Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Fake Antivirus, Can't Update Malwarebytes, Can't Run Rkill

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Fake Antivirus, Can't Update Malwarebytes, Can't Run Rkill

Unread postby sturgeongeneral » August 19th, 2010, 10:46 pm

Hello,

I have some form of trojan on my computer, it's in the guise of the antivirus with the warning "Click here for the scan your computer."

I'm currently running in safe mode with networking. I have disabled my proxy server, and have already tried running Malwarebytes and SuperAntiSpyware to no avail. I am also unable to update either program.

I downloaded rkill, but run into the following when I try to run it:

"Processes terminated by Rkill or while it was running:


C:\Documents and Settings\owner\Desktop\rkill.exe"

I ran into the same problem with two renamed versions of the file.

Whatever is on my computer is also not allowing me to access any of the parent websites (malwarebytes.org, pctools.com, etc).

At this point, I'm not really sure what to do. I will post a HijackThis log, if that helps at all. Any assistance you could provide would be great. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:13 PM, on 8/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iosxcywu] C:\Documents and Settings\owner\Local Settings\Application Data\ygmouukeb\dfrtnnlshdw.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [iosxcywu] C:\Documents and Settings\owner\Local Settings\Application Data\ygmouukeb\dfrtnnlshdw.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://www.tmremote.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\WINDOWS\Downloaded Program Files\ssrc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8249 bytes
sturgeongeneral
Regular Member
 
Posts: 19
Joined: August 19th, 2010, 10:36 pm
Advertisement
Register to Remove

Re: Fake Antivirus, Can't Update Malwarebytes, Can't Run Rki

Unread postby deltalima » August 23rd, 2010, 11:39 am

Hi sturgeongeneral,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Fake Antivirus, Can't Update Malwarebytes, Can't Run Rki

Unread postby sturgeongeneral » August 25th, 2010, 7:17 pm

Hello! My apologies for the delayed response, I was out of town for a couple days. Here is my uninstall log:

32 Bit HP CIO Components Installer
Actiontec Gateway
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Amazon MP3 Downloader 1.0.5
America Online (Choose which version to remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
Bonjour
CD/DVD Drive Acoustic Silencer
DirectVobSub (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD-RAM Driver
Easy CD Creator 5 Basic
EZTakes Download Manager 2.5.0.20070823.1600
Form Fill (Windows Live Toolbar)
getPlus(R) for Adobe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 3.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
Inkscape 0.47
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 1
Java(TM) 6 Update 19
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Lexmark Z700-P700 Series
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Nero OEM
NeroVision Express
Netflix Movie Viewer
Notebook Maximizer
OCR Software by I.R.I.S. 10.0
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org 3.0
Popup Blocker (Windows Live Toolbar)
Pure Networks Port Magic
QuickTime
RealPlayer
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
RealUpgrade 1.0
Roxio Burn Engine
Safari
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB971961)
Shop for HP Supplies
Smart Menus (Windows Live Toolbar)
Sonic DLA
Sonic RecordNow!
SubMagic V0.71
SUPERAntiSpyware
Synaptics Pointing Device Driver
TBS WMP Plug-in
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
Trend Micro Internet Security
Trend Micro Internet Security
Unlocker 1.8.5
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Viewpoint Media Player
WebEx
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WLTB Custom Buttons
sturgeongeneral
Regular Member
 
Posts: 19
Joined: August 19th, 2010, 10:36 pm

Re: Fake Antivirus, Can't Update Malwarebytes, Can't Run Rki

Unread postby deltalima » August 26th, 2010, 4:28 am

Hi sturgeongeneral,

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Fake Antivirus, Can't Update Malwarebytes, Can't Run Rki

Unread postby sturgeongeneral » August 26th, 2010, 11:38 pm

checkup.txt:

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
OneCare Advisor (Windows Live Toolbar)
Trend Micro Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 19
Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


OTL.txt:

OTL logfile created on: 8/26/2010 5:52:54 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 170.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 8.90 Gb Free Space | 11.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHI-MOTO
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\WINDOWS\Downloaded Program Files\ssrc.exe ()
SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (UStorage Server Service) -- C:\WINDOWS\System32\UStorSrv.exe (OTi)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()


========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (SABKUTIL) -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys File not found
DRV - (RT2500) -- C:\WINDOWS\System32\DRIVERS\RT2500.sys File not found
DRV - (catchme) -- C:\DOCUME~1\owner\LOCALS~1\Temp\catchme.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (moufiltr) -- C:\WINDOWS\system32\drivers\moufiltr.sys (Chic Tech.)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (pwd_2K) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
IE - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:3.0.213
FF - prefs.js..extensions.enabledItems: betterga@vki.studios:0.9.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1047
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/12 23:16:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/14 16:22:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/14 20:19:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 23:41:00 | 000,000,000 | ---D | M]

[2009/03/18 23:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2009/03/18 23:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/25 20:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\bk4cigum.default\extensions
[2010/04/23 00:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\bk4cigum.default\extensions\activegs@freetoolsassociation.com
[2010/07/18 12:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\bk4cigum.default\extensions\betterga@vki.studios
[2008/03/15 15:33:17 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\bk4cigum.default\searchplugins\aolsearch.xml
[2008/10/28 14:57:02 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\bk4cigum.default\searchplugins\conduit.xml
[2010/08/25 20:04:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/05 18:51:04 | 000,027,960 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2010/02/05 18:51:05 | 000,126,344 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2010/02/05 18:51:24 | 000,046,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2010/02/05 18:51:31 | 000,098,696 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/02/05 18:51:03 | 000,060,808 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2008/09/26 18:17:01 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/05/27 17:45:02 | 000,000,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\conduit.xml
[2007/07/26 14:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2010/08/12 01:12:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [iosxcywu] C:\Documents and Settings\owner\Local Settings\Application Data\ygmouukeb\dfrtnnlshdw.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007..\Run: [iosxcywu] C:\Documents and Settings\owner\Local Settings\Application Data\ygmouukeb\dfrtnnlshdw.exe ()
O4 - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\owner\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://www.tmremote.com/sdccommon/download/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/20 15:34:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/26 17:51:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2010/08/19 21:34:03 | 036,317,368 | ---- | C] (PC Tools ) -- C:\Documents and Settings\owner\Desktop\spdoc(2).exe
[2010/08/19 21:24:53 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\owner\Desktop\ATF-Cleaner.exe
[2010/08/17 23:02:40 | 012,049,864 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\owner\Desktop\windows-kb890830-v3.10.exe
[2010/08/17 22:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\internet explorer
[2010/08/16 23:39:02 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/08/16 23:39:01 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/08/16 23:39:01 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/08/16 23:38:44 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/08/16 23:38:38 | 000,217,032 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/08/16 23:38:38 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/08/16 23:38:31 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/08/16 23:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/08/16 23:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\PC Tools
[2010/08/16 23:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/08/16 23:31:46 | 036,317,368 | ---- | C] (PC Tools ) -- C:\Documents and Settings\owner\Desktop\spdoc.exe
[2010/08/15 23:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\corby images
[2010/08/15 22:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\ygmouukeb
[2010/08/14 15:28:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/13 21:36:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/08/11 22:01:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/07 22:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\Bondage_Life_33
[2010/08/02 23:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\Hotmail
[2010/08/02 21:38:03 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\owner\Desktop\HJTInstall.exe
[2010/07/29 23:45:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\Hank_vidcaps
[2010/07/29 23:07:50 | 008,573,648 | ---- | C] (Mozilla) -- C:\Documents and Settings\owner\Desktop\Firefox Setup 3.6.8.exe
[2010/07/28 23:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/07/21 00:17:03 | 000,126,072 | ---- | C] (Noël Danjou) -- C:\Documents and Settings\owner\Local Settings\Application Data\download.exe
[2010/07/21 00:17:03 | 000,074,240 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\owner\Local Settings\Application Data\Ken_loading2.exe
[2010/07/21 00:17:03 | 000,074,240 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\owner\Local Settings\Application Data\Ken_loading1.exe
[2005/04/20 16:26:07 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/26 17:51:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2010/08/26 17:49:56 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\SecurityCheck.exe
[2010/08/26 17:28:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/26 17:27:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/26 00:55:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/25 23:14:05 | 000,024,211 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\ben-album-panels.jpg
[2010/08/21 00:15:59 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\owner\NTUSER.DAT
[2010/08/21 00:15:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\owner\ntuser.ini
[2010/08/19 23:01:44 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1882684927-2859997940-3586293557-1007.job
[2010/08/19 23:01:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/19 22:58:57 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\rsieq.sys
[2010/08/19 21:43:25 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/08/19 21:37:22 | 036,317,368 | ---- | M] (PC Tools ) -- C:\Documents and Settings\owner\Desktop\spdoc(2).exe
[2010/08/19 21:24:53 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\owner\Desktop\ATF-Cleaner.exe
[2010/08/17 23:03:38 | 012,049,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\owner\Desktop\windows-kb890830-v3.10.exe
[2010/08/16 23:35:21 | 036,317,368 | ---- | M] (PC Tools ) -- C:\Documents and Settings\owner\Desktop\spdoc.exe
[2010/08/16 23:23:02 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/08/16 00:15:06 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Ben Cook-Feltz Resume.doc
[2010/08/15 23:52:05 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1882684927-2859997940-3586293557-1007UA.job
[2010/08/15 13:52:08 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1882684927-2859997940-3586293557-1007Core.job
[2010/08/14 20:30:16 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1882684927-2859997940-3586293557-1007.job
[2010/08/14 15:58:40 | 000,177,664 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/14 15:29:45 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/13 21:49:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/13 21:35:42 | 003,816,958 | R--- | M] () -- C:\Documents and Settings\owner\Desktop\ComboFix.exe
[2010/08/12 01:12:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/11 23:59:31 | 000,002,270 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/11 23:59:28 | 000,002,292 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Google Chrome.lnk
[2010/08/11 22:01:09 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/11 19:18:45 | 000,722,446 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\bcf flier party.pdf
[2010/08/11 19:18:31 | 000,816,346 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\bcf flier party.odg
[2010/08/11 19:10:22 | 000,641,365 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\bcf flier party.jpg
[2010/08/10 18:22:19 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\owner\.recently-used.xbel
[2010/08/10 18:22:15 | 000,003,725 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\flier in progress.svg
[2010/08/09 23:19:01 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Ben Cook-Feltz References.doc
[2010/08/08 12:45:32 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\International Market Square Lyrics.doc
[2010/08/04 00:19:14 | 000,951,604 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Member Pics.rar
[2010/08/03 23:43:21 | 044,239,202 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Ben Cook-Feltz And You.rar
[2010/08/02 21:38:45 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\HijackThis.lnk
[2010/08/02 21:38:04 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\owner\Desktop\HJTInstall.exe
[2010/08/01 19:41:58 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\herp.sys
[2010/07/31 00:55:08 | 030,286,828 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Stolen_Statues_Radio.wav
[2010/07/29 23:08:46 | 008,573,648 | ---- | M] (Mozilla) -- C:\Documents and Settings\owner\Desktop\Firefox Setup 3.6.8.exe
[2010/07/28 23:50:28 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/07/28 23:50:28 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/26 17:49:53 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\SecurityCheck.exe
[2010/08/25 23:14:03 | 000,024,211 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\ben-album-panels.jpg
[2010/08/19 22:58:57 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rsieq.sys
[2010/08/19 21:43:24 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/08/16 23:39:03 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/08/16 23:39:02 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/08/16 23:39:02 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/08/16 23:39:02 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/08/16 23:39:02 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/08/16 23:38:44 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/08/16 23:38:38 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/08/16 23:38:38 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/08/16 23:38:31 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/08/12 00:59:19 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1882684927-2859997940-3586293557-1007.job
[2010/08/11 22:01:09 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/11 22:01:05 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/11 21:53:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/11 21:48:29 | 003,816,958 | R--- | C] () -- C:\Documents and Settings\owner\Desktop\ComboFix.exe
[2010/08/11 19:13:16 | 000,722,446 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\bcf flier party.pdf
[2010/08/11 00:34:15 | 000,641,365 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\bcf flier party.jpg
[2010/08/10 18:22:19 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\owner\.recently-used.xbel
[2010/08/10 18:22:15 | 000,003,725 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\flier in progress.svg
[2010/08/09 21:59:20 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Ben Cook-Feltz References.doc
[2010/08/08 12:33:32 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\International Market Square Lyrics.doc
[2010/08/04 00:19:13 | 000,951,604 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Member Pics.rar
[2010/08/03 23:42:11 | 044,239,202 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Ben Cook-Feltz And You.rar
[2010/08/02 21:38:44 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\HijackThis.lnk
[2010/08/01 19:41:58 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\herp.sys
[2010/07/31 00:53:12 | 030,286,828 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Stolen_Statues_Radio.wav
[2010/07/28 23:50:28 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/07/28 23:50:28 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/21 00:17:03 | 000,173,320 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\PcModCtl.exe
[2010/07/04 19:10:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsblbbbc.sys
[2010/04/02 18:32:08 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/03/20 00:45:52 | 000,001,244 | -HS- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\MF62
[2010/03/20 00:45:52 | 000,001,244 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\MF62
[2010/02/28 21:36:25 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\5B4t56F8r4rw
[2010/02/05 19:16:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\housecall.guid.cache
[2009/10/24 14:41:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2008/10/05 00:28:53 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vzcontextmenu.dll
[2008/08/24 19:57:19 | 000,002,639 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/08/05 20:57:39 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\fusioncache.dat
[2008/04/01 22:28:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/03/31 16:25:46 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/03/26 21:23:52 | 000,007,628 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\wklnhst.dat
[2008/03/21 15:30:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/21 15:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/03/21 15:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/03/21 15:28:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/14 22:57:46 | 000,177,664 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/07 21:18:07 | 000,000,312 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/03/07 21:17:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2008/03/07 21:15:52 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2008/02/09 19:01:13 | 000,130,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/01/24 09:23:55 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
[2006/04/13 14:31:03 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/10/28 04:46:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/04 18:34:54 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\MousePage.dll
[2005/05/04 18:21:15 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/05/04 18:21:15 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/05/04 18:12:33 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/05/04 18:12:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/05/04 18:12:33 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/05/04 18:12:33 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/05/04 18:00:15 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/20 16:39:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/04/20 16:39:01 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/04/20 16:39:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/04/20 16:39:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/04/20 16:39:01 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/04/20 16:39:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/04/20 16:36:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/04/20 16:35:46 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/04/20 16:26:07 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/04/20 16:21:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/04/20 16:21:47 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/04/20 15:40:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/20 15:31:06 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/04/20 13:47:43 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/20 13:44:37 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/12/07 19:40:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Extras.txt:

OTL Extras logfile created on: 8/26/2010 5:52:54 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 170.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 8.90 Gb Free Space | 11.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHI-MOTO
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1882684927-2859997940-3586293557-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde File not found
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 File not found
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome File not found
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 File not found
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\OpenOffice.org 3\program\soffice.bin" = C:\Program Files\OpenOffice.org 3\program\soffice.bin:*:Enabled:soffice -- (OpenOffice.org)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0FADC5B1-E0E8-4DCA-A1BF-8B3B6496207A}" = Form Fill (Windows Live Toolbar)
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1306C737-0AF4-46C7-B282-64E099304712}" = Smart Menus (Windows Live Toolbar)
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{328420FA-7638-4AB1-81DF-E0FECEFF24E3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{59932D51-F260-4EF6-A784-4F69659F1A62}" = Map Button (Windows Live Toolbar)
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{66034137-F1CE-4CEF-8180-46553C54DB18}" = Popup Blocker (Windows Live Toolbar)
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D10C4BE-0C36-4F4E-8C3A-E5E867A5F01D}" = QuickConnect
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{71CB529E-21A4-42AD-BF38-564F08988633}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C6522325-92ED-4312-A45A-04E45896C130}" = WLTB Custom Buttons
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3F28364-8B10-45F1-8C2D-0037F4538BBB}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"America Online us" = America Online (Choose which version to remove)
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"DirectVobSub" = DirectVobSub (remove only)
"EZTakes Download Manager 2.5.0.20070823.1600" = EZTakes Download Manager 2.5.0.20070823.1600
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Inkscape" = Inkscape 0.47
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook_Maximizer" = Notebook Maximizer
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Port Magic" = Pure Networks Port Magic
"Power Saver" = TOSHIBA Power Saver
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SubMagic_is1" = SubMagic V0.71
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"Unlocker" = Unlocker 1.8.5
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1882684927-2859997940-3586293557-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/15/2010 8:02:07 PM | Computer Name = TOSHI-MOTO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15016

Error - 8/15/2010 8:02:11 PM | Computer Name = TOSHI-MOTO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/15/2010 8:02:11 PM | Computer Name = TOSHI-MOTO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18875

Error - 8/15/2010 8:02:11 PM | Computer Name = TOSHI-MOTO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18875

Error - 8/17/2010 12:14:43 AM | Computer Name = TOSHI-MOTO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 8/17/2010 12:39:51 AM | Computer Name = TOSHI-MOTO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 8/17/2010 12:57:18 AM | Computer Name = TOSHI-MOTO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 8/19/2010 12:31:54 AM | Computer Name = TOSHI-MOTO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 8/19/2010 10:44:23 PM | Computer Name = TOSHI-MOTO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 8/19/2010 10:49:27 PM | Computer Name = TOSHI-MOTO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 8/20/2010 12:02:52 AM | Computer Name = TOSHI-MOTO | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/20/2010 12:03:25 AM | Computer Name = TOSHI-MOTO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SABKUTIL

Error - 8/20/2010 12:13:35 AM | Computer Name = TOSHI-MOTO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp Fips intelppm SABKUTIL SASDIFSV SASKUTIL tmtdi

Error - 8/20/2010 12:14:49 AM | Computer Name = TOSHI-MOTO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/20/2010 5:22:53 PM | Computer Name = TOSHI-MOTO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/21/2010 1:15:57 AM | Computer Name = TOSHI-MOTO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/25/2010 7:12:50 PM | Computer Name = TOSHI-MOTO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/25/2010 7:13:38 PM | Computer Name = TOSHI-MOTO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp Fips intelppm SABKUTIL SASDIFSV SASKUTIL tmtdi

Error - 8/26/2010 6:28:41 PM | Computer Name = TOSHI-MOTO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/26/2010 6:29:16 PM | Computer Name = TOSHI-MOTO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp Fips intelppm SABKUTIL SASDIFSV SASKUTIL tmtdi


< End of report >


The GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-26 22:30:19
Windows 5.1.2600 Service Pack 2
Running: vytrw2yi.exe; Driver: C:\DOCUME~1\owner\LOCALS~1\Temp\pwldypog.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF769AE64]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF767AEEE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF767B0E0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF769B652]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF769B906]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7699B64]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF769BD72]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF769B124]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF767AB5C]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Cdfs \Cdfs F69E1400

---- EOF - GMER 1.0.15 ----
sturgeongeneral
Regular Member
 
Posts: 19
Joined: August 19th, 2010, 10:36 pm

Re: Fake Antivirus, Can't Update Malwarebytes, Can't Run Rki

Unread postby deltalima » August 27th, 2010, 3:57 am

Hi sturgeongeneral,

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Fake Antivirus, Can't Update Malwarebytes, Can't Run Rki

Unread postby sturgeongeneral » August 27th, 2010, 3:52 pm

Hello again.

I was able to run MBRCheck, and will post the txt file of that scan.

However, when I tried to run Rootkit Unhooker, I received an error, stating "Error loading/opening driver."

Here is the MBRCheck file:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 101):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF7C8F000 \WINDOWS\system32\KDCOM.DLL
0xF7B9F000 \WINDOWS\system32\BOOTVID.dll
0xF7740000 ACPI.sys
0xF7C91000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF772F000 pci.sys
0xF778F000 isapnp.sys
0xF770F000 fltMgr.sys
0xF779F000 ohci1394.sys
0xF77AF000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7BA3000 compbatt.sys
0xF7BA7000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7D57000 pciide.sys
0xF7A0F000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF76F1000 pcmcia.sys
0xF77BF000 MountMgr.sys
0xF76D2000 ftdisk.sys
0xF7BAB000 ACPIEC.sys
0xF7D58000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7A17000 PartMgr.sys
0xF77CF000 VolSnap.sys
0xF76BA000 atapi.sys
0xF77DF000 disk.sys
0xF77EF000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF76A8000 sr.sys
0xF7670000 PCTCore.sys
0xF765B000 drvmcdb.sys
0xF77FF000 PxHelp20.sys
0xF7644000 KSecDD.sys
0xF7631000 WudfPf.sys
0xF75A4000 Ntfs.sys
0xF7577000 NDIS.sys
0xF755C000 Mup.sys
0xF7A57000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF74E0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A5F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF782F000 \SystemRoot\system32\drivers\Imapi.sys
0xF783F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF784F000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF74BD000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7C4F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF785F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7A77000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF786F000 \SystemRoot\system32\DRIVERS\moufiltr.sys
0xF7A87000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7445000 \SystemRoot\system32\DRIVERS\ar5211.sys
0xF787F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7C5B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF742E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF788F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF789F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7AAF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF741D000 \SystemRoot\system32\DRIVERS\psched.sys
0xF78AF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7ABF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7ACF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF78BF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7CC9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF73C4000 \SystemRoot\system32\DRIVERS\update.sys
0xF7C6F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF71E4000 \SystemRoot\system32\DRIVERS\TM_CFW.sys
0xF78CF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7CCD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78DF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7CD3000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF70FC000 \SystemRoot\System32\Drivers\pwd_2K.SYS
0xF7CD7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7E51000 \SystemRoot\System32\Drivers\Null.SYS
0xF7CDB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7B0F000 \SystemRoot\system32\drivers\ssrtln.sys
0xF7B17000 \SystemRoot\System32\drivers\vga.sys
0xF70E8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF7CDF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF70AF000 \SystemRoot\System32\Drivers\meiudf.sys
0xF709E000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF7B27000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7B37000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF706B000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
0xF7C43000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF7046000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF6FEE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF6FC6000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF6FA5000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7C6B000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF6F83000 \SystemRoot\System32\drivers\afd.sys
0xF790F000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF6F58000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF6EE9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6EA9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7CEB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7128000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7B6F000 \SystemRoot\System32\watchdog.sys
0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
0xF7DDD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF69A5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6787000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 15):
0 System Idle Process
4 System
624 C:\WINDOWS\system32\smss.exe
672 csrss.exe
696 C:\WINDOWS\system32\winlogon.exe
740 C:\WINDOWS\system32\services.exe
752 C:\WINDOWS\system32\lsass.exe
896 C:\WINDOWS\system32\svchost.exe
944 svchost.exe
1056 C:\WINDOWS\system32\svchost.exe
1068 svchost.exe
1156 svchost.exe
1868 C:\WINDOWS\explorer.exe
468 C:\Program Files\Mozilla Firefox\firefox.exe
1588 C:\Documents and Settings\owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS541080G9AT00, Rev: MB4OA56J

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Done!
sturgeongeneral
Regular Member
 
Posts: 19
Joined: August 19th, 2010, 10:36 pm

Re: Fake Antivirus, Can't Update Malwarebytes, Can't Run Rki

Unread postby deltalima » August 27th, 2010, 4:12 pm

Hi sturgeongeneral,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    O4 - HKLM..\Run: [iosxcywu] C:\Documents and Settings\owner\Local Settings\Application Data\ygmouukeb\dfrtnnlshdw.exe ()
    O4 - HKU\S-1-5-21-1882684927-2859997940-3586293557-1007..\Run: [iosxcywu] C:\Documents and Settings\owner\Local Settings\Application Data\ygmouukeb\dfrtnnlshdw.exe ()
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next

Reboot into normal mode and run Rkill then Malwarebytes, please post the Malwarebytes log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Fake Antivirus, Can't Update Malwarebytes, Can't Run Rki

Unread postby sturgeongeneral » August 27th, 2010, 7:23 pm

Here is the information.

I should note though, Malwarebytes didn't find anything, BUT I was still unable to update the program. And I'm reasonably sure Rkill still isn't working, since Rkill still shut itself down, amongst other processes.

Here is the OTL Log:

All processes killed
========== OTL ==========
HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1882684927-2859997940-3586293557-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iosxcywu deleted successfully.
C:\Documents and Settings\owner\Local Settings\Application Data\ygmouukeb\dfrtnnlshdw.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1882684927-2859997940-3586293557-1007\Software\Microsoft\Windows\CurrentVersion\Run\\iosxcywu deleted successfully.
File C:\Documents and Settings\owner\Local Settings\Application Data\ygmouukeb\dfrtnnlshdw.exe not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"DisableNotifications" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"DisableNotifications" | 0 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 17171264 bytes
->Flash cache emptied: 916 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3453389 bytes
->Flash cache emptied: 300 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 2386 bytes

User: owner
->Temp folder emptied: 2557836 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 82193998 bytes
->FireFox cache emptied: 65158877 bytes
->Google Chrome cache emptied: 1642864 bytes
->Apple Safari cache emptied: 7322624 bytes
->Opera cache emptied: 20540280 bytes
->Flash cache emptied: 2200655 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1615360 bytes
%systemroot%\System32 .tmp files removed: 3521041 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 26600 bytes
Windows Temp folder emptied: 85488 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 198.00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08272010_155119

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

And here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4218

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/27/2010 5:54:29 PM
mbam-log-2010-08-27 (17-54-29).txt

Scan type: Full scan (C:\|)
Objects scanned: 222189
Time elapsed: 1 hour(s), 49 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
sturgeongeneral
Regular Member
 
Posts: 19
Joined: August 19th, 2010, 10:36 pm

Re: Fake Antivirus, Can't Update Malwarebytes, Can't Run Rki

Unread postby deltalima » August 28th, 2010, 11:25 am

Hi sturgeongeneral,

Please let me know what happened when you ran Combofix around 13th August.

Malwarebytes didn't find anything, BUT I was still unable to update the program.


What is the error message when you try to update?

And I'm reasonably sure Rkill still isn't working, since Rkill still shut itself down, amongst other processes.


That is normal behaviour.

Please reboot into normal mode again and run rkill. Post the log from rkill in your next reply.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log along with a new HijackThis log in your next reply and also let me know how your computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Fake Antivirus, Can't Update Malwarebytes, Can't Run Rki

Unread postby sturgeongeneral » August 29th, 2010, 12:27 am

Hello,

I can't remember completely, but I believe Combofix was blocked by my antivirus software (Trend Micro). I may have disabled Trend Micro and run it again, but at the moment I don't fully recall.

The error I recieve states the following: "An error has occurred. Please report this error code to our support team. MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest"

Here is the rkill log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as owner on 08/28/2010 at 23:05:56.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\owner\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Documents and Settings\owner\Desktop\rkill.exe


Rkill completed on 08/28/2010 at 23:06:08.


Unfortunately, I am also unable to run the Kaspersky online scan, as I get stuck when it tries to download any updates. I get this error:

0 [ERROR: Connection to updates source cannot be established]

At that point, I am unable to perform any scans.

The Antivirus program is now gone. My computer is running a little slowly, and I am still unable to really update any programs (Malwarebytes, Super Anti Spyware, Spyware Doctor, etc.) Trend Micro updates, and somehow I was actually able to install a Windows update yesterday, but that seems to be it. I am also unable to access most of the websites pertaining to said programs and any help they may provide. So the antivirus thing has been taken care of, but I'm pretty convinced I still have something funky going on.

Here is the most recent HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:06 PM, on 8/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://www.tmremote.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\WINDOWS\Downloaded Program Files\ssrc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9225 bytes
sturgeongeneral
Regular Member
 
Posts: 19
Joined: August 19th, 2010, 10:36 pm

Re: Fake Antivirus, Can't Update Malwarebytes, Can't Run Rki

Unread postby deltalima » August 29th, 2010, 6:41 am

Hi sturgeongeneral,

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Fake Antivirus, Can't Update Malwarebytes, Can't Run Rki

Unread postby sturgeongeneral » August 29th, 2010, 12:21 pm

TDSSKiller didn't find any malicious objects. Here is the log:

2010/08/29 11:17:38.0375 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42
2010/08/29 11:17:38.0375 ================================================================================
2010/08/29 11:17:38.0375 SystemInfo:
2010/08/29 11:17:38.0375
2010/08/29 11:17:38.0375 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/29 11:17:38.0375 Product type: Workstation
2010/08/29 11:17:38.0375 ComputerName: TOSHI-MOTO
2010/08/29 11:17:38.0375 UserName: owner
2010/08/29 11:17:38.0375 Windows directory: C:\WINDOWS
2010/08/29 11:17:38.0375 System windows directory: C:\WINDOWS
2010/08/29 11:17:38.0375 Processor architecture: Intel x86
2010/08/29 11:17:38.0375 Number of processors: 1
2010/08/29 11:17:38.0375 Page size: 0x1000
2010/08/29 11:17:38.0375 Boot type: Normal boot
2010/08/29 11:17:38.0375 ================================================================================
2010/08/29 11:17:39.0500 Initialize success
2010/08/29 11:17:43.0343 ================================================================================
2010/08/29 11:17:43.0343 Scan started
2010/08/29 11:17:43.0343 Mode: Manual;
2010/08/29 11:17:43.0343 ================================================================================
2010/08/29 11:17:45.0625 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/29 11:17:45.0750 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/29 11:17:45.0921 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/29 11:17:46.0250 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/29 11:17:46.0437 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/08/29 11:17:47.0125 ALCXWDM (bea942ff21154fee4f71ddd477621c70) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/08/29 11:17:47.0718 AR5211 (d07ccc37476034ebf5de4608a8af4386) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2010/08/29 11:17:47.0984 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/29 11:17:48.0375 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/29 11:17:48.0546 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/29 11:17:48.0937 ati2mtag (9dc33d25ee0ed27752455a52f25ddb6e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/08/29 11:17:49.0500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/29 11:17:49.0703 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/29 11:17:50.0062 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/29 11:17:50.0531 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/29 11:17:50.0671 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/29 11:17:51.0046 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/29 11:17:51.0171 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/08/29 11:17:51.0250 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/08/29 11:17:51.0578 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/29 11:17:51.0718 cdudf_xp (8c7746acde6225a46b58ed7ae09ec166) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/08/29 11:17:52.0281 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/29 11:17:52.0625 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/29 11:17:52.0890 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/29 11:17:53.0031 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/29 11:17:53.0468 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/29 11:17:53.0656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/29 11:17:54.0000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/29 11:17:54.0140 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/29 11:17:54.0343 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/08/29 11:17:54.0703 drvnddm (2ff629c1c443e25d0149b9dfb77e43a8) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/08/29 11:17:54.0906 dvd_2K (800de2dfa19db3fd87aa95308ba0c17b) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/08/29 11:17:55.0234 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/29 11:17:55.0406 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/29 11:17:55.0515 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/29 11:17:55.0750 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/29 11:17:55.0906 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/29 11:17:56.0000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/29 11:17:56.0312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/29 11:17:56.0515 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/08/29 11:17:56.0796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/29 11:17:57.0046 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/29 11:17:57.0484 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/08/29 11:17:57.0890 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/08/29 11:17:58.0109 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/08/29 11:17:58.0390 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/29 11:17:58.0656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/29 11:17:59.0031 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2010/08/29 11:17:59.0312 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/29 11:17:59.0625 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/29 11:17:59.0750 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/29 11:18:00.0078 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/29 11:18:00.0218 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/29 11:18:00.0343 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/29 11:18:00.0453 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/29 11:18:00.0750 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/29 11:18:01.0093 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/08/29 11:18:01.0437 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/29 11:18:01.0593 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/29 11:18:01.0718 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/29 11:18:02.0250 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/29 11:18:02.0562 meiudf (63351a2b051dfc4e7bb41319c8c1ace4) C:\WINDOWS\system32\Drivers\meiudf.sys
2010/08/29 11:18:02.0781 mmc_2K (0a35ad036de912858a1c5e9637840724) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/08/29 11:18:02.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/29 11:18:03.0125 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/29 11:18:03.0343 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/29 11:18:03.0640 moufiltr (6ed1d87904edfbd26dfb31abf1040d92) C:\WINDOWS\system32\DRIVERS\moufiltr.sys
2010/08/29 11:18:03.0906 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/29 11:18:04.0156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/29 11:18:04.0343 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/29 11:18:04.0468 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/29 11:18:04.0781 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/29 11:18:04.0984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/29 11:18:05.0062 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/29 11:18:05.0156 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/29 11:18:05.0421 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/29 11:18:05.0562 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/29 11:18:05.0734 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/29 11:18:06.0203 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/29 11:18:06.0265 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/29 11:18:06.0500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/29 11:18:06.0734 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/29 11:18:06.0968 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/29 11:18:07.0218 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/29 11:18:07.0484 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2010/08/29 11:18:07.0625 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/29 11:18:08.0156 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/29 11:18:08.0375 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/29 11:18:08.0640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/29 11:18:08.0906 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/29 11:18:08.0984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/29 11:18:09.0171 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/29 11:18:09.0468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/08/29 11:18:09.0703 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/29 11:18:09.0796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/29 11:18:10.0000 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/29 11:18:10.0234 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/29 11:18:10.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/08/29 11:18:10.0734 PCTCore (d9f8e37834eff27442e384d495ee5232) C:\WINDOWS\system32\drivers\PCTCore.sys
2010/08/29 11:18:11.0140 Pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2010/08/29 11:18:11.0468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/29 11:18:11.0578 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/29 11:18:11.0671 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/29 11:18:11.0984 pwd_2K (1840112f3f3b7ece84dbbd93a70c4135) C:\WINDOWS\system32\drivers\pwd_2K.sys
2010/08/29 11:18:12.0281 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/29 11:18:12.0656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/29 11:18:12.0765 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/29 11:18:13.0109 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/29 11:18:13.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/29 11:18:13.0625 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/29 11:18:13.0968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/29 11:18:14.0203 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/29 11:18:14.0484 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/29 11:18:14.0781 RTL8023xp (e10f6c9bd09d8dae26e29d52c65e6e0f) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2010/08/29 11:18:15.0062 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/08/29 11:18:15.0312 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/29 11:18:15.0421 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/29 11:18:15.0859 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/29 11:18:15.0984 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/29 11:18:16.0375 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/29 11:18:16.0578 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/29 11:18:16.0703 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/29 11:18:17.0187 Srv (4f8a43adef66f135564085a9dca96a26) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/29 11:18:17.0546 sscdbhk5 (1cbd1b58a32de97899f5290b05f856db) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/08/29 11:18:17.0734 ssrtln (7fb07ac152d7a87e66204860002bd9a4) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/08/29 11:18:18.0140 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/08/29 11:18:18.0343 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/29 11:18:18.0421 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/29 11:18:19.0000 SynTP (f6770219b73bd989d5613d2e9c78a227) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/08/29 11:18:19.0125 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/29 11:18:19.0453 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys
2010/08/29 11:18:19.0625 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/29 11:18:20.0093 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/29 11:18:20.0218 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/29 11:18:20.0406 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/29 11:18:20.0531 tfsnboio (2da3ca4022abb0802de7eeda574e78d6) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/08/29 11:18:20.0750 tfsncofs (c8d6928759b77701c21dc90ad61197f2) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/08/29 11:18:21.0000 tfsndrct (bacdef5510fa643683cddca418e49446) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/08/29 11:18:21.0078 tfsndres (3fc9f390fac563c3d3910d540adbd408) C:\WINDOWS\system32\dla\tfsndres.sys
2010/08/29 11:18:21.0156 tfsnifs (6aef3ec0b64689536891a9b96e9d7b82) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/08/29 11:18:21.0375 tfsnopio (7239873a72dd456f6e74e6987cdb9687) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/08/29 11:18:21.0609 tfsnpool (b78631e3593ddd76a4a8ba7cb8e32302) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/08/29 11:18:21.0687 tfsnudf (9e8b4abb93e5784fc4e5d3202566cc7a) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/08/29 11:18:22.0000 tfsnudfa (056fa0a11ba4cd688e1e40e48ffee921) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/08/29 11:18:22.0359 tmactmon (582f43830daa5d9aad7aa514843d8905) C:\WINDOWS\system32\drivers\tmactmon.sys
2010/08/29 11:18:22.0578 tmcfw (fcfa40e475ff5549f5cd335f4046aba4) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
2010/08/29 11:18:22.0875 tmcomm (949ef0df929a71d6cc77494dfcb1ddeb) C:\WINDOWS\system32\drivers\tmcomm.sys
2010/08/29 11:18:23.0078 tmevtmgr (9d38ac83d56f9b5274a65d2666da9779) C:\WINDOWS\system32\drivers\tmevtmgr.sys
2010/08/29 11:18:23.0281 tmpreflt (1615eb81a09c3c36ba8b4a1b1d525d8f) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
2010/08/29 11:18:23.0437 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2010/08/29 11:18:23.0703 tmxpflt (44b4a683b8de31b709d1e5fc5d01dcc6) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
2010/08/29 11:18:24.0031 TVALD (ef88219dbdd15a7f28b434c72a3d7233) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2010/08/29 11:18:24.0218 Tvs (7bc87d123f504d161693f672cfe99ec4) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2010/08/29 11:18:24.0453 UdfReadr_xp (e1b5bfba7f1cde1fc28934639e83b3cf) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/08/29 11:18:24.0734 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/29 11:18:25.0343 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/29 11:18:25.0609 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/29 11:18:25.0812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/29 11:18:26.0078 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/29 11:18:26.0140 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/08/29 11:18:26.0328 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/29 11:18:26.0546 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/29 11:18:26.0765 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/29 11:18:27.0187 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/29 11:18:27.0406 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/29 11:18:27.0562 vsapint (84b4bfc6808adfdeb0716af857dd9519) C:\WINDOWS\system32\DRIVERS\vsapint.sys
2010/08/29 11:18:28.0218 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/29 11:18:28.0453 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/29 11:18:28.0843 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/08/29 11:18:29.0062 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/08/29 11:18:29.0312 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/29 11:18:29.0421 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/29 11:18:29.0640 ================================================================================
2010/08/29 11:18:29.0640 Scan finished
2010/08/29 11:18:29.0640 ================================================================================
sturgeongeneral
Regular Member
 
Posts: 19
Joined: August 19th, 2010, 10:36 pm

Re: Fake Antivirus, Can't Update Malwarebytes, Can't Run Rki

Unread postby deltalima » August 29th, 2010, 12:52 pm

Hi sturgeongeneral,

Please delete your copy of Combofix and then download and run a new copy using the following instructions.

Please make sure to disable Trend Antivirus

Run Combofix

Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix.

Download ComboFix from here to your Desktop.

For more information about Combofix please see here.

Close all programs.

Double click combofix.exe and follow the prompts.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures, if not, then follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once installed, you should see the following message:

The recovery console was successfuly installed.
Click ‘YES’ to continue scanning for malware
Click ‘NO’ for exit

Click the YES button.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your “drive access” light. If it is flashing, Combofix is still at work.

When finished ComboFix will produce a log file. Please post the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Fake Antivirus, Can't Update Malwarebytes, Can't Run Rki

Unread postby sturgeongeneral » August 29th, 2010, 6:09 pm

Here is the ComboFix log, in multiple parts thanks to message limitations:

ComboFix 10-08-28.02 - owner 08/29/2010 16:17:36.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.189 [GMT -5:00]
Running from: c:\documents and settings\owner\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-28 08:04 . 2010-08-28 08:04 -------- d-----w- c:\windows\LastGood.Tmp
2010-08-28 07:56 . 2010-08-28 07:56 -------- d-----w- c:\windows\system32\scripting
2010-08-28 07:56 . 2010-08-28 07:56 -------- d-----w- c:\windows\l2schemas
2010-08-28 07:56 . 2010-08-28 07:56 -------- d-----w- c:\windows\system32\en
2010-08-28 07:56 . 2010-08-28 07:56 -------- d-----w- c:\windows\system32\bits
2010-08-28 07:46 . 2010-08-28 07:57 -------- d-----w- c:\windows\ServicePackFiles
2010-08-28 07:31 . 2010-08-28 07:31 -------- d-----w- c:\windows\EHome
2010-08-27 20:51 . 2010-08-27 20:51 -------- d-----w- C:\_OTL
2010-08-20 03:58 . 2010-08-20 03:58 54016 ----a-w- c:\windows\system32\drivers\rsieq.sys
2010-08-17 04:39 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-17 04:39 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-17 04:39 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-08-17 04:39 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-08-17 04:39 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-08-17 04:39 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-08-17 04:38 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-17 04:38 . 2010-03-10 16:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-17 04:38 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-17 04:38 . 2010-02-05 14:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-17 04:38 . 2010-08-28 07:20 -------- d-----w- c:\program files\Spyware Doctor
2010-08-17 04:38 . 2010-08-17 04:38 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2010-08-17 04:38 . 2010-08-17 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-16 03:59 . 2010-08-27 20:51 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ygmouukeb
2010-08-02 00:41 . 2010-08-02 00:41 54016 ----a-w- c:\windows\system32\drivers\herp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 14:55 . 2010-06-14 06:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-28 14:50 . 2009-10-27 03:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-28 08:01 . 2005-04-20 20:33 77607 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-27 20:07 . 2009-03-28 07:20 1 ----a-w- c:\documents and settings\owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-26 05:55 . 2009-01-28 06:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-03 02:38 . 2010-02-06 01:42 -------- d-----w- c:\program files\Trend Micro
2010-07-29 04:50 . 2008-03-15 19:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-07-29 04:50 . 2010-07-29 04:50 -------- d-----w- c:\program files\Safari
2010-07-25 06:10 . 2008-03-27 02:23 7628 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-07-24 20:50 . 2010-07-24 20:50 -------- d-----w- c:\program files\Audacity
2010-07-24 18:41 . 2009-10-22 05:30 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-07-23 11:13 . 2010-07-23 11:13 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-23 05:32 . 2010-05-02 16:50 -------- d-----w- c:\program files\iTunes
2010-07-23 05:30 . 2010-07-23 05:30 -------- d-----w- c:\program files\iPod
2010-07-23 05:30 . 2008-03-15 19:50 -------- d-----w- c:\program files\Common Files\Apple
2010-07-23 05:15 . 2010-07-23 05:15 -------- d-----w- c:\program files\Bonjour
2010-07-23 05:06 . 2010-07-23 05:06 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-05 00:10 . 2010-07-05 00:10 54016 ----a-w- c:\windows\system32\drivers\fsblbbbc.sys
2010-07-04 18:07 . 2008-08-26 00:53 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2010-06-14 06:02 . 2010-06-14 06:02 63488 ----a-w- c:\documents and settings\owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-14 06:02 . 2010-06-14 06:02 52224 ----a-w- c:\documents and settings\owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-14 06:02 . 2010-06-14 06:02 117760 ----a-w- c:\documents and settings\owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-05 23:51 . 2010-02-05 23:51 27960 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-02-05 23:51 . 2010-02-05 23:51 126344 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-02-05 23:51 . 2010-02-05 23:51 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2010-02-05 23:51 . 2010-02-05 23:51 98696 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-08-12_06.12.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-24 06:34 . 2008-04-14 00:12 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
- 2007-02-18 02:30 . 2007-01-19 20:15 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2008-09-24 06:34 . 2008-04-14 00:12 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 50688 c:\windows\twain_32.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 50688 c:\windows\twain_32.dll
+ 2005-04-20 20:30 . 2008-04-14 00:12 11776 c:\windows\system32\xolehlp.dll
- 2005-04-20 20:30 . 2006-03-01 19:42 11776 c:\windows\system32\xolehlp.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 50176 c:\windows\system32\xmlprovi.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 50176 c:\windows\system32\xmlprovi.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 30720 c:\windows\system32\xcopy.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 30720 c:\windows\system32\xcopy.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 91648 c:\windows\system32\xactsrv.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 91648 c:\windows\system32\xactsrv.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 52736 c:\windows\system32\wzcsapi.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 18432 c:\windows\system32\wtsapi32.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 18432 c:\windows\system32\wtsapi32.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 50688 c:\windows\system32\wstdecod.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 50688 c:\windows\system32\wstdecod.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 22528 c:\windows\system32\wsock32.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 22528 c:\windows\system32\wsock32.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 41984 c:\windows\system32\wsnmp32.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 19456 c:\windows\system32\wshtcpip.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 11264 c:\windows\system32\wshrm.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 14336 c:\windows\system32\wship6.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 14336 c:\windows\system32\wship6.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 90112 c:\windows\system32\wshext.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 36864 c:\windows\system32\wshcon.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 80896 c:\windows\system32\wscsvc.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 13824 c:\windows\system32\wscntfy.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 13824 c:\windows\system32\wscntfy.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 19968 c:\windows\system32\ws2help.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 19968 c:\windows\system32\ws2help.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 82432 c:\windows\system32\ws2_32.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 11264 c:\windows\system32\wpnpinst.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 32256 c:\windows\system32\wpabaln.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 32256 c:\windows\system32\wpabaln.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 92672 c:\windows\system32\wlnotify.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 92672 c:\windows\system32\wlnotify.dll
+ 2008-09-24 06:37 . 2008-04-14 00:12 69120 c:\windows\system32\wlanapi.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 53760 c:\windows\system32\winsta.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 53760 c:\windows\system32\winsta.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 17408 c:\windows\system32\winshfhc.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 17408 c:\windows\system32\winshfhc.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 99328 c:\windows\system32\winscard.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 99328 c:\windows\system32\winscard.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 16896 c:\windows\system32\winrnr.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 16896 c:\windows\system32\winrnr.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 32256 c:\windows\system32\winipsec.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 75776 c:\windows\system32\wiascr.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 75776 c:\windows\system32\wiascr.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 65024 c:\windows\system32\wextract.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 68096 c:\windows\system32\webclnt.dll
- 2005-04-20 18:45 . 2006-01-04 03:35 68096 c:\windows\system32\webclnt.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud.drv
- 2004-08-04 00:56 . 2004-08-04 07:56 23552 c:\windows\system32\wdmaud.drv
- 2005-04-20 18:45 . 2006-03-24 04:37 49152 c:\windows\system32\wdigest.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 49152 c:\windows\system32\wdigest.dll
+ 2005-04-20 20:30 . 2008-04-14 00:12 95232 c:\windows\system32\wbem\wmiutils.dll
- 2005-04-20 20:30 . 2004-08-04 12:00 95232 c:\windows\system32\wbem\wmiutils.dll
- 2005-04-20 20:30 . 2004-08-04 12:00 41472 c:\windows\system32\wbem\wmipsess.dll
+ 2005-04-20 20:30 . 2008-04-14 00:12 41472 c:\windows\system32\wbem\wmipsess.dll
+ 2005-04-20 20:30 . 2008-04-14 00:12 62464 c:\windows\system32\wbem\wmipjobj.dll
+ 2005-04-20 20:30 . 2008-04-14 00:12 61952 c:\windows\system32\wbem\wmipiprt.dll
+ 2005-04-20 20:30 . 2008-04-14 00:12 60928 c:\windows\system32\wbem\wmicookr.dll
- 2005-04-20 20:30 . 2004-08-04 12:00 60928 c:\windows\system32\wbem\wmicookr.dll
+ 2005-04-20 20:30 . 2008-04-14 00:12 88576 c:\windows\system32\wbem\wmiaprpl.dll
- 2005-04-20 20:30 . 2004-08-04 12:00 43520 c:\windows\system32\wbem\wbemsvc.dll
+ 2005-04-20 20:30 . 2008-04-14 00:12 43520 c:\windows\system32\wbem\wbemsvc.dll
+ 2005-04-20 20:30 . 2008-04-14 00:12 18944 c:\windows\system32\wbem\wbemprox.dll
- 2005-04-20 20:30 . 2004-08-04 12:00 18944 c:\windows\system32\wbem\wbemprox.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 43008 c:\windows\system32\wbem\wbemperf.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 43008 c:\windows\system32\wbem\wbemperf.dll
+ 2005-04-20 20:30 . 2008-04-14 00:12 71680 c:\windows\system32\wbem\wbemcons.dll
- 2005-04-20 20:30 . 2004-08-04 12:00 71680 c:\windows\system32\wbem\wbemcons.dll
- 2005-04-20 20:30 . 2004-08-04 12:00 86528 c:\windows\system32\wbem\stdprov.dll
+ 2005-04-20 20:30 . 2008-04-14 00:12 86528 c:\windows\system32\wbem\stdprov.dll
+ 2005-04-20 20:30 . 2008-04-14 00:12 36352 c:\windows\system32\wbem\scrcons.exe
+ 2005-04-20 20:30 . 2008-04-14 00:12 47104 c:\windows\system32\wbem\ncprov.dll
- 2005-04-20 20:30 . 2004-08-04 12:00 47104 c:\windows\system32\wbem\ncprov.dll
+ 2005-04-20 20:30 . 2008-04-14 00:12 16384 c:\windows\system32\wbem\mofcomp.exe
- 2005-04-20 20:30 . 2004-08-04 12:00 16384 c:\windows\system32\wbem\mofcomp.exe
- 2005-04-20 20:30 . 2004-08-04 12:00 24576 c:\windows\system32\wbem\krnlprov.dll
+ 2005-04-20 20:30 . 2008-04-14 00:11 24576 c:\windows\system32\wbem\krnlprov.dll
+ 2005-04-20 18:44 . 2008-04-14 00:11 21504 c:\windows\system32\wbem\evntrprv.dll
+ 2005-04-20 18:45 . 2008-04-13 18:44 17664 c:\windows\system32\watchdog.sys
- 2005-04-20 18:45 . 2004-08-04 12:00 17664 c:\windows\system32\watchdog.sys
- 2005-04-20 18:45 . 2004-08-04 12:00 15872 c:\windows\system32\w3ssl.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 15872 c:\windows\system32\w3ssl.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 18944 c:\windows\system32\version.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 18944 c:\windows\system32\version.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 26624 c:\windows\system32\verifier.dll
- 2006-03-17 00:38 . 2006-03-17 00:38 28672 c:\windows\system32\verclsid.exe
+ 2006-03-17 00:38 . 2008-04-14 00:12 28672 c:\windows\system32\verclsid.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 51712 c:\windows\system32\vdmredir.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 51712 c:\windows\system32\vdmredir.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 26112 c:\windows\system32\vdmdbg.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 26112 c:\windows\system32\vdmdbg.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 30749 c:\windows\system32\vbajet32.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 30749 c:\windows\system32\vbajet32.dll
- 2005-04-20 18:45 . 2006-10-04 08:48 50176 c:\windows\system32\utilman.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 50176 c:\windows\system32\utilman.exe
+ 2005-04-20 18:45 . 2008-04-14 00:11 19968 c:\windows\system32\usmt\log.dll
- 2005-04-20 18:45 . 2005-04-28 19:16 19968 c:\windows\system32\usmt\log.dll
+ 2007-10-26 23:30 . 2008-04-13 16:44 17920 c:\windows\system32\usmt\cobramsg.dll
- 2007-10-26 23:30 . 2005-04-27 23:15 17920 c:\windows\system32\usmt\cobramsg.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 26112 c:\windows\system32\userinit.exe
- 2005-04-20 13:28 . 2004-08-04 00:56 74240 c:\windows\system32\usbui.dll
+ 2005-04-20 13:28 . 2008-04-14 00:12 74240 c:\windows\system32\usbui.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 16896 c:\windows\system32\usbmon.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 16896 c:\windows\system32\usbmon.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 37888 c:\windows\system32\url.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 37888 c:\windows\system32\url.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 18432 c:\windows\system32\ups.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 18432 c:\windows\system32\ups.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 16896 c:\windows\system32\upnpcont.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 16896 c:\windows\system32\upnpcont.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 13824 c:\windows\system32\uniplat.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 13824 c:\windows\system32\uniplat.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 74240 c:\windows\system32\unimdmat.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 74240 c:\windows\system32\unimdmat.dll
- 2010-04-18 07:24 . 2004-08-04 12:00 76288 c:\windows\system32\uniime.dll
+ 2010-04-18 07:24 . 2008-04-14 00:11 76288 c:\windows\system32\uniime.dll
- 2005-04-20 18:45 . 2006-10-04 13:33 35840 c:\windows\system32\umandlg.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 35840 c:\windows\system32\umandlg.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 26624 c:\windows\system32\udhisapi.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 57856 c:\windows\system32\twext.dll
+ 2008-09-24 06:37 . 2008-04-14 00:12 50688 c:\windows\system32\tspkg.dll
+ 2007-10-26 23:34 . 2008-04-14 00:12 53248 c:\windows\system32\tsgqec.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 12168 c:\windows\system32\tsddd.dll
+ 2005-04-20 18:45 . 2008-04-14 00:13 12168 c:\windows\system32\tsddd.dll
+ 2005-04-20 20:31 . 2008-04-14 00:12 93696 c:\windows\system32\tscfgwmi.dll
- 2005-04-20 20:31 . 2004-08-04 12:00 93696 c:\windows\system32\tscfgwmi.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 90112 c:\windows\system32\trkwks.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 12800 c:\windows\system32\tree.com
- 2005-04-20 18:45 . 2004-08-04 12:00 12288 c:\windows\system32\tracert.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 12288 c:\windows\system32\tracert.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 75776 c:\windows\system32\telnet.exe
- 2005-04-20 18:45 . 2005-05-10 23:45 75776 c:\windows\system32\telnet.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 45568 c:\windows\system32\tcpmonui.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmonui.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 45568 c:\windows\system32\tcpmon.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmon.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 14848 c:\windows\system32\tcpmib.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 14848 c:\windows\system32\tcpmib.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 57856 c:\windows\system32\synceng.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 57856 c:\windows\system32\synceng.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 14336 c:\windows\system32\svchost.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 14336 c:\windows\system32\svchost.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 75776 c:\windows\system32\strmfilt.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 75776 c:\windows\system32\strmfilt.dll
- 2005-04-20 13:26 . 2004-08-04 00:56 74752 c:\windows\system32\storprop.dll
+ 2005-04-20 13:26 . 2008-04-14 00:12 74752 c:\windows\system32\storprop.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 14848 c:\windows\system32\stimon.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 14848 c:\windows\system32\stimon.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 68096 c:\windows\system32\sti.dll
+ 2005-04-20 20:31 . 2008-04-14 00:12 59392 c:\windows\system32\stclient.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 14336 c:\windows\system32\ssstars.scr
- 2005-04-20 18:45 . 2004-08-04 12:00 14336 c:\windows\system32\ssstars.scr
+ 2005-04-20 18:45 . 2008-04-14 00:12 18944 c:\windows\system32\ssmyst.scr
- 2005-04-20 18:45 . 2004-08-04 12:00 18944 c:\windows\system32\ssmyst.scr
- 2005-04-20 18:45 . 2004-08-04 12:00 47104 c:\windows\system32\ssmypics.scr
+ 2005-04-20 18:45 . 2008-04-14 00:12 47104 c:\windows\system32\ssmypics.scr
- 2005-04-20 18:45 . 2004-08-04 12:00 20992 c:\windows\system32\ssmarque.scr
+ 2005-04-20 18:45 . 2008-04-14 00:12 20992 c:\windows\system32\ssmarque.scr
+ 2005-04-20 18:45 . 2008-04-14 00:12 71680 c:\windows\system32\ssdpsrv.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 71680 c:\windows\system32\ssdpsrv.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 34816 c:\windows\system32\ssdpapi.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 34816 c:\windows\system32\ssdpapi.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 19968 c:\windows\system32\ssbezier.scr
- 2005-04-20 18:45 . 2004-08-04 12:00 19968 c:\windows\system32\ssbezier.scr
+ 2005-04-20 18:45 . 2008-04-14 00:12 96768 c:\windows\system32\srvsvc.dll
- 2005-04-20 18:45 . 2004-12-07 19:32 96768 c:\windows\system32\srvsvc.dll
- 2005-04-20 20:32 . 2004-08-04 12:00 67584 c:\windows\system32\srclient.dll
+ 2005-04-20 20:32 . 2008-04-14 00:12 67584 c:\windows\system32\srclient.dll
+ 2008-09-24 06:37 . 2008-04-14 00:12 20992 c:\windows\system32\spupdwxp.exe
+ 2005-12-28 20:05 . 2007-08-11 01:46 26488 c:\windows\system32\spupdsvc.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 57856 c:\windows\system32\spoolsv.exe
- 2005-04-20 18:45 . 2005-06-10 23:53 57856 c:\windows\system32\spoolsv.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 75264 c:\windows\system32\spoolss.dll
+ 2007-03-16 00:24 . 2008-04-14 00:11 87552 c:\windows\system32\spool\drivers\w32x86\3\hpfud50.dll
- 2007-03-16 00:24 . 2004-08-04 05:56 87552 c:\windows\system32\spool\drivers\w32x86\3\HPFUD50.DLL
+ 2005-04-20 20:31 . 2008-04-14 00:11 26624 c:\windows\system32\spool\drivers\w32x86\3\fxsdrv.dll
+ 2005-04-20 18:45 . 2008-04-14 10:42 11264 c:\windows\system32\spnpinst.exe
- 2007-05-19 22:46 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2007-05-19 22:46 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 24576 c:\windows\system32\sort.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 18944 c:\windows\system32\snmpapi.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 18944 c:\windows\system32\snmpapi.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 50688 c:\windows\system32\smss.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 50688 c:\windows\system32\smss.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 89600 c:\windows\system32\smlogsvc.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 89600 c:\windows\system32\smlogsvc.exe
+ 2008-09-24 06:37 . 2008-04-14 00:12 73796 c:\windows\system32\slserv.exe
+ 2008-09-24 06:37 . 2008-04-14 00:12 32866 c:\windows\system32\slrundll.exe
+ 2008-09-24 06:37 . 2008-04-14 00:12 73832 c:\windows\system32\slcoinst.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 98304 c:\windows\system32\slbiop.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 98304 c:\windows\system32\slbiop.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 25088 c:\windows\system32\slayerxp.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 25088 c:\windows\system32\slayerxp.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 26112 c:\windows\system32\skeys.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 26112 c:\windows\system32\skeys.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 70144 c:\windows\system32\sigverif.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 70144 c:\windows\system32\sigverif.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 13312 c:\windows\system32\sigtab.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 13312 c:\windows\system32\sigtab.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 19456 c:\windows\system32\shutdown.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 19456 c:\windows\system32\shutdown.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 27648 c:\windows\system32\shscrap.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 27648 c:\windows\system32\shscrap.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 77824 c:\windows\system32\shrpubw.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 77824 c:\windows\system32\shrpubw.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 45056 c:\windows\system32\shmgrate.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 65024 c:\windows\system32\shimeng.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 68096 c:\windows\system32\shgina.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 68096 c:\windows\system32\shgina.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 25088 c:\windows\system32\shfolder.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 25088 c:\windows\system32\shfolder.dll
+ 2008-09-24 06:37 . 2008-04-14 00:12 32768 c:\windows\system32\setupn.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 26624 c:\windows\system32\Setup\startoc.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 17408 c:\windows\system32\Setup\ocmsn.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 17408 c:\windows\system32\Setup\ocmsn.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 15360 c:\windows\system32\Setup\ocgen.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 62976 c:\windows\system32\Setup\ntoc.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 62976 c:\windows\system32\Setup\ntoc.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 77312 c:\windows\system32\Setup\netoc.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 77312 c:\windows\system32\Setup\netoc.dll
+ 2005-04-20 18:45 . 2008-04-14 00:11 15360 c:\windows\system32\Setup\msgrocm.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 15360 c:\windows\system32\Setup\msgrocm.dll
+ 2005-04-20 18:44 . 2008-04-14 00:11 90112 c:\windows\system32\Setup\msdtcstp.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 32828 c:\windows\system32\Setup\fp40ext.dll
+ 2005-04-20 18:44 . 2008-04-14 00:11 32828 c:\windows\system32\Setup\fp40ext.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 23040 c:\windows\system32\setup.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 23040 c:\windows\system32\setup.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 31232 c:\windows\system32\sethc.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 31232 c:\windows\system32\sethc.exe
+ 2005-04-20 20:30 . 2008-04-14 00:12 56320 c:\windows\system32\servdeps.dll
- 2005-04-20 20:30 . 2004-08-04 12:00 56320 c:\windows\system32\servdeps.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 39424 c:\windows\system32\sens.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 54784 c:\windows\system32\sendmail.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 29184 c:\windows\system32\sendcmsg.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 29184 c:\windows\system32\sendcmsg.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 56320 c:\windows\system32\secur32.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 18944 c:\windows\system32\seclogon.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 18944 c:\windows\system32\seclogon.dll
- 2004-08-04 00:56 . 2004-08-04 12:00 29184 c:\windows\system32\sdhcinst.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 29184 c:\windows\system32\sdhcinst.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 77312 c:\windows\system32\sdbinst.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 77312 c:\windows\system32\sdbinst.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 20480 c:\windows\system32\sclgntfy.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 95744 c:\windows\system32\scardsvr.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 95744 c:\windows\system32\scardsvr.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 69632 c:\windows\system32\scarddlg.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 69632 c:\windows\system32\scarddlg.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 13312 c:\windows\system32\savedump.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 13312 c:\windows\system32\savedump.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 64000 c:\windows\system32\samlib.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 64000 c:\windows\system32\samlib.dll
- 2005-04-20 20:32 . 2004-08-04 12:00 45568 c:\windows\system32\safrslv.dll
+ 2005-04-20 20:32 . 2008-04-14 00:12 45568 c:\windows\system32\safrslv.dll
+ 2005-04-20 20:32 . 2008-04-14 00:12 29696 c:\windows\system32\safrdm.dll
- 2005-04-20 20:32 . 2004-08-04 12:00 29696 c:\windows\system32\safrdm.dll
- 2005-04-20 20:32 . 2004-08-04 12:00 43520 c:\windows\system32\safrcdlg.dll
+ 2005-04-20 20:32 . 2008-04-14 00:12 43520 c:\windows\system32\safrcdlg.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 14336 c:\windows\system32\runonce.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 14336 c:\windows\system32\runonce.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 33280 c:\windows\system32\rundll32.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 33280 c:\windows\system32\rundll32.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 44032 c:\windows\system32\rtutils.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 44032 c:\windows\system32\rtutils.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 31744 c:\windows\system32\rtipxmib.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 31744 c:\windows\system32\rtipxmib.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 77312 c:\windows\system32\rtcshare.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 77312 c:\windows\system32\rtcshare.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 92672 c:\windows\system32\rsvpsp.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 18944 c:\windows\system32\rsmps.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 18944 c:\windows\system32\rsmps.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 39936 c:\windows\system32\rshx32.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 39936 c:\windows\system32\rshx32.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 14848 c:\windows\system32\rsh.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 14848 c:\windows\system32\rsh.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 13824 c:\windows\system32\rexec.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 13824 c:\windows\system32\rexec.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 58880 c:\windows\system32\resutils.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 58880 c:\windows\system32\resutils.dll
- 2005-04-20 20:31 . 2004-08-04 12:00 60416 c:\windows\system32\remotepg.dll
+ 2005-04-20 20:31 . 2008-04-14 00:12 60416 c:\windows\system32\remotepg.dll
+ 2010-08-28 07:38 . 2004-08-04 12:00 36096 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\intelppm.sys
- 2005-04-20 18:45 . 2004-08-04 12:00 11776 c:\windows\system32\regsvr32.exe
+ 2005-04-20 18:45 . 2008-04-14 00:12 11776 c:\windows\system32\regsvr32.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 59904 c:\windows\system32\regsvc.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 59904 c:\windows\system32\regsvc.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 49664 c:\windows\system32\regapi.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 49664 c:\windows\system32\regapi.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 50176 c:\windows\system32\reg.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 50176 c:\windows\system32\reg.exe
- 2005-04-20 20:31 . 2004-08-04 12:00 67072 c:\windows\system32\rdshost.exe
+ 2005-04-20 20:31 . 2008-04-14 00:12 67072 c:\windows\system32\rdshost.exe
- 2005-04-20 20:31 . 2004-08-04 12:00 13824 c:\windows\system32\rdsaddin.exe
+ 2005-04-20 20:31 . 2008-04-14 00:12 13824 c:\windows\system32\rdsaddin.exe
- 2005-04-20 20:31 . 2004-08-04 12:00 87176 c:\windows\system32\rdpwsx.dll
+ 2005-04-20 20:31 . 2008-04-14 00:13 87176 c:\windows\system32\rdpwsx.dll
- 2005-04-20 20:31 . 2004-08-04 12:00 19968 c:\windows\system32\rdpsnd.dll
+ 2005-04-20 20:31 . 2008-04-14 00:12 19968 c:\windows\system32\rdpsnd.dll
+ 2005-04-20 18:44 . 2008-04-14 00:13 92424 c:\windows\system32\rdpdd.dll
+ 2005-04-20 20:31 . 2008-04-14 00:12 62976 c:\windows\system32\rdpclip.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 21504 c:\windows\system32\rcp.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 21504 c:\windows\system32\rcp.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 35840 c:\windows\system32\rcimlby.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 35840 c:\windows\system32\rcimlby.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 58368 c:\windows\system32\rastapi.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 16384 c:\windows\system32\rassapi.dll
+ 2008-09-24 06:37 . 2008-04-14 00:12 61952 c:\windows\system32\rasqec.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 56832 c:\windows\system32\rasphone.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 56832 c:\windows\system32\rasphone.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 61440 c:\windows\system32\rasman.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 61440 c:\windows\system32\rasman.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 79872 c:\windows\system32\raschap.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 88576 c:\windows\system32\rasauto.dll
+ 2005-04-20 20:32 . 2008-04-14 00:12 43520 c:\windows\system32\racpldlg.dll
- 2005-04-20 20:32 . 2004-08-04 12:00 43520 c:\windows\system32\racpldlg.dll
+ 2008-09-24 06:37 . 2008-04-14 00:12 76800 c:\windows\system32\qutil.dll
+ 2005-04-20 20:31 . 2008-04-14 00:12 19968 c:\windows\system32\qprocess.exe
+ 2005-04-20 20:32 . 2008-04-14 00:12 18944 c:\windows\system32\qmgrprxy.dll
- 2005-04-20 20:32 . 2004-08-04 12:00 18944 c:\windows\system32\qmgrprxy.dll
+ 2008-09-24 06:37 . 2008-04-14 00:12 62464 c:\windows\system32\qcliprov.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 34304 c:\windows\system32\pstorsvc.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 34304 c:\windows\system32\pstorsvc.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 43520 c:\windows\system32\pstorec.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 43520 c:\windows\system32\pstorec.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 96768 c:\windows\system32\psbase.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 96768 c:\windows\system32\psbase.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 23040 c:\windows\system32\psapi.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 23040 c:\windows\system32\psapi.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 50176 c:\windows\system32\proquota.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 50176 c:\windows\system32\proquota.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 27648 c:\windows\system32\profmap.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 27648 c:\windows\system32\profmap.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 17408 c:\windows\system32\powrprof.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 17408 c:\windows\system32\powrprof.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 49152 c:\windows\system32\powercfg.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 49152 c:\windows\system32\powercfg.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 58880 c:\windows\system32\pnrpnsp.dll
- 2005-04-20 18:44 . 2006-10-11 16:24 58880 c:\windows\system32\pnrpnsp.dll
- 2005-04-20 18:44 . 2007-08-22 12:55 39424 c:\windows\system32\pngfilt.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 39424 c:\windows\system32\pngfilt.dll
- 2004-08-04 00:56 . 2004-08-04 12:00 15360 c:\windows\system32\pjlmon.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 15360 c:\windows\system32\pjlmon.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 17920 c:\windows\system32\ping.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 17920 c:\windows\system32\ping.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 24064 c:\windows\system32\pidgen.dll
+ 2005-04-20 18:44 . 2008-04-13 18:35 24064 c:\windows\system32\pidgen.dll
- 2004-08-04 00:56 . 2004-08-04 12:00 35328 c:\windows\system32\pid.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 35328 c:\windows\system32\pid.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 34816 c:\windows\system32\perfproc.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 34816 c:\windows\system32\perfproc.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 25088 c:\windows\system32\perfos.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 25088 c:\windows\system32\perfos.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 17920 c:\windows\system32\perfnet.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 15872 c:\windows\system32\perfmon.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 15872 c:\windows\system32\perfmon.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 26624 c:\windows\system32\perfdisk.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 26624 c:\windows\system32\perfdisk.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 39936 c:\windows\system32\perfctrs.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 39936 c:\windows\system32\perfctrs.dll
- 2005-04-20 18:44 . 2010-03-14 21:08 73226 c:\windows\system32\perfc009.dat
+ 2005-04-20 18:44 . 2010-08-28 14:53 73226 c:\windows\system32\perfc009.dat
+ 2005-04-20 18:44 . 2008-04-14 00:12 67584 c:\windows\system32\pautoenr.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 58368 c:\windows\system32\packager.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 58368 c:\windows\system32\packager.exe
- 2005-04-20 18:45 . 2004-08-04 12:00 67584 c:\windows\system32\osuninst.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 67584 c:\windows\system32\osuninst.dll
+ 2005-04-20 20:32 . 2008-04-14 00:12 51200 c:\windows\system32\oobe\oobebaln.exe
- 2005-04-20 20:32 . 2004-08-04 12:00 51200 c:\windows\system32\oobe\oobebaln.exe
+ 2005-04-20 20:32 . 2008-04-14 00:12 29184 c:\windows\system32\oobe\msoobe.exe
+ 2005-04-20 20:32 . 2008-04-14 00:12 19456 c:\windows\system32\oobe\msobweb.dll
+ 2005-04-20 20:32 . 2008-04-14 00:12 30720 c:\windows\system32\oobe\msobshel.dll
- 2005-04-20 20:32 . 2004-08-04 12:00 30720 c:\windows\system32\oobe\msobshel.dll
+ 2005-04-20 20:32 . 2008-04-14 00:12 16384 c:\windows\system32\oobe\msobdl.dll
- 2005-04-20 20:32 . 2004-08-04 12:00 16384 c:\windows\system32\oobe\msobdl.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 84992 c:\windows\system32\olepro32.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 37376 c:\windows\system32\olecnv32.dll
- 2005-04-20 18:44 . 2005-07-26 04:39 74752 c:\windows\system32\olecli32.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 74752 c:\windows\system32\olecli32.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 20511 c:\windows\system32\odtext32.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 20511 c:\windows\system32\odtext32.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 20510 c:\windows\system32\odpdx32.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 20510 c:\windows\system32\odpdx32.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 20510 c:\windows\system32\odfox32.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 20510 c:\windows\system32\odfox32.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 20510 c:\windows\system32\odexl32.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 20510 c:\windows\system32\odexl32.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 20511 c:\windows\system32\oddbse32.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 20511 c:\windows\system32\oddbse32.dll
+ 2005-04-20 18:44 . 2008-04-13 17:26 12288 c:\windows\system32\odbcp32r.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 12288 c:\windows\system32\odbcp32r.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 53279 c:\windows\system32\odbcji32.dll
+ 2005-04-20 18:44 . 2008-04-14 00:10 53279 c:\windows\system32\odbcji32.dll
+ 2005-04-20 18:44 . 2008-04-13 17:26 94208 c:\windows\system32\odbcint.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 94208 c:\windows\system32\odbcint.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 65536 c:\windows\system32\odbccu32.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 65536 c:\windows\system32\odbccu32.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 65536 c:\windows\system32\odbccr32.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 65536 c:\windows\system32\odbccr32.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 69632 c:\windows\system32\odbcconf.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 69632 c:\windows\system32\odbcconf.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 24576 c:\windows\system32\odbcbcp.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 24576 c:\windows\system32\odbcbcp.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 32768 c:\windows\system32\odbcad32.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 32768 c:\windows\system32\odbcad32.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 16384 c:\windows\system32\odbc32gt.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 16384 c:\windows\system32\odbc32gt.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 67584 c:\windows\system32\ocmanage.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 96256 c:\windows\system32\occache.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 96256 c:\windows\system32\occache.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 15360 c:\windows\system32\ntvdmd.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 91136 c:\windows\system32\ntprint.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 91136 c:\windows\system32\ntprint.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 40960 c:\windows\system32\ntmsapi.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 40960 c:\windows\system32\ntmsapi.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 44032 c:\windows\system32\ntlanman.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 67072 c:\windows\system32\ntdsapi.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 67072 c:\windows\system32\ntdsapi.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 76800 c:\windows\system32\nslookup.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 76800 c:\windows\system32\nslookup.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 54784 c:\windows\system32\npptools.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 54784 c:\windows\system32\npptools.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 15360 c:\windows\system32\npp\nppagent.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 15360 c:\windows\system32\npp\nppagent.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 57344 c:\windows\system32\npp\ndisnpp.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 57344 c:\windows\system32\npp\ndisnpp.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 69120 c:\windows\system32\notepad.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 69120 c:\windows\system32\notepad.exe
+ 2005-04-20 20:32 . 2008-04-14 00:12 28672 c:\windows\system32\nmmkcert.dll
- 2005-04-20 20:32 . 2004-08-04 12:00 28672 c:\windows\system32\nmmkcert.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 98304 c:\windows\system32\nlhtml.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 80896 c:\windows\system32\netui0.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 80896 c:\windows\system32\netui0.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 36864 c:\windows\system32\netstat.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 36864 c:\windows\system32\netstat.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 86016 c:\windows\system32\netsh.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 86016 c:\windows\system32\netsh.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 11776 c:\windows\system32\netrap.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 42496 c:\windows\system32\net.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 42496 c:\windows\system32\net.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 18944 c:\windows\system32\nddenb32.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 18944 c:\windows\system32\nddenb32.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 17920 c:\windows\system32\nddeapi.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 17920 c:\windows\system32\nddeapi.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 36352 c:\windows\system32\ncobjapi.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 36352 c:\windows\system32\ncobjapi.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 53760 c:\windows\system32\narrator.exe
- 2005-04-20 18:44 . 2006-10-04 08:48 53760 c:\windows\system32\narrator.exe
+ 2008-09-24 06:36 . 2008-04-14 00:12 30208 c:\windows\system32\napipsec.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 90624 c:\windows\system32\mydocs.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 90624 c:\windows\system32\mydocs.dll
+ 2005-04-20 20:31 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2005-04-20 20:31 . 2008-04-14 00:12 34304 c:\windows\system32\mtxlegih.dll
+ 2005-04-20 20:31 . 2008-04-14 00:12 30720 c:\windows\system32\mtxdm.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
- 2005-04-20 18:44 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 16896 c:\windows\system32\msyuv.dll
+ 2006-10-05 09:31 . 2008-04-13 17:27 79872 c:\windows\system32\msxml6r.dll
- 2006-10-05 09:31 . 2006-10-05 09:31 79872 c:\windows\system32\msxml6r.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 72704 c:\windows\system32\msw3prt.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 72704 c:\windows\system32\msw3prt.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 61440 c:\windows\system32\msvcrt40.dll
+ 2005-04-20 18:44 . 2008-04-13 18:30 61440 c:\windows\system32\msvcrt40.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 57344 c:\windows\system32\msvcirt.dll
+ 2005-04-20 20:32 . 2008-04-14 00:12 12288 c:\windows\system32\mstinit.exe
- 2005-04-20 20:32 . 2004-08-04 12:00 12288 c:\windows\system32\mstinit.exe
+ 2008-09-24 06:36 . 2008-04-13 18:14 76800 c:\windows\system32\msshavmsg.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 11264 c:\windows\system32\msrle32.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 11264 c:\windows\system32\msrle32.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 48128 c:\windows\system32\msprivs.dll
+ 2005-04-20 18:44 . 2008-04-13 16:23 48128 c:\windows\system32\msprivs.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 29696 c:\windows\system32\mspatcha.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 20480 c:\windows\system32\msorc32r.dll
+ 2005-04-20 18:44 . 2008-04-13 17:24 20480 c:\windows\system32\msorc32r.dll
- 2005-04-20 18:45 . 2004-08-04 12:00 25088 c:\windows\system32\mslbui.dll
+ 2005-04-20 18:45 . 2008-04-14 00:12 25088 c:\windows\system32\mslbui.dll
+ 2005-04-20 18:44 . 2008-04-14 00:11 15360 c:\windows\system32\msisip.dll
- 2005-04-20 18:44 . 2005-05-04 22:45 15360 c:\windows\system32\msisip.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 78848 c:\windows\system32\msiexec.exe
- 2005-04-20 18:44 . 2005-05-04 22:45 78848 c:\windows\system32\msiexec.exe
- 2005-04-20 18:44 . 2004-08-04 12:00 51712 c:\windows\system32\msident.dll
+ 2005-04-20 18:44 . 2008-04-14 00:11 51712 c:\windows\system32\msident.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 56832 c:\windows\system32\mshtmler.dll
+ 2005-04-20 18:44 . 2008-04-13 16:26 56832 c:\windows\system32\mshtmler.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 29184 c:\windows\system32\mshta.exe
+ 2005-04-20 18:44 . 2008-04-14 00:12 29184 c:\windows\system32\mshta.exe
+ 2005-04-20 18:44 . 2008-04-14 00:11 33792 c:\windows\system32\msgsvc.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 33792 c:\windows\system32\msgsvc.dll
- 2005-04-20 20:30 . 2004-08-04 12:00 58880 c:\windows\system32\msdtclog.dll
+ 2005-04-20 20:30 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2005-04-20 18:44 . 2008-04-14 00:11 14336 c:\windows\system32\msdmo.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 14336 c:\windows\system32\msdmo.dll
+ 2005-04-20 18:45 . 2008-04-14 00:11 68608 c:\windows\system32\msctfp.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 36864 c:\windows\system32\mscpxl32.dLL
+ 2005-04-20 18:44 . 2008-04-14 00:11 36864 c:\windows\system32\mscpxl32.dll
+ 2005-04-20 18:44 . 2008-04-13 17:26 12288 c:\windows\system32\mscpx32r.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 12288 c:\windows\system32\mscpx32r.dLL
- 2005-04-20 20:32 . 2004-08-04 12:00 69632 c:\windows\system32\msconf.dll
+ 2005-04-20 20:32 . 2008-04-14 00:11 69632 c:\windows\system32\msconf.dll
- 2005-04-20 18:44 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
+ 2005-04-20 18:44 . 2008-06-24 16:43 74240 c:\windows\system32\mscms.dll
+ 2005-04-20 18:44 . 2008-04-14 00:11 57344 c:\windows\system32\msasn1.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 57344 c:\windows\system32\msasn1.dll
+ 2005-04-20 18:44 . 2008-04-14 00:11 86016 c:\windows\system32\msapsspc.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 86016 c:\windows\system32\msapsspc.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 71680 c:\windows\system32\msacm32.dll
+ 2005-04-20 18:44 . 2008-04-14 00:11 71680 c:\windows\system32\msacm32.dll
+ 2005-04-20 18:44 . 2008-04-14 00:11 53248 c:\windows\system32\mprdim.dll
+ 2005-04-20 18:44 . 2008-04-14 00:11 87040 c:\windows\system32\mprapi.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 87040 c:\windows\system32\mprapi.dll
+ 2005-04-20 18:44 . 2008-04-14 00:11 59904 c:\windows\system32\mpr.dll
- 2005-04-20 18:44 . 2004-08-04 12:00 59904 c:\windows\system32\mpr.dll
+ 2005-04-20 18:44 . 2008-04-14 00:12 16896 c:\windows\system32\more.com
+ 2005-04-20 20:32 . 2008-04-14 00:12 32768 c:\windows\system32\mnmsrvc.exe
- 2005-04-20 20:32 . 2004-08-04 12:00 32768 c:\windows\system32\mnmsrvc.exe
+ 2005-04-20 20:32 . 2008-04-14 00:11 34560 c:\windows\system32\mnmdd.dll
- 2005-04-20 20:32 . 2004-08-04 12:00 34560 c:\windows\system32\mnmdd.dll
- 2005-04-20 20:30 . 2004-08-04 12:00 17408 c:\windows\system32\mmfutil.dll
+ 2005-04-20 20:30 . 2008-04-14 00:11 17408 c:\windows\system32\mmfutil.dll
+ 2005-04-20 18:44 . 2008-04-14 00:11 61440 c:\windows\system32\mmcshext.dll
+ 2008-09-24 06:36 . 2008-04-14 00:12 33792 c:\windows\system32\mmcperf.exe
sturgeongeneral
Regular Member
 
Posts: 19
Joined: August 19th, 2010, 10:36 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware