df62483cecaae6e094b4d695 ipfltdrv.sys
Microsoft Corporation

e2b4a4494db7cb9b89b55ca268c337c5 IPMIDrv.sys
Microsoft Corporation

af9b39a7e7b6caa203b3862582e9f2d0 ipnat.sys
Microsoft Corporation

05360b1ea5a2abf620d1d96ebd8bd8f1 irda.sys
Microsoft Corporation

3abf5e7213eb28966d55d58b515d5ce9 irenum.sys
Microsoft Corporation

2f7b28dc3e1183e5eb418df55c204f38 isapnp.sys
Microsoft Corporation

bc02336f1cba7dcc7d1213bb588a68a5 kbdclass.sys
Microsoft Corporation

6def98f8541e1b5dceb2c822a11f7323 kbdhid.sys
Microsoft Corporation

e8b6fcc9c83535c67f835d407620bd27 ksecdd.sys
Microsoft Corporation

a8c63880ef6f4d3fec7b616b9c060215 ksecpkg.sys
Microsoft Corporation

5c7af4a20f5bf67042b2e613d123d111 ks.sys
Microsoft Corporation

6869281e78cb31a43e969f06b57347c4 ksthunk.sys
Microsoft Corporation

3c46290f7a5d45ba6ef32c248e22aa69 Lbd.sys
Lavasoft

1538831cf8ad2979a04c423779465827 lltdio.sys
Microsoft Corporation

1a93e54eb0ece102495a51266dcdb6a6 lsi_fc.sys
LSI Corporation

30f5c0de1ee8b5bc9306c1f0e4a75f93 lsi_sas2.sys
LSI Corporation

1047184a9fdc8bdbff857175875ee810 lsi_sas.sys
LSI Corporation

0504eacaff0d3c8aed161c4b0d369d4a lsi_scsi.sys
LSI Corporation

43d0f98e1d56ccddb0d5254cff7b356e luafv.sys
Microsoft Corporation

b2085e335f2b57077b0cbadb6f1245cd lvpopf64.sys
Logitech
?StringFileInfoBFCompanyNameLogicoolCo.,Ltd.v'FileDescriptionLogicoolAudioProcessingFilterDriver:rFileVersion...:rInternalNameLVPopflt.sys.LegalCopyright(c)-Logicool.Allrightsreserved.BrOriginalFilenameLVPopflt.sysRProductNameLogicoolWebcamSoftware>rProductVersion...DVarFileInfo$Translation*

ded333dbdbbcc3555a6e6244522e2f1a LVPr2M64.sys
Logitech
nbV?StringFileInfoBFCompanyNameLogicoolCo.,Ltd.ZFileDescriptionLogicoolLVPrMDriver:rFileVersion...:rInternalNameLVPrM.sys.LegalCopyright(c)-Logicool.Allrightsreserved.BrOriginalFilenameLVPrM.sysRProductNameLogicoolWebcamSoftware>rProductVersion...DVarFileInfo$Translation*

986c1cb787a007baa5f74e7d316d7246 lvrs64.sys
Logitech
?StringFileInfoBFCompanyNameLogicoolCo.,Ltd.FileDescriptionLogicoolKernelAudioImprovementFilterDriver:rFileVersion...tInternalNameLVRS.sys.LegalCopyright(c)-Logicool.Allrightsreserved.:tOriginalFilenameLVRS.sysRProductNameLogicoolWebcamSoftware>rProductVersion...DVarFileInfo$Translation*

5747bc465abea2858c5d037252aed84e lvuvc64.sys
Logitech
?StringFileInfoBFCompanyNameLogicoolCo.,Ltd.hFileDescriptionLogicoolUSBVideoClassDriver:rFileVersion...nInternalNamelvuvc.sys.LegalCopyright(c)-Logicool.Allrightsreserved.rProductVersion...DVarFileInfo$TranslationR@H

e330051cce41eb4522e5dcebc15adcea mbam.sys
Malwarebytes Corporation

3c9f072f9dca856b9fb7a20cbd4281ac mcd.sys
Microsoft Corporation

a55805f747c6edb6a9080d7c633bd0f4 megasas.sys
LSI Corporation

baf74ce0072480c3b6b7c13b2a94d6b3 MegaSR.sys
LSI Corporation

4a1c21576fb7f96f4dbdea627ffda775 mfeavfk.sys
McAfee

dd7b52227da36f2718306c98e474b51b mfebopk.sys
McAfee

9e0ac52b3232ff8dc65fee1a9c2fe8d1 mfehidk.sys
McAfee

624d717b11e5004f68442b5740f17f21 mferkdk.sys
McAfee

0cd9de7b96735f33f078c4ea044e8b34 mfesmfk.sys
McAfee

800ba92f7010378b09f9ed9270f07137 modem.sys
Microsoft Corporation

b03d591dc7da45ece20b3b467e6aadaa monitor.sys
Microsoft Corporation

7d27ea49f3c1f687d357e77a470aea99 mouclass.sys
Microsoft Corporation

d3bf052c40b0c4166d9fd86a4288c1e6 mouhid.sys
Microsoft Corporation

791af66c4d0e7c90a3646066386fb571 mountmgr.sys
Microsoft Corporation

ae2e68527013eb4f761eccc630f7f1a3 Mpfp.sys
McAfee

609d1d87649ecc19796f4d76d4c15cea mpio.sys
Microsoft Corporation

6c38c9e45ae0ea2fa5e551f2ed5e978f mpsdrv.sys
Microsoft Corporation

30524261bb51d96d6fcbac20c810183c mrxdav.sys
Microsoft Corporation

920ee0ff995fcfdeb08c41605a959e1c mrxsmb10.sys
Microsoft Corporation

740d7ea9d72c981510a5292cf6adc941 mrxsmb20.sys
Microsoft Corporation

767a4c3bcf9410c286ced15a2db17108 mrxsmb.sys
Microsoft Corporation

bccf16d5fb1109162380e3e28dc9e4e5 msahci.sys
Microsoft Corporation

8d27b597229aed79430fb9db3bcbfbd0 msdsm.sys
Microsoft Corporation

aa3fb40e17ce1388fa1bedab50ea8f96 msfs.sys
Microsoft Corporation

f9d215a46a8b9753f61767fa72a20326 mshidkmdf.sys
Microsoft Corporation

d916874bbd4f8b07bfb7fa9b3ccae29d msisadrv.sys
Microsoft Corporation

fa4d2557de56d45b0a346f93564be6e1 msiscsi.sys
Microsoft Corporation

49ccf2c4fea34ffad8b1b59d49439366 mskssrv.sys
Microsoft Corporation

bdd71ace35a232104ddd349ee70e1ab3 mspclock.sys
Microsoft Corporation

4ed981241db27c3383d72092b618a1d0 mspqm.sys
Microsoft Corporation

89cb141aa8616d8c6a4610fa26c60964 msrpc.sys
Microsoft Corporation

0eed230e37515a0eaee3c2e1bc97b288 mssmbios.sys
Microsoft Corporation

2e66f9ecb30b4221a318c92ac2250779 mstee.sys
Microsoft Corporation

7ea404308934e675bffde8edf0757bcd MTConfig.sys
Microsoft Corporation

f9a18612fd3526fe473c1bda678d61c8 mup.sys
Microsoft Corporation

9f9a1f53aad7da4d6fef5bb73ab811ac ndiscap.sys
Microsoft Corporation

cad515dbd07d082bb317d9928ce8962c ndis.sys
Microsoft Corporation

30639c932d9fef22b31268fe25a1b6e5 ndistapi.sys
Microsoft Corporation

f105ba1e22bf1f2ee8f005d4305e4bec ndisuio.sys
Microsoft Corporation

557dfab9ca1fcb036ac77564c010dad3 ndiswan.sys
Microsoft Corporation

659b74fb74b86228d6338d643cd3e3cf ndproxy.sys
Microsoft Corporation

86743d9f5d2b1048062b14b1d84501c4 netbios.sys
Microsoft Corporation

9162b273a44ab9dce5b44362731d062a netbt.sys
Microsoft Corporation

7b8403912673a87ea6622f5cb867a670 netio.sys
Microsoft Corporation

4d85a450edef10c38882182753a49aae NETw5s64.sys
Intel Corporation

77889813be4d166cdab78ddba990da92 nfrd960.sys
IBM Corp

1e4c4ab5c9b8dd13179bbdc75a2a01f7 npfs.sys
Microsoft Corporation

e7f5ae18af4168178a642a9247c63001 nsiproxy.sys
Microsoft Corporation

356698a13c4630d5b31c37378d469196 ntfs.sys
Microsoft Corporation

9899284589f75fa8724ff3d16aed75c1 null.sys
Microsoft Corporation

270d7cd42d6e3979f6dd0146650f0e05 NV_AGP.SYS
Microsoft Corporation

3e38712941e9bb4ddbee00affe3fed3d nvraid.sys
NVIDIA Corporation

477dc4d6deb99be37084c9ac6d013da1 nvstor.sys
NVIDIA Corporation

1ea3749c4114db3e3161156ffffa6b33 nwifi.sys
Microsoft Corporation

3589478e4b22ce21b41fa1bfc0b8b8a0 ohci1394.sys
Microsoft Corporation

ee992183bd8eaefd9973f352e587a299 pacer.sys
Microsoft Corporation

0086431c29c35be1dbc43f52cc273887 parport.sys
Microsoft Corporation

7daa117143316c4a1537e074a5a9eaf0 partmgr.sys
Microsoft Corporation

b5b8b5ef2e5cb34df8dcf8831e3534fa pciide.sys
Microsoft Corporation

144497daa145ba0f7be896064146c058 pciidex.sys
Microsoft Corporation

f36f6504009f2fb0dfd1b17a116ad74b pci.sys
Microsoft Corporation

b2e81d4e87ce48589f98cb8c05b01f2f pcmcia.sys
Microsoft Corporation

d6b9c2e1a11a3a4b26a182ffef18f603 pcw.sys
Microsoft Corporation

68769c3356b3be5d1c732c97b9a80d6e PEAuth.sys
Microsoft Corporation

32e11315b5126921ffd9074840ef13d3 portcls.sys
Microsoft Corporation

0d922e23c041efb1c3fac2a6f943c9bf processr.sys
Microsoft Corporation

87b04878a6d59d6c79251dc960c674c1 PxHlpa64.sys
Sonic Solutions

a53a15a11ebfd21077463ee2c7afeef0 ql2300.sys
QLogic Corporation

4f6d12b51de1aaeff7dc58c4d75423c8 ql40xx.sys
QLogic Corporation

76707bb36430888d9ce9d705398adb6c qwavedrv.sys
Microsoft Corporation

5a0da8ad5762fa2d91678a8a01311704 rasacd.sys
Microsoft Corporation

87a6e852a22991580d6d39adc4790463 rasl2tp.sys
Microsoft Corporation

855c9b1cd4756c5e9a2aa58a15f58c25 raspppoe.sys
Microsoft Corporation

27cc19e81ba5e3403c48302127bda717 raspptp.sys
Microsoft Corporation

e8b1e447b008d07ff47d016c2b0eeecb rassstp.sys
Microsoft Corporation

3bac8142102c15d59a87757c1d41dce5 rdbss.sys
Microsoft Corporation

302da2a0539f2cf54d7c6cc30c1f2d8d rdpbus.sys
Microsoft Corporation

cea6cc257fc9b7715f1c2b4849286d24 RDPCDD.sys
Microsoft Corporation

bb5971a4f00659529a5c44831af22365 RDPENCDD.sys
Microsoft Corporation

216f3fa57533d98e1f74ded70113177a RDPREFMP.sys
Microsoft Corporation

8a3e6bea1c53ea6177fe2b6eba2c80d7 rdpwd.sys
Microsoft Corporation

634b9a2181d98f15941236886164ec8b rdyboost.sys
Microsoft Corporation

77b3b747eb2413072b8e4306018d0c9b rmcast.sys
Microsoft Corporation

fc6d5c50d846b795335deb3fce8b33f3 RNDISMP.sys
Microsoft Corporation

388d3dd1a6457280f3badba9f3acd6b1 rootmdm.sys
Microsoft Corporation

ddc86e4f8e7456261e637e3552e804ff rspndr.sys
Microsoft Corporation

4a25dc970c58104602ed274dacafd784 RtsUStor.sys
Realtek Semiconductor

e3bbb89983daf5622c1d50cf49f28227 sbp2port.sys
Microsoft Corporation

4019149e4e296072831c8855605d9fdc SBREDrv.sys
m?nStringFileInfoeBCompanyNameSunbeltSoftwarePFileDescriptionAnti-RootkitEnginetFileVersion..tInternalNameSBRE.sys=LegalCopyrightCopyright-SunbeltSoftware.Allrightsreserved.LegalTrademarksSUNBELTSOFTWAREandthe"S"logoareregisteredtrademarksofSunbeltSoftware.CounterSpySDKisatrademarkofSunbeltSoftware.:tOriginalFilenameSBRE.sysvProductNameCounterSpytProductVersion..VProductBuildDate//::AMDVarFileInfo$TranslationtPADDINGXXPAD

c94da20c7e3ba1dca269bc8460d98387 scfilter.sys
Microsoft Corporation

ad3a6838a059d65fb55d2f61cf0a6c1f scsiport.sys
Microsoft Corporation

3ea8a16169c26afbeb544e0e48421186 secdrv.sys
Macrovision Corporation

cb624c0035412af0debec78c41f5ca1b serenum.sys
Microsoft Corporation

c1d8e28b2c2adfaec4ba89e9fda69bd6 serial.sys
Microsoft Corporation

1c545a7d0691cc4a027396535691c3e3 sermouse.sys
Microsoft Corporation

a554811bcd09279536440c964ae35bbf sffdisk.sys
Microsoft Corporation

ff414f0baefeba59bc6c04b3db0b87bf sffp_mmc.sys
Microsoft Corporation

5588b8c6193eb1522490c122eb94dffa sffp_sd.sys
Microsoft Corporation

a9d601643a1647211a1ee2ec4e433ff4 sfloppy.sys
Microsoft Corporation

843caf1e5fde1ffd5ff768f23a51e2e1 sisraid2.sys
Silicon Integrated Systems

6a6c106d42e9ffff8b9fcb4f754f6da4 sisraid4.sys
Silicon Integrated Systems

548260a7b8654e024dc30bf8a7c5baa4 smb.sys
Microsoft Corporation

a80348ba03e96c70852959655ca3e084 smclib.sys
Microsoft Corporation

b9e31e5cacdfe584f34f730a677803f9 spldr.sys
Microsoft Corporation

fff95479c7ab1550f0750a5d01744211 spsys.sys
Microsoft Corporation

4d33d59c0b930c523d29f9bd40cda9d2 srv2.sys
Microsoft Corporation

5a663fd67049267bc5c3f3279e631ffb srvnet.sys
Microsoft Corporation

de6f5658da951c4bc8e498570b5b0d5f srv.sys
Microsoft Corporation

f3817967ed533d08327dc73bc4d5542a stexstor.sys
Promise Technology

141e6f0b54da421b8de146f5ad947760 storport.sys
Microsoft Corporation

001cc10fa5e71ae1119115e126c8750d stream.sys
Microsoft Corporation

02e784fa49032f84964db90a3ed81890 stwrt64.sys
nI?btStringFileInfoBnCompanyNameIDT,Inc.BrFileDescriptionIDTPCAudiobFileVersion...bInternalNameIDTPCAh"LegalCopyrightCopyright-IDT,Inc.@bOriginalFilenamestwrt.sys:rProductNameIDTPCAudio
d01ec09b6711a5f8e7e6564a4d0fbc90 swenum.sys
Microsoft Corporation

6e316c01cba8b785fe495f5cc4f48c6f tape.sys
Microsoft Corporation

76d078af6f587b162d50210f761eb9ed tcpipreg.sys
Microsoft Corporation

90a2d722cf64d911879d6c4a4f802a4d tcpip.sys
Microsoft Corporation

0ca6fe26acc7ffee1bd0463f40835f32 tdi.sys
Microsoft Corporation

3371d21011695b16333a3934340c4e7c tdpipe.sys
Microsoft Corporation

e4245bda3190a582d55ed09e137401a9 tdtcp.sys
Microsoft Corporation

079125c4b17b01fcaeebce0bcb290c0f tdx.sys
Microsoft Corporation

c448651339196c0e869a355171875522 termdd.sys
Microsoft Corporation

61b96c26131e37b24e93327a0bd1fb95 tssecsrv.sys
Microsoft Corporation

3836171a2cdf3af8ef10856db9835a70 tunnel.sys
Microsoft Corporation

b4dd609bd7e282bfc683cec7eaaaad67 UAGP35.SYS
Microsoft Corporation

31ba4a33afab6a69ea092b18017f737f udfs.sys
Microsoft Corporation

4bfe1bc28391222894cbf1e7d0e42320 ULIAGPKX.SYS
Microsoft Corporation

eab6c35e62b1b0db0d1b48b671d3a117 umbus.sys
Microsoft Corporation

b2e8e8cb557b156da5493bbddcc1474d umpass.sys
Microsoft Corporation

d0fe8cb5f84303e73ff0754437fad3d1 usb8023.sys
Microsoft Corporation

77b01bc848298223a95d4ec23e1785a1 USBAUDIO.sys
Microsoft Corporation

faec06c1d24e2770ecc4f7c37659824d USBCAMD2.sys
Microsoft Corporation

b26afb54a534d634523c4fb66765b026 usbccgp.sys
Microsoft Corporation

af0892a803fdda7492f595368e3b68e7 usbcir.sys
Microsoft Corporation

63c8d74bed9f80f4dd0aa7a3101eb639 usbd.sys
Microsoft Corporation

cb490987a7f6928a04bb838e3bd8a936 usbehci.sys
Microsoft Corporation

18124ef0a881a00ee222d02a3ee30270 usbhub.sys
Microsoft Corporation

58e546bbaf87664fc57e0f6081e4f609 usbohci.sys
Microsoft Corporation

a91291136d1e70966645252f6b828711 usbport.sys
Microsoft Corporation

73188f58fb384e75c4063d29413cee3d usbprint.sys
Microsoft Corporation

8f0d9d2ea6cfed2730b5bafb9b5b11c2 usbrpm.sys
Microsoft Corporation

080d3820da6c046be82fc8b45a893e83 USBSTOR.SYS
Microsoft Corporation

81fb2216d3a60d1284455d511797db3d usbuhci.sys
Microsoft Corporation

7cb8c573c6e4a2714402cc0a36eab4fe usbvideo.sys
Microsoft Corporation

c5c876ccfc083ff3b128f933823e87bd vdrvroot.sys
Microsoft Corporation

da4da3f5e02943c2dc8c6ed875de68dd vgapnp.sys
Microsoft Corporation

53e92a310193cb3c03bea963de7d9cfc vga.sys
Microsoft Corporation

c82e748660f62a242b2dfac1442f22a4 vhdmp.sys
Microsoft Corporation

e5689d93ffe4e5d66c0178761240dd54 viaide.sys
VIA Technologies

e7353d59c9842bc7299faeb7e7e09340 videoprt.sys
Microsoft Corporation

2b1a3dae2b4e70dbba822b7a03fbd4a3 volmgr.sys
Microsoft Corporation

99b0cbb569ca79acaed8c91461d765fb volmgrx.sys
Microsoft Corporation

58f82eed8ca24b461441f9c3e4f0bf5c volsnap.sys
Microsoft Corporation

5e2016ea6ebaca03c04feac5f330d997 vsmraid.sys
VIA Technologies

36d4720b72b5c5d9cb2b9c29e9df67a1 vwifibus.sys
Microsoft Corporation

6a3d66263414ff0d6fa754c646612f3f vwififlt.sys
Microsoft Corporation

6a638fc4bfddc4d9b186c28c91bd1a01 vwifimp.sys
Microsoft Corporation

4e9440f4f152a7b944cb1663d3935a3e wacompen.sys
Microsoft Corporation

47ca49400643effd3f1c9a27e1d69324 wanarp.sys
Microsoft Corporation

fc438d1430b28618e2d0c7c332a710ad watchdog.sys
Microsoft Corporation

441bd2d7b4f98134c3a4f9fa570fd250 Wdf01000.sys
Microsoft Corporation

1b409454d7a00110fdb06f7e0f155a88 WdfLdr.sys
Microsoft Corporation

72889e16ff12ba0f235467d6091b17dc wd.sys
Microsoft Corporation

611b23304bf067451a9fdee01fbdd725 wfplwf.sys
Microsoft Corporation

b14ef15bd757fa488f9c970eee9c0d35 WimFltr.sys
Microsoft Corporation

05ecaec3e4529a7153b3136ceb49f0ec wimmount.sys
Microsoft Corporation

f6ff8944478594d0e414d3f048f0d778 wmiacpi.sys
Microsoft Corporation

fc146f46872d4c5b529b89a5131fd1e6 wmilib.sys
Microsoft Corporation

6bcc1d7d2fd2453957c5479a32364e52 ws2ifsl.sys
Microsoft Corporation

c63907207b837a5c05cf6d1606aa0008 WUDFPf.sys
Microsoft Corporation

d885a873d733020f8b9b9ff4b1666158 WUDFRd.sys
Microsoft Corporation

79d9ce9614c955dd31aa2556b4014662 yk62x64.sys
Marvell



[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31889
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum