Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

crypt_mangle

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

crypt_mangle

Unread postby fsholloway » April 8th, 2010, 8:50 pm

I believe I have a malware named CRYPT_MANGLED which problable came from wildtangent games. I was dormant for a months and not problems were thought to come from those files. However, I have a series of problems which I think has been spreading to the point the my PC shuts down and goes to a DOS window, which I cannot read because it times out. Trend Micro has quarantined it numerous times. I was able to search in Safe Mode and delete the files...however they came back.. There are two "crypt" files. I have tried most of Trends scans without results. I am now here. Hope you can help.

fyi - My PC is a HP Pavilioin m8200n. I am wired to a shared router (Linksys) with one other pc on air.

See attached uninstall file and i was unable to attached the hijackthis scan so I am pasting it below this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:48 PM, on 4/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ION\EZ VHS Converter\MediaTVMonitor.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\Owner\Downloads\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - C:\Program Files\GamingSquared\Gaming2\G2IE_v1042.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: EasySprinter toolbar - {4AD56E6F-7074-41EE-8A40-583C2C76EFCD} - C:\Program Files\EasySprinter\SCToolbar.dll (file missing)
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SAV] "C:\ProgramData\a914a25\LivePCGuard.exe" /s
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: EZ VHS Converter Monitor.lnk = C:\Program Files\ION\EZ VHS Converter\MediaTVMonitor.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O4 - Global Startup: tisspwiz.lnk = C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/58.14/uploader2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12264 bytes


I look forward to hearing from someone as soon as you are able.


Thanks,

Fred
You do not have the required permissions to view the files attached to this post.
fsholloway
Active Member
 
Posts: 11
Joined: April 3rd, 2010, 8:06 pm
Advertisement
Register to Remove

Re: crypt_mangle

Unread postby MWR 3 day Mod » April 13th, 2010, 1:50 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: crypt_mangle

Unread postby shinybeast » April 14th, 2010, 11:25 am

Hello and welcome to Malware Removal Forums

My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.

Please follow these guidelines as we work to clean your computer.
  • Read through the instructions before you perform them and if you have questions please ask before you perform them. Please do not guess. I will be happy to clarify or explain.
  • Perform all instructions in the order given.
  • Stick with the process until I give you an "all clean." If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
  • Do not run any other tools to remove malware while we are working.
  • If your security software throws up warnings about some of these tools, please allow these tools to run.
  • If you have not done so, please take time to read the Malware Removal Forum Guidelines and Rules and How to get help at this forum where the conditions for receiving help at this forum are explained.


Be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before we start.


Uninstall Programs

Click Start button
Type appwiz.cpl and press Enter to open Programs and Features
For each of the programs listed below, right-click them in the list and click Uninstall
NOTE: We will replace the Java later.

GamingSquared Console
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1


Once finished, close Programs and Features window


Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to a convenient location.
Double-click the mbam-setup.exe file that you download to start the installation
Go through the install screens and before you click finish ensure that these two check boxes are checked.
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware

The program will then check for updates. If you have a firewall installed and it throws up a warning, please allow Malwarebytes through.
  • Once it checks for and gets any updates tick Perform quick scan
  • Click Scan
  • When it finishes, click OK in the window that pops up and then click Show Results in the main window
  • Ensure that all items are checked and click Remove Selected.
  • When the removal is complete, a logfile will open. Please copy and paste the entire contents of the logfile in your next reply. See NOTE below
  • If necessary, the logfile can also be accessed by running Malwarebytes' and clicking the Log tab. Double-click the current log to open it.
NOTE: If Malwarebytes' encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let it proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent Malwarebytes' from removing all the malware.


Scan with RSIT

  • Click here to download Random's System Information Tool by random/random and save it to your desktop.
  • Right-click RSIT.exe and click Image Run as Administrator to run the tool
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open...
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.

Please reply with MalwareBytes' log and the two RSIT logs (log.txt and info.txt)
Do not attach the logs. Break them up into multiple posts as necessary.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: crypt_mangle

Unread postby fsholloway » April 14th, 2010, 5:59 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-04-14 17:44:56
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 348 GB (74%) free of 468 GB
Total RAM: 3006 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:11 PM, on 4/14/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Activ Software\ActivDriver\activmgr.exe
C:\hp\kbd\kbd.exe
C:\Users\Owner\Downloads\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe
C:\Windows\system32\msfeedssync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - C:\Program Files\GamingSquared\Gaming2\G2IE_v1042.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: tisspwiz.lnk = C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/58.14/uploader2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10201 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{50873598-2ACB-4E95-9CE1-AAE664A04327}.job
C:\Windows\tasks\User_Feed_Synchronization-{7E403217-555D-4AA3-905A-4C065A916971}.job
C:\Windows\tasks\User_Feed_Synchronization-{9E47D827-02FC-4C56-ABB8-FAD3F71BE6B6}.job
C:\Windows\tasks\User_Feed_Synchronization-{D64E7602-2D70-418C-9D84-F0204557083B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-12-08 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{971F630E-AD68-4d6e-B0C3-1C627AAC80F1}]
(Gaming)2 - C:\Program Files\GamingSquared\Gaming2\G2IE_v1042.dll [2008-03-03 635392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2E5E800E-6AC0-411E-940A-369530A35E43} - The Weather Channel Toolbar - C:\Windows\System32\TwcToolbarIe7.dll [2009-06-23 331776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-25 4702208]
"LELA"=C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe [2008-05-01 131072]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-11-20 178688]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2010-01-26 1020248]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-08 198160]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"ActivControl"=C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe [2009-10-22 1088800]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2009-09-12 492808]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe
tisspwiz.lnk - C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote Table Of Contents.onetoc2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\autorun.exe index.html

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04486053-5093-11de-aa1d-001bb9deecb4}]
shell\AutoRun\command - J:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fcdfd93-17a3-11dd-8686-001bb9deecb4}]
shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40044b49-edb7-11dd-a042-001bb9deecb4}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67d9d14d-f8dc-11dd-8c05-001bb9deecb4}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f9e7349-bf53-11dc-afd6-001bb9deecb4}]
shell\AutoRun\command - J:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f9e7714-bf53-11dc-afd6-001bb9deecb4}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-04-14 17:40:07 ----D---- C:\rsit
2010-04-14 16:38:35 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2010-04-14 16:38:18 ----D---- C:\ProgramData\Malwarebytes
2010-04-14 16:38:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-14 13:31:06 ----SHD---- C:\Config.Msi
2010-04-14 13:28:17 ----A---- C:\Windows\system32\jucheck.exe
2010-04-14 13:28:16 ----A---- C:\Windows\system32\jusched.exe
2010-04-14 13:10:09 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-14 13:10:09 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 13:10:06 ----A---- C:\Windows\system32\vbscript.dll
2010-04-14 13:07:36 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-14 12:52:55 ----A---- C:\Windows\system32\wintrust.dll
2010-04-14 12:52:51 ----A---- C:\Windows\system32\cabview.dll
2010-04-13 10:56:02 ----D---- C:\Users\Owner\AppData\Roaming\Promethean
2010-04-13 10:53:52 ----D---- C:\ProgramData\Promethean
2010-04-13 10:51:54 ----D---- C:\Users\Owner\AppData\Roaming\ACTIV Software
2010-04-13 10:51:53 ----D---- C:\Program Files\Common Files\Activ Software
2010-04-13 10:51:47 ----D---- C:\ProgramData\Activ Software
2010-04-13 10:51:47 ----D---- C:\Program Files\Activ Software
2010-04-12 09:26:33 ----D---- C:\swsetup
2010-04-09 17:15:37 ----D---- C:\Users\Owner\AppData\Roaming\Turning Technologies
2010-04-09 17:08:01 ----A---- C:\Windows\system32\hdduinst.exe
2010-04-09 17:08:00 ----A---- C:\Windows\system32\haspds_windows.dll
2010-04-09 17:07:59 ----A---- C:\Windows\system32\UNWISE.EXE
2010-04-09 17:07:59 ----A---- C:\Windows\system32\hinstd.dll
2010-04-09 17:07:41 ----D---- C:\Program Files\Turning Technologies
2010-04-09 17:06:07 ----D---- C:\ProgramData\Turning Technologies
2010-04-09 15:26:49 ----D---- C:\Users\Owner\AppData\Roaming\WinBatch
2010-04-06 13:10:35 ----D---- C:\Users\Owner\AppData\Roaming\MemoryClinic
2010-04-01 12:11:28 ----D---- C:\ProgramData\Sun
2010-03-30 15:04:55 ----A---- C:\Windows\system32\mshtml.dll
2010-03-30 15:04:54 ----A---- C:\Windows\system32\ieframe.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\wininet.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\urlmon.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\occache.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\mstime.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\iertutil.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\msfeedssync.exe
2010-03-30 15:04:52 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-30 15:04:52 ----A---- C:\Windows\system32\ieui.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iesysprep.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iesetup.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iernonce.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iepeers.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\ie4uinit.exe
2010-03-29 22:01:18 ----D---- C:\ProgramData\Nevosoft
2010-03-29 18:01:27 ----D---- C:\Users\Owner\AppData\Roaming\Silverback Productions
2010-03-19 20:22:09 ----D---- C:\ProgramData\EdensQuest

======List of files/folders modified in the last 1 months======

2010-04-14 17:45:11 ----D---- C:\Program Files\Trend Micro
2010-04-14 17:44:59 ----D---- C:\Windows\Temp
2010-04-14 17:15:04 ----D---- C:\Windows\tracing
2010-04-14 16:53:39 ----D---- C:\Windows\system32\drivers
2010-04-14 16:53:39 ----D---- C:\Windows\ServiceProfiles
2010-04-14 16:51:51 ----D---- C:\Program Files
2010-04-14 16:51:50 ----HD---- C:\ProgramData
2010-04-14 16:19:24 ----D---- C:\Windows\system32\config
2010-04-14 16:19:17 ----D---- C:\Windows\Tasks
2010-04-14 16:19:17 ----D---- C:\Windows\system32\wbem
2010-04-14 16:19:17 ----D---- C:\Windows\system32\Tasks
2010-04-14 16:19:17 ----D---- C:\Windows\system32\spool
2010-04-14 16:19:17 ----D---- C:\Windows\registration
2010-04-14 16:19:17 ----D---- C:\Windows\inf
2010-04-14 16:19:17 ----D---- C:\Windows
2010-04-14 14:01:15 ----D---- C:\Windows\winsxs
2010-04-14 13:50:57 ----D---- C:\Windows\Prefetch
2010-04-14 13:50:03 ----D---- C:\Windows\system32\catroot
2010-04-14 13:49:59 ----D---- C:\Windows\system32\catroot2
2010-04-14 13:47:34 ----D---- C:\Windows\System32
2010-04-14 13:47:33 ----D---- C:\Program Files\Windows Mail
2010-04-14 13:47:24 ----D---- C:\Program Files\Google
2010-04-14 13:45:57 ----SHD---- C:\Windows\Installer
2010-04-14 13:45:49 ----D---- C:\ProgramData\Microsoft Help
2010-04-14 13:39:09 ----SHD---- C:\System Volume Information
2010-04-14 13:28:59 ----D---- C:\Program Files\Java
2010-04-14 13:25:20 ----D---- C:\ProgramData\Google
2010-04-13 10:51:53 ----D---- C:\Program Files\Common Files
2010-04-12 09:29:43 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-12 09:28:31 ----RSD---- C:\Windows\assembly
2010-04-12 09:28:25 ----D---- C:\Program Files\Hewlett-Packard
2010-04-11 20:35:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-11 20:33:46 ----D---- C:\Users\Owner\AppData\Roaming\U3
2010-04-10 09:41:20 ----D---- C:\ProgramData\WildTangent
2010-04-09 17:08:58 ----D---- C:\Windows\system32\setup
2010-04-09 16:40:20 ----D---- C:\ProgramData\NVIDIA
2010-04-09 14:27:33 ----A---- C:\Windows\ntbtlog.txt
2010-04-07 22:42:58 ----D---- C:\Users\Owner\AppData\Roaming\Flood Light Games
2010-04-07 22:42:58 ----D---- C:\ProgramData\Flood Light Games
2010-04-07 22:28:59 ----D---- C:\Program Files\HP Games
2010-04-06 13:52:54 ----A---- C:\Windows\system32\mrt.exe
2010-04-04 02:16:44 ----D---- C:\Users\Owner\AppData\Roaming\Opera
2010-04-03 21:31:04 ----D---- C:\Program Files\Opera
2010-04-03 01:15:57 ----SD---- C:\Windows\Downloaded Program Files
2010-04-03 01:15:54 ----D---- C:\Windows\system32\Msdtc
2010-04-03 01:15:54 ----D---- C:\Windows\system32\CodeIntegrity
2010-04-03 01:15:53 ----D---- C:\Windows\Minidump
2010-04-03 01:15:49 ----D---- C:\Users\Owner\AppData\Roaming\Thunderbird
2010-04-03 01:15:49 ----D---- C:\Users\Owner\AppData\Roaming\Restorer
2010-04-03 01:15:46 ----D---- C:\Users\Owner\AppData\Roaming\Chessmaster Challenge
2010-04-03 01:15:46 ----D---- C:\Users\Owner\AppData\Roaming\BloodTies
2010-04-02 20:45:16 ----D---- C:\Windows\pss
2010-04-02 19:06:57 ----D---- C:\Program Files\Hardwood Spades
2010-04-01 12:11:23 ----D---- C:\Program Files\Common Files\Java
2010-04-01 12:00:10 ----D---- C:\Windows\system32\LogFiles
2010-03-31 03:12:22 ----D---- C:\Windows\system32\migration
2010-03-31 03:12:22 ----D---- C:\Program Files\Internet Explorer
2010-03-20 20:36:22 ----D---- C:\ProgramData\PlayFirst
2010-03-17 19:49:47 ----D---- C:\ProgramData\Adobe
2010-03-17 19:49:47 ----D---- C:\Program Files\Common Files\Adobe
2010-03-16 17:35:49 ----D---- C:\Windows\system32\WDI
2010-03-16 11:58:27 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mozyFilter;mozyFilter; C:\Windows\system32\DRIVERS\mozy.sys [2008-06-11 53752]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys [2009-09-12 146448]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2009-09-12 89872]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2005-07-28 685056]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2008-04-09 24888]
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2008-04-09 26424]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2009-09-12 158224]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys [2009-09-12 283152]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2009-12-04 230928]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2009-12-04 1322680]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 ActivHidSerMini;Promethean Serial Board Driver; C:\Windows\system32\DRIVERS\activhidsermini.sys [2009-05-05 55936]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys [2007-06-11 968064]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-25 2015192]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-08 24064]
R3 prmvmouse;Promethean HID Mouse Service; C:\Windows\system32\DRIVERS\activmouse.sys [2009-10-05 6144]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2009-09-12 59920]
R3 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2009-09-12 50704]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 VWan2k;BroadJump PPPoE Adapter; C:\Windows\system32\DRIVERS\VWan2k.SYS [2003-05-10 29228]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S2 VProt2k;BroadJump PPPoE Helper Protocol; C:\Windows\system32\DRIVERS\VProt2k.SYS []
S3 APL531;OVT Scanner; C:\Windows\System32\Drivers\ov550i.sys [2006-07-31 580992]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-09-23 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-09-23 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []
S3 VCR2PC;VCR2PC Analog Capture; C:\Windows\system32\DRIVERS\0140_ION.sys [2008-05-08 277888]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [2007-04-25 73728]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-09-23 303104]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\MozyHome\mozybackup.exe [2008-06-11 87344]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-04-09 648504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2010-01-26 715368]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-09-12 345352]
R3 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-09-12 497008]
R3 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-09-12 689416]
S2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2010-04-03 246520]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-16 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3988

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

4/14/2010 4:51:51 PM
mbam-log-2010-04-14 (16-51-51).txt

Scan type: Quick scan
Objects scanned: 137134
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 40
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{3fc8c143-f2cc-4ab1-9ac0-8b1407302795} (Rogue.PCSuperCharger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4ad56e6f-7074-41ee-8a40-583c2c76efcd} (Rogue.PCSuperCharger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3fc8c143-f2cc-4ab1-9ac0-8b1407302795} (Rogue.PCSuperCharger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4ad56e6f-7074-41ee-8a40-583c2c76efcd} (Rogue.PCSuperCharger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4ad56e6f-7074-41ee-8a40-583c2c76efcd} (Rogue.PCSuperCharger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\SCToolbar.dll (Rogue.SystemOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sctoolbar.shellband (Rogue.SystemOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sctoolbar.shellband.1 (Rogue.SystemOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4ad56e6f-7074-41ee-8a40-583c2c76efcd} (Rogue.PCSuperCharger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080702115717617.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080702120424995.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Owner\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\Owner\Favorites\Favorites\Antivirus Scan.URL (Rogue.Link) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.


-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-04-14 17:54:39
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 348 GB (74%) free of 468 GB
Total RAM: 3006 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:40 PM, on 4/14/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Activ Software\ActivDriver\activmgr.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\Owner\Downloads\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - C:\Program Files\GamingSquared\Gaming2\G2IE_v1042.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: tisspwiz.lnk = C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/58.14/uploader2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10235 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{50873598-2ACB-4E95-9CE1-AAE664A04327}.job
C:\Windows\tasks\User_Feed_Synchronization-{7E403217-555D-4AA3-905A-4C065A916971}.job
C:\Windows\tasks\User_Feed_Synchronization-{9E47D827-02FC-4C56-ABB8-FAD3F71BE6B6}.job
C:\Windows\tasks\User_Feed_Synchronization-{D64E7602-2D70-418C-9D84-F0204557083B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-12-08 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{971F630E-AD68-4d6e-B0C3-1C627AAC80F1}]
(Gaming)2 - C:\Program Files\GamingSquared\Gaming2\G2IE_v1042.dll [2008-03-03 635392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2E5E800E-6AC0-411E-940A-369530A35E43} - The Weather Channel Toolbar - C:\Windows\System32\TwcToolbarIe7.dll [2009-06-23 331776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-25 4702208]
"LELA"=C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe [2008-05-01 131072]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-11-20 178688]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2010-01-26 1020248]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-08 198160]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"ActivControl"=C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe [2009-10-22 1088800]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2009-09-12 492808]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe
tisspwiz.lnk - C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote Table Of Contents.onetoc2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\autorun.exe index.html

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04486053-5093-11de-aa1d-001bb9deecb4}]
shell\AutoRun\command - J:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fcdfd93-17a3-11dd-8686-001bb9deecb4}]
shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40044b49-edb7-11dd-a042-001bb9deecb4}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67d9d14d-f8dc-11dd-8c05-001bb9deecb4}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f9e7349-bf53-11dc-afd6-001bb9deecb4}]
shell\AutoRun\command - J:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f9e7714-bf53-11dc-afd6-001bb9deecb4}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-04-14 17:40:07 ----D---- C:\rsit
2010-04-14 16:38:35 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2010-04-14 16:38:18 ----D---- C:\ProgramData\Malwarebytes
2010-04-14 16:38:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-14 13:31:06 ----SHD---- C:\Config.Msi
2010-04-14 13:28:17 ----A---- C:\Windows\system32\jucheck.exe
2010-04-14 13:28:16 ----A---- C:\Windows\system32\jusched.exe
2010-04-14 13:10:09 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-14 13:10:09 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 13:10:06 ----A---- C:\Windows\system32\vbscript.dll
2010-04-14 13:07:36 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-14 12:52:55 ----A---- C:\Windows\system32\wintrust.dll
2010-04-14 12:52:51 ----A---- C:\Windows\system32\cabview.dll
2010-04-13 10:56:02 ----D---- C:\Users\Owner\AppData\Roaming\Promethean
2010-04-13 10:53:52 ----D---- C:\ProgramData\Promethean
2010-04-13 10:51:54 ----D---- C:\Users\Owner\AppData\Roaming\ACTIV Software
2010-04-13 10:51:53 ----D---- C:\Program Files\Common Files\Activ Software
2010-04-13 10:51:47 ----D---- C:\ProgramData\Activ Software
2010-04-13 10:51:47 ----D---- C:\Program Files\Activ Software
2010-04-12 09:26:33 ----D---- C:\swsetup
2010-04-09 17:15:37 ----D---- C:\Users\Owner\AppData\Roaming\Turning Technologies
2010-04-09 17:08:01 ----A---- C:\Windows\system32\hdduinst.exe
2010-04-09 17:08:00 ----A---- C:\Windows\system32\haspds_windows.dll
2010-04-09 17:07:59 ----A---- C:\Windows\system32\UNWISE.EXE
2010-04-09 17:07:59 ----A---- C:\Windows\system32\hinstd.dll
2010-04-09 17:07:41 ----D---- C:\Program Files\Turning Technologies
2010-04-09 17:06:07 ----D---- C:\ProgramData\Turning Technologies
2010-04-09 15:26:49 ----D---- C:\Users\Owner\AppData\Roaming\WinBatch
2010-04-06 13:10:35 ----D---- C:\Users\Owner\AppData\Roaming\MemoryClinic
2010-04-01 12:11:28 ----D---- C:\ProgramData\Sun
2010-03-30 15:04:55 ----A---- C:\Windows\system32\mshtml.dll
2010-03-30 15:04:54 ----A---- C:\Windows\system32\ieframe.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\wininet.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\urlmon.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\occache.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\mstime.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\iertutil.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\msfeedssync.exe
2010-03-30 15:04:52 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-30 15:04:52 ----A---- C:\Windows\system32\ieui.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iesysprep.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iesetup.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iernonce.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iepeers.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\ie4uinit.exe
2010-03-29 22:01:18 ----D---- C:\ProgramData\Nevosoft
2010-03-29 18:01:27 ----D---- C:\Users\Owner\AppData\Roaming\Silverback Productions
2010-03-19 20:22:09 ----D---- C:\ProgramData\EdensQuest

======List of files/folders modified in the last 1 months======

2010-04-14 17:54:40 ----D---- C:\Program Files\Trend Micro
2010-04-14 17:54:36 ----D---- C:\Windows\Temp
2010-04-14 17:15:04 ----D---- C:\Windows\tracing
2010-04-14 16:53:39 ----D---- C:\Windows\system32\drivers
2010-04-14 16:53:39 ----D---- C:\Windows\ServiceProfiles
2010-04-14 16:51:51 ----D---- C:\Program Files
2010-04-14 16:51:50 ----HD---- C:\ProgramData
2010-04-14 16:19:24 ----D---- C:\Windows\system32\config
2010-04-14 16:19:17 ----D---- C:\Windows\Tasks
2010-04-14 16:19:17 ----D---- C:\Windows\system32\wbem
2010-04-14 16:19:17 ----D---- C:\Windows\system32\Tasks
2010-04-14 16:19:17 ----D---- C:\Windows\system32\spool
2010-04-14 16:19:17 ----D---- C:\Windows\registration
2010-04-14 16:19:17 ----D---- C:\Windows\inf
2010-04-14 16:19:17 ----D---- C:\Windows
2010-04-14 14:01:15 ----D---- C:\Windows\winsxs
2010-04-14 13:50:57 ----D---- C:\Windows\Prefetch
2010-04-14 13:50:03 ----D---- C:\Windows\system32\catroot
2010-04-14 13:49:59 ----D---- C:\Windows\system32\catroot2
2010-04-14 13:47:34 ----D---- C:\Windows\System32
2010-04-14 13:47:33 ----D---- C:\Program Files\Windows Mail
2010-04-14 13:47:24 ----D---- C:\Program Files\Google
2010-04-14 13:45:57 ----SHD---- C:\Windows\Installer
2010-04-14 13:45:49 ----D---- C:\ProgramData\Microsoft Help
2010-04-14 13:39:09 ----SHD---- C:\System Volume Information
2010-04-14 13:28:59 ----D---- C:\Program Files\Java
2010-04-14 13:25:20 ----D---- C:\ProgramData\Google
2010-04-13 10:51:53 ----D---- C:\Program Files\Common Files
2010-04-12 09:29:43 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-12 09:28:31 ----RSD---- C:\Windows\assembly
2010-04-12 09:28:25 ----D---- C:\Program Files\Hewlett-Packard
2010-04-11 20:35:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-11 20:33:46 ----D---- C:\Users\Owner\AppData\Roaming\U3
2010-04-10 09:41:20 ----D---- C:\ProgramData\WildTangent
2010-04-09 17:08:58 ----D---- C:\Windows\system32\setup
2010-04-09 16:40:20 ----D---- C:\ProgramData\NVIDIA
2010-04-09 14:27:33 ----A---- C:\Windows\ntbtlog.txt
2010-04-07 22:42:58 ----D---- C:\Users\Owner\AppData\Roaming\Flood Light Games
2010-04-07 22:42:58 ----D---- C:\ProgramData\Flood Light Games
2010-04-07 22:28:59 ----D---- C:\Program Files\HP Games
2010-04-06 13:52:54 ----A---- C:\Windows\system32\mrt.exe
2010-04-04 02:16:44 ----D---- C:\Users\Owner\AppData\Roaming\Opera
2010-04-03 21:31:04 ----D---- C:\Program Files\Opera
2010-04-03 01:15:57 ----SD---- C:\Windows\Downloaded Program Files
2010-04-03 01:15:54 ----D---- C:\Windows\system32\Msdtc
2010-04-03 01:15:54 ----D---- C:\Windows\system32\CodeIntegrity
2010-04-03 01:15:53 ----D---- C:\Windows\Minidump
2010-04-03 01:15:49 ----D---- C:\Users\Owner\AppData\Roaming\Thunderbird
2010-04-03 01:15:49 ----D---- C:\Users\Owner\AppData\Roaming\Restorer
2010-04-03 01:15:46 ----D---- C:\Users\Owner\AppData\Roaming\Chessmaster Challenge
2010-04-03 01:15:46 ----D---- C:\Users\Owner\AppData\Roaming\BloodTies
2010-04-02 20:45:16 ----D---- C:\Windows\pss
2010-04-02 19:06:57 ----D---- C:\Program Files\Hardwood Spades
2010-04-01 12:11:23 ----D---- C:\Program Files\Common Files\Java
2010-04-01 12:00:10 ----D---- C:\Windows\system32\LogFiles
2010-03-31 03:12:22 ----D---- C:\Windows\system32\migration
2010-03-31 03:12:22 ----D---- C:\Program Files\Internet Explorer
2010-03-20 20:36:22 ----D---- C:\ProgramData\PlayFirst
2010-03-17 19:49:47 ----D---- C:\ProgramData\Adobe
2010-03-17 19:49:47 ----D---- C:\Program Files\Common Files\Adobe
2010-03-16 17:35:49 ----D---- C:\Windows\system32\WDI
2010-03-16 11:58:27 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mozyFilter;mozyFilter; C:\Windows\system32\DRIVERS\mozy.sys [2008-06-11 53752]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys [2009-09-12 146448]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2009-09-12 89872]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2005-07-28 685056]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2008-04-09 24888]
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2008-04-09 26424]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2009-09-12 158224]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys [2009-09-12 283152]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2009-12-04 230928]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2009-12-04 1322680]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 ActivHidSerMini;Promethean Serial Board Driver; C:\Windows\system32\DRIVERS\activhidsermini.sys [2009-05-05 55936]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys [2007-06-11 968064]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-25 2015192]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-08 24064]
R3 prmvmouse;Promethean HID Mouse Service; C:\Windows\system32\DRIVERS\activmouse.sys [2009-10-05 6144]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2009-09-12 59920]
R3 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2009-09-12 50704]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 VWan2k;BroadJump PPPoE Adapter; C:\Windows\system32\DRIVERS\VWan2k.SYS [2003-05-10 29228]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S2 VProt2k;BroadJump PPPoE Helper Protocol; C:\Windows\system32\DRIVERS\VProt2k.SYS []
S3 APL531;OVT Scanner; C:\Windows\System32\Drivers\ov550i.sys [2006-07-31 580992]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-09-23 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-09-23 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []
S3 VCR2PC;VCR2PC Analog Capture; C:\Windows\system32\DRIVERS\0140_ION.sys [2008-05-08 277888]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [2007-04-25 73728]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-09-23 303104]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\MozyHome\mozybackup.exe [2008-06-11 87344]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-04-09 648504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2010-01-26 715368]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-09-12 345352]
R3 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-09-12 497008]
R3 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-09-12 689416]
S2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2010-04-03 246520]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-16 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
fsholloway
Active Member
 
Posts: 11
Joined: April 3rd, 2010, 8:06 pm

Re: crypt_mangle

Unread postby shinybeast » April 14th, 2010, 7:59 pm

Hello fsholloway,

Please perform the following.

Scan with GMER

Click here to download GMER Rootkit Scanner and save it to your desktop.

  • Disconnect your computer from the internet and disable all security software before starting the scan.
    NOTE: To disable McAfee SecurityCenter
    • Locate McAfee Image icon in the system tray and double-click it to open McAfee SecurityCenter
    • Click Advanced Menu or Basic Menu in the lower left of the window.
    • Click Computer & Files, then click Image in the right pane.
    • Under Virus Protection is enabled, select (tick) Off
    • In the popup window, select Never in the drop-down menu, then click OK
    • Select (tick) Off for all other modules installed (Spyware, SystemGuard, etc.)
    • Click Advanced Menu or Basic Menu in the lower left of the window.
    • Click Internet & Network, then click Image in the right pane.
    • Under Firewall Protection is enabled, select (tick) Off
    • In the popup window, select Never in the drop-down menu, then click OK
    • Close McAfee SecurityCenter
  • Double click the randomly named GMER file. If asked to allow gmer to run, please allow it.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Ensure the following boxes are unchecked:
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All
  • Then click the Scan button and wait for it to finish
  • Once done click on the Save.. button at lower right, and in the File name area, type in "ark.txt" (include the quotes or it will save as a .log file)
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while GMER is running.

IMPORTANT: After tools have run and any necessary reboots have occurred, open McAfee SecurityCenter and click the Image button in the upper right of the window to enable protection.


INFO.TXT
You posted RSIT's log.txt twice. Please post info.txt in your next post.
Copy the command in the text box below.
Code: Select all
"C:\rsit\info.txt"

Click Start button, paste the command above in the Start Search field and press Enter to open the log.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: crypt_mangle

Unread postby fsholloway » April 15th, 2010, 11:18 am

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-15 10:45:07
Windows 6.0.6002 Service Pack 2
Running: u9y1xem1.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pgldapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----




info.txt logfile of random's system information tool 1.06 2010-04-14 17:40:23

======Uninstall list======

-->"C:\Program Files\HP Games\Dr. Lynch - Grave Secrets\Uninstall.exe"
-->"C:\Program Files\HP Games\Memory Clinic\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
ActivDriver v5.4.6-->MsiExec.exe /I{9899605D-68FE-4457-BA7C-05A1813AB7F1}
ActivInspire Core Resources v1-->MsiExec.exe /I{F3418D3A-C2E6-443B-83FD-F80585D96C5E}
ActivInspire Help (USA) v1-->MsiExec.exe /I{EAEF32D5-B271-41E0-AC65-D465BE4AE0D0}
ActivInspire HWR Resources (ENU) v1-->MsiExec.exe /I{9BD24D14-A5F1-49CA-85CA-90E9A8AEF44A}
ActivInspire v1-->MsiExec.exe /I{7970AA03-F817-4916-AE77-80DC801646CC}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
ArcSoft PhotoImpression 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}\setup.exe" -l0x9
BellSouth Application Management-->C:\Windows\Motive\BellSouth\UninstallAppManagement.exe
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
FastAccess® DSL Help Center 4.4-->"C:\Program Files\FastAccessDSL\HelpCenter43\unins000.exe"
GamingSquared Console-->"C:\Program Files\GamingSquared\GameConsole\UninstallGameConsole.exe"
Hardwood Hearts-->C:\Program Files\Hardwood Hearts\Hearts.exe -Uninstall
Hardwood Spades-->C:\Program Files\Hardwood Spades\Spades.exe -Uninstall
HASP4 Device Drivers-->C:\Windows\System32\UNWISE.EXE C:\Windows\System32\HDD32.LOG
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Customer Participation Program 8.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
HP Imaging Device Functions 8.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP My Display-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15733AD1-1CEF-459A-9245-0924FC63BDD5}\setup.exe" -l0x9 -removeonly
HP OCR Software 8.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\Hewlett-Packard\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Solution Center 8.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
ION EZ VHS Converter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04E364F1-4582-4567-A6C8-C7FBBCC86C91}\Setup.exe" -l0x9
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
L&H TTS3000 Español-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\LHTTSSPE.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\tv_enua.inf, Uninstall
Linksys EasyLink Advisor-->"C:\Program Files\InstallShield Installation Information\{7FE3214C-283E-40C6-A8D5-CB773110090C}\setup.exe" -runfromtemp -l0x0409 -removeonly
Linksys EasyLink Advisor-->MsiExec.exe /I{7FE3214C-283E-40C6-A8D5-CB773110090C}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McGraw-Hill EZ Test Desktop-->"C:\McGraw-Hill\MH_EZTest\uninstall.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B0-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\msTTS.inf, Uninstall
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Move Networks Media Player for Internet Explorer-->C:\Users\Owner\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
MozyHome 1.8.8.2-->"C:\Program Files\MozyHome\uninstall\unins000.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{14AF024E-2E3B-49D0-A175-D1C1A06B155A}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Opera 10.51-->MsiExec.exe /X{8D49D55D-9837-4E0E-AE3B-05C7BEC5CD1F}
OVT Scanner X86-->MsiExec.exe /I{6B566EFE-DC1D-471F-93DD-84832663F140}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
SDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
TestGen-->C:\Windows\unvise32.exe C:\Program Files\TestGen\uninstal.log
TestingPoint 2008-->MsiExec.exe /X{4F00642C-DFD8-4987-A4BF-3B7E7D060A79}
The Weather Channel Desktop 6-->C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
The Weather Channel Toolbar-->C:\PROGRA~1\THEWEA~2\UNWISE.EXE C:\PROGRA~1\THEWEA~2\twcINSTALL.LOG
Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{9D2B0322-44AE-460E-9283-4D2D7A9205AE}
TurningPoint 2008-->MsiExec.exe /X{373C7B28-788D-4528-A4AD-86CB960AB615}
Uninstall OVT Scanner-->C:\Windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE

======Security center information======

AS: Windows Defender (disabled) (outdated)

======System event log======

Computer Name: Owner-PC
Event Code: 225
Message: The application \Device\HarddiskVolume1\Windows\System32\SLsvc.exe with process id 1348 stopped the removal or ejection for the device SCSI\Disk&Ven_Hitachi&Prod_HDT725050VLA\4&e6fb24c&0&000000.
Record Number: 178745
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20091021233735.392000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 225
Message: The application \Device\HarddiskVolume1\Windows\System32\svchost.exe with process id 1332 stopped the removal or ejection for the device SCSI\Disk&Ven_Hitachi&Prod_HDT7250
fsholloway
Active Member
 
Posts: 11
Joined: April 3rd, 2010, 8:06 pm

Re: crypt_mangle

Unread postby shinybeast » April 15th, 2010, 11:59 am

I have a series of problems which I think has been spreading to the point the my PC shuts down and goes to a DOS window, which I cannot read because it times out. Trend Micro has quarantined it numerous times. I was able to search in Safe Mode and delete the files...however they came back.. There are two "crypt" files.


What are the names of the files that Trend Micro wants to remove and that came back after you deleted them? Is the computer still opening a DOS window, then shutting down?
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: crypt_mangle

Unread postby fsholloway » April 16th, 2010, 1:38 pm

Shinybeast,

The original files that seems to have started the problems months ago are formats of "Crypt_Mangled" , I have deleted them using safe mode ( as the would not delete in normal mode) but they come back hiding in another file. I have been able to find them in normal mode, but not haven't recently..it may have morphed into with another name. I delete the quarantined files files last time from trend. I did another scan w trend right before this response...no files quarantined and about 5 cookies were deleted.

Yes, the PC is still going to dos, sometimes a blue back ground giving a 30 sec reason for the shut down.....I could only catch a mention of something about new hardware....I checked for new hardware and had a couple of external drives were identified as connected through usb ports, but there were none so I deleted those connections. Still it goes back to dos. While it sometimes crashes to dos when I'm in other programs, net and otherwise, it ALWAYS crashes when I am playing Hardwood Spades online, but not Hardwood Hearts online. I have sent numerous emails to Hardwood concerning the crashes without response. I got one crash which indicated that I should download a new BIOS from HP, which I did, and still get crashes. Last night, while my wife was in Wild Tangent games (where I believe the orginal crypt_mangle file came from) she experienced multiple crashes.....Months ago, I notified Wild Tangent and HP (which sponsors the games in there factory installed programs) of the problem. I also notified Trend about it on two occasions, when their pop-up sent me to their site. Trend eventually referred me to Hijackthis, which led me to you.....sorry for the life history, but yes still crashes to DOS....now usually directing me to the windows repair boot..which I have believe I have done thoroughly.

Hopefully you can help...if not...I'll do a complete restoration.

Looking forward to your response.
fsholloway
Active Member
 
Posts: 11
Joined: April 3rd, 2010, 8:06 pm

Re: crypt_mangle

Unread postby shinybeast » April 16th, 2010, 8:23 pm

Hello fsholloway,

That sounds quite strange. What browser(s) are you using when playing online and experiencing crashes?
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: crypt_mangle

Unread postby fsholloway » April 17th, 2010, 5:53 pm

It crashes on both Internet Explorer and Opera.

I removed Hardwood spades and then downloaded a new one from Silver Creek Entertainment, at silvercrk.com. I played yesterday and today about 1 hr each time with no crashes. I think the spades game is fixed.
fsholloway
Active Member
 
Posts: 11
Joined: April 3rd, 2010, 8:06 pm

Re: crypt_mangle

Unread postby fsholloway » April 17th, 2010, 9:21 pm

Well, just crashed twice in Spades.....but it only crashed to my desktop. There was a windows solution pop=up but like a dumb a...I canceled it twice wo thinking.
fsholloway
Active Member
 
Posts: 11
Joined: April 3rd, 2010, 8:06 pm

Re: crypt_mangle

Unread postby shinybeast » April 18th, 2010, 1:35 pm

Hi fsholloway,

If the issue is not malware related, I do not know how much help I would be. We can look at the event logs and see if there is anything obvious. Also, let's try an online scan to see if there is anything that we might have missed.


VEW - Vino's Event Viewer
Please download VEW.exe... by Vino Rosso. Save it to your desktop.
  1. Double click on VEW.exe to start the program. If you recieve an "Open File" security warning, press Run.
    Vista users, right-click on VEW.exe and select "Run as Administrator." If UAC prompts... accept it.
  2. In the "Select log to query" section check:
    • Application
    • System
  3. In the "Select type to list" section check:
    • Critical
    • Error
  4. In the "Number or dates of events" section select (tick):
    • Number of events... then enter 20 in the entry box.
  5. Press the Run button.
    When the process completes, it only takes a few seconds...
  6. Notepad will open with a report file named: VEW.txt... located on %SystemDrive%\VEW.txt ... usually C:\VEW.txt.
  7. Please copy and paste the contents of the VEW.txt file, in your next reply.


ESET Online Scan

Before you begin:
  • Please use Internet Explorer for this scan.
  • Close your browser and right-click the shortcut you use to open Internet Explorer and select Image Run as administrator. Then navigate back to this page.
  • Disable your anti-virus to avoid conflicts. Click here for instructions.
  • The scan will take quite some time. I suggest you run it when you do not need the computer for awhile.
Click here to visit ESET Online Scanner then click Image
  • In the new tab/window that opens, check YES, I accept the Terms of Use then click the green Start button
  • When prompted, allow the Add-On/Active X to install.
  • Under Computer Scan Settings do the following:
    • Ensure that Remove found threats is NOT checked
    • Ensure that Scan archives is checked.
  • Then click Advanced settings and ensure the following are checked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Start button.
  • The signature database will then be downloaded and the scan will start.
    NOTE: Then scan will take quite some time; the more data to be scanned, the longer it will take. Please be patient.
  • When it is finished, ensure the Uninstall application on close box is NOT checked and click Finish button.
    If you wish, you may uninstall the scanner through Progams and Features after we are finished.
  • Copy the whole line in the code box below.
    Code: Select all
    "%PROGRAMFILES%\ESET\ESET Online Scanner\log.txt"
  • Click Start button and paste the above line in the start search field, then press enter.
  • The log should open, if not, navigate to C:\Program Files\ESET\ESET Online Scanner\ and open the text file named log.
  • Copy and paste the log in your next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Please reply with ESET log and the event viewer log.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: crypt_mangle

Unread postby fsholloway » April 19th, 2010, 7:23 am

Shinybeast, Here is the ESET and then the Vino Event Viewer:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7e8a58b47d7d6c4381d9ac4a1d4ebdff
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-19 07:19:54
# local_time=2010-04-19 03:19:54 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=513 16777149 100 99 0 106515404 0 0
# compatibility_mode=5892 16776637 100 100 0 108258640 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=190661
# found=1
# cleaned=1
# scan_time=10482
C:\Users\Owner\AppData\Local\VirtualStore\Windows\System32\phcr7vj0ev9o.bmp Win32/TrojanDownloader.FakeAlert.GS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 18/04/2010 3:38:16 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/04/2008 5:05:16 PM
Type: Critical Category: 0
Event: 2 Source: Microsoft-Windows-ApplicationExperienceInfrastructure
The application (Symantec and Norton applications ver. 2006 and below, from vendor Symantec) was hard-blocked and raised the following: Symantec and Norton applications ver. 2006 and below is incompatible with this version of Windows. For more information, contact Symantec.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/04/2010 2:26:52 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18904, time stamp 0x4b835fec, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0xebc, application start time 0x01cadefdfa1fa330.

Log: 'Application' Date/Time: 18/04/2010 1:18:20 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application spades.exe, version 0.0.0.0, time stamp 0x3fd66df9, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0220000f, process id 0x16a0, application start time 0x01cade9300750bf0.

Log: 'Application' Date/Time: 18/04/2010 1:03:37 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application spades.exe, version 0.0.0.0, time stamp 0x3fd66df9, faulting module roguec.dll, version 0.0.0.0, time stamp 0x4011726f, exception code 0xc0000005, fault offset 0x000caa54, process id 0x2bc, application start time 0x01cade9104a77cf0.

Log: 'Application' Date/Time: 15/04/2010 2:56:30 PM
Type: Error Category: 0
Event: 20227 Source: RasClient
CoId={8064A992-F065-4987-A589-D92EF3FDBEEA}: The user DEN\Owner dialed a connection named Broadband Connection which has failed. The error code returned on failure is 815.

Log: 'Application' Date/Time: 15/04/2010 2:51:02 PM
Type: Error Category: 0
Event: 20227 Source: RasClient
CoId={5FE1B237-7D88-4597-87E0-EE29ED04DBCD}: The user DEN\Owner dialed a connection named Broadband Connection which has failed. The error code returned on failure is 815.

Log: 'Application' Date/Time: 14/04/2010 9:44:45 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program RSIT.exe version 3.2.12.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 152c Start Time: 01cadc1b064ac8ad Termination Time: 2

Log: 'Application' Date/Time: 14/04/2010 5:37:30 PM
Type: Error Category: 0
Event: 11719 Source: MsiInstaller
Product: Java(TM) 6 Update 3 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Log: 'Application' Date/Time: 14/04/2010 5:25:49 PM
Type: Error Category: 0
Event: 11719 Source: MsiInstaller
Product: Java(TM) 6 Update 3 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Log: 'Application' Date/Time: 14/04/2010 5:22:10 PM
Type: Error Category: 0
Event: 11719 Source: MsiInstaller
Product: Java(TM) 6 Update 3 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Log: 'Application' Date/Time: 14/04/2010 5:16:25 PM
Type: Error Category: 0
Event: 11719 Source: MsiInstaller
Product: Java(TM) 6 Update 3 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Log: 'Application' Date/Time: 14/04/2010 5:14:27 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\OWNER\APPDATA\ROAMING\PROMETHEAN\ACTIVINSPIRE\USERPROFILE\PROGRAM SETTINGS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 14/04/2010 5:14:27 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\OWNER\APPDATA\ROAMING\PROMETHEAN\ACTIVINSPIRE\USERPROFILE\PROGRAM SETTINGS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 14/04/2010 5:14:02 PM
Type: Error Category: 0
Event: 11719 Source: MsiInstaller
Product: Java(TM) 6 Update 3 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Log: 'Application' Date/Time: 14/04/2010 5:13:40 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\OWNER\APPDATA\ROAMING\PROMETHEAN\ACTIVINSPIRE\USERPROFILE\PROGRAM SETTINGS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 14/04/2010 5:13:39 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\OWNER\APPDATA\ROAMING\PROMETHEAN\ACTIVINSPIRE\USERPROFILE\PROGRAM SETTINGS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 14/04/2010 5:13:27 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\OWNER\APPDATA\ROAMING\PROMETHEAN\ACTIVINSPIRE\USERPROFILE\PROGRAM SETTINGS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 14/04/2010 5:13:27 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\OWNER\APPDATA\ROAMING\PROMETHEAN\ACTIVINSPIRE\USERPROFILE\PROGRAM SETTINGS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 14/04/2010 3:40:51 PM
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 14/04/2010 3:40:34 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe_WinDefend, version 6.0.6001.18000, time stamp 0x47918b89, faulting module mpengine.dll, version 1.1.5605.0, time stamp 0x4b9720aa, exception code 0xc0000005, fault offset 0x004443b8, process id 0x37c, application start time 0x01cadbe8cd689c7f.

Log: 'Application' Date/Time: 14/04/2010 3:29:10 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program WinMail.exe version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 15fc Start Time: 01cadbe70864bfeb Termination Time: 15

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/03/2010 3:13:45 PM
Type: Critical Category: 0
Event: 41 Source: Microsoft-Windows-Kernel-Power
The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 22/03/2010 2:36:12 PM
Type: Critical Category: 0
Event: 41 Source: Microsoft-Windows-Kernel-Power
The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 11/03/2010 9:16:21 AM
Type: Critical Category: 0
Event: 41 Source: Microsoft-Windows-Kernel-Power
The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 12/02/2010 8:30:12 PM
Type: Critical Category: 0
Event: 41 Source: Microsoft-Windows-Kernel-Power
The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 12/02/2010 2:22:36 AM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device USB SD Reader (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 12/02/2010 2:22:36 AM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device USB SM Reader (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 12/02/2010 2:22:36 AM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device USB MS Reader (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 12/02/2010 2:22:36 AM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device USB CF Reader (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 12/02/2010 12:50:17 AM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device F:\ (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 12/02/2010 12:50:17 AM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/04/2010 7:33:54 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document MalWare Removal • View topic - crypt_mangle, owned by Owner, failed to print on printer HP Officejet 6300 series. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client computer: \\DEN. Win32 error code returned by the print processor: 259. No more data is available.

Log: 'System' Date/Time: 18/04/2010 3:27:31 PM
Type: Error Category: 0
Event: 30013 Source: Microsoft-Windows-SharedAccess_NAT
The DHCP allocator has disabled itself on IP address 192.168.2.103, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Log: 'System' Date/Time: 18/04/2010 3:27:31 PM
Type: Error Category: 0
Event: 34001 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 failed to configure IPv6 stack.

Log: 'System' Date/Time: 18/04/2010 3:27:31 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 18/04/2010 3:27:31 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BroadJump PPPoE Helper Protocol service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 18/04/2010 3:27:11 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 11:24:07 AM on 4/18/2010 was unexpected.

Log: 'System' Date/Time: 18/04/2010 7:02:20 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070005: HP - Display - HP w2007 Wide LCD Monitor.

Log: 'System' Date/Time: 17/04/2010 7:02:17 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070005: HP - Display - HP w2007 Wide LCD Monitor.

Log: 'System' Date/Time: 16/04/2010 4:32:45 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070005: HP - Display - HP w2007 Wide LCD Monitor.

Log: 'System' Date/Time: 16/04/2010 4:26:24 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 16/04/2010 4:26:24 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BroadJump PPPoE Helper Protocol service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 16/04/2010 4:26:24 PM
Type: Error Category: 0
Event: 34001 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 failed to configure IPv6 stack.

Log: 'System' Date/Time: 16/04/2010 4:26:24 PM
Type: Error Category: 0
Event: 30013 Source: Microsoft-Windows-SharedAccess_NAT
The DHCP allocator has disabled itself on IP address 192.168.2.103, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Log: 'System' Date/Time: 16/04/2010 4:26:03 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 2:03:14 AM on 4/16/2010 was unexpected.

Log: 'System' Date/Time: 16/04/2010 5:57:42 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.79.1918.0).

Log: 'System' Date/Time: 16/04/2010 5:56:57 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft-Windows-Windows Defender
Windows Defender has encountered an error trying to update signatures. New Signature Version: 1.79.1918.0 Previous Signature Version: 1.79.1631.0 Update Source: User Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.5605.0 Previous Engine Version: 1.1.5605.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Log: 'System' Date/Time: 15/04/2010 3:08:49 PM
Type: Error Category: 0
Event: 34001 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 failed to configure IPv6 stack.

Log: 'System' Date/Time: 15/04/2010 3:08:49 PM
Type: Error Category: 0
Event: 30013 Source: Microsoft-Windows-SharedAccess_NAT
The DHCP allocator has disabled itself on IP address 192.168.2.103, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Log: 'System' Date/Time: 15/04/2010 3:08:47 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 15/04/2010 3:08:47 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Routing and Remote Access service terminated with service-specific error 3 (0x3).

Thanks,

Fred
fsholloway
Active Member
 
Posts: 11
Joined: April 3rd, 2010, 8:06 pm

Re: crypt_mangle

Unread postby shinybeast » April 20th, 2010, 11:23 am

Hi Fred,

The issues do not seem to be malware related and I am not sure what is causing them. It would not hurt to check the disk for errors and Java update is needed as well.


Check Disk

Click Start button and click Computer
  • Right-click system drive: C: and click Properties
  • Click the Tools tab
  • Under Error-checking, click Check Now... button
  • If you get a User Account Control (UAC) prompt, click Continue
  • In the Check Disk window, ensure both options are selected. (Automatically fix file system errors and Scan for and attempt recovery of bad sectors)
  • Click Start
  • Another window will open stating that "Windows can't check this disk while it's use"
  • Click Schedule disk check
  • Restart the computer.


Update Java

Older versions of Java may have vulnerabilities that can be exploited by malware.
Please follow the steps below to update the Java Runtime Environment

Download and install newest version:

  • Click here to visit Sun Java download page
  • Under Java Platform, Standard Edition, click then red Download JRE button
  • Select your platform and agree to the license agreement (after having read it, of course) by clicking the checkbox. Click Continue.
  • Click the link (jre-6u20-windows-i586-p.exe) under Available Files and download the offline installer to your desktop.
  • Close any programs you may have running, including web browsers.
  • From your desktop, double-click on the download to install the newest version.
  • Reboot your computer.


Clean up old Java installations

  • Click here to download JavaRa and save it to your desktop
  • Extract JavaRa.zip to your Desktop
  • Right-click JavaRa.exe and click Image Run as Administrator to start JavaRa
  • Choose language in the drop-down menu, then click Select
  • In the new JavaRa window click Remove Older Versions to remove leftovers from uninstalls
  • Click Yes in the dialog box that pops up to uninstall
  • Close all browser windows (you will get a warning from JavaRa)
  • Click OK in the dialog box that pops up to open the log. Close the log. It is saved in the root of the windows drive (i.e. C:\)


If the disk check does not solve any of the issues, I can recommend some forums that may be able to assist you better than I.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: crypt_mangle

Unread postby fsholloway » April 22nd, 2010, 10:42 am

First let me thank you for all that you have done. My PC is running better, and did no crash all day yesterday. However, las night some time while it and I were asleep, it crashed back to DOS. It seems to be working now, but we never know when it's going to leave us. I could be hardware, because I believe we got all the bugs out.
If you think some other forum can help, I appreciate your direction. Also, I will check out what this site has to offer that I can afford to buy.

Thanks again,

Fred.
fsholloway
Active Member
 
Posts: 11
Joined: April 3rd, 2010, 8:06 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware