Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

INFESTED WITH BANDOO/SEARCHQU

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 18th, 2011, 1:41 am

The bandoo icons was downloaded while my cousin was using yahoo messenger. Now its running my browsers the I.E. and mozilla. Anybody who can help me remove it from my laptop. I only use it at home. Any help is highly appreciated!

I'm sorry about the earlier posts just figured out how to post DDS.txt

I hope i got this right.

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by Y450 at 13:14:19 on 2011-06-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1912.858 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lenovo\OneKey App\OneKey Recovery\FHPService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\IgrsSvcs.exe
c:\Program Files\Cyberlink\Shared files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Program Files\Globe Tattoo\AssistantServices.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Lenovo OneKey Theater\OneKeyTheater.exe
C:\Program Files\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Globe Tattoo\UIExec.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/
mStart Page = hxxp://lenovo.live.com/
mDefault_Page_URL = hxxp://www.lenovo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearshare applications\mediabar\toolbar\BearshareMediabarDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\mediabar\datamngr\IEBHO.dll
BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearshare applications\mediabar\toolbar\BearshareMediabarDx.dll
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ReadyComm] c:\program files\lenovo\readycomm\ReadyComm.exe -TrayMode
uRun: [cdloader] "c:\users\y450\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OneKey Theater] c:\progra~1\lenovo\lenovo~1\ONEKEY~1.EXE
mRun: [MDS_Menu] "c:\program files\lenovo\mediashow\muitransfer\muistartmenu.exe" "c:\program files\lenovo\mediashow" updatewithcreateonce "software\cyberlink\mediashow\4.1"
mRun: [Desktop Navigator] %ProgramFiles%\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe -sysStartup
mRun: [VeriFaceManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DataMngr] c:\program files\bearshare applications\mediabar\datamngr\DataMngrUI.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UIExec] "c:\program files\globe tattoo\UIExec.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
StartupFolder: c:\users\y450\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{257ECB15-578A-4077-B5D1-DA7276A2B741} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\y450\appdata\roaming\mozilla\firefox\profiles\x45w10gd.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/firefox/?fr=yff40-sfp
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... mid=101&q=
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\users\y450\appdata\local\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\users\y450\appdata\roaming\mozilla\plugins\np-mswmp.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\drivers\Wdkbdmou.sys [2008-12-18 8832]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-12 11608]
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-9-4 48192]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-12 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-12 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-12 56816]
R2 FHPService;FHPService;c:\program files\lenovo\onekey app\onekey recovery\FHPService.exe [2008-7-24 169256]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2008-12-18 36480]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2009-9-4 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-9-4 48144]
R2 UI Assistant Service;UI Assistant Service;c:\program files\globe tattoo\AssistantServices.exe [2010-8-5 246272]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-9-4 21008]
R3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-30 112128]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-1-14 107360]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-6-20 212992]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-12-19 3664384]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2008-12-18 8832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MSSQL$INSTANCENAME;SQL Server (INSTANCENAME);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-9-4 29736]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-8-5 9216]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-9-4 82928]
.
=============== Created Last 30 ================
.
2011-06-17 13:16:50 -------- d-----w- c:\programdata\boost_interprocess
2011-06-17 13:16:24 77 ----a-w- c:\users\y450\appdata\local\GLFA906.tmp
2011-06-17 13:16:24 726 ----a-w- c:\users\y450\appdata\local\GLFA905.tmp
2011-06-17 13:16:23 1524112 ------w- c:\windows\system32\bandoolmx.dll
2011-06-17 13:00:10 -------- d-----w- c:\program files\Bandoo
2011-06-17 12:13:31 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{65b3ff0d-13a6-4078-8240-233e678db4e4}\mpengine.dll
2011-06-16 11:54:46 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-05-24 11:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:15:34.86 ===============

attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/4/2009 8:21:06 PM
System Uptime: 6/18/2011 8:41:33 AM (5 hours ago)
.
Motherboard: LENOVO | | KL1
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | U2E1 | 1600/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 253 GiB total, 168.782 GiB free.
D: is FIXED (NTFS) - 31 GiB total, 14.841 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP378: 6/18/2011 9:19:46 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom Gigabit NetLink Controller
Business Contact Manager for Outlook 2007 SP2
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon iP1900 series Printer Driver
Canon iP2700 series Printer Driver
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Carbonite Online Backup Setup
CCleaner (remove only)
Dolby Control Center
EasyCapture
Energy Management
FlipShare
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Globe Tattoo
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
ITECIR Driver
iTunes
JMicron JMB38X Flash Media Controller Driver
K-Lite Codec Pack 4.7.5 (Full)
Lenovo Bluetooth with Enhanced Data Rate Software 6.2.0.6300
Lenovo Desktop Navigator
Lenovo Desktop Navigator Library Tool
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo OneKey Theater
Lenovo ReadyComm 4.0
Lenovo System Repair - Windows Update Monitor
Lippincott's Review for NCLEX-RN 8th Edition
magicJack
MediaBar
MediaShow
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (INSTANCENAME)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mosby's Comp Review of Nursing for NCLEX-RN, 17e
Mozilla Firefox 4.0 (x86 en-US)
Pediatric Nursing Skills and Student Tutorial
Power2Go
QuickTime
Realtek High Definition Audio Driver
Safari
Saunders NCLEX-RN4e
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
SMART BRO
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
VeriFace
VLC media player 1.0.3
Windows 7 Upgrade Advisor
Windows Live Toolbar
WinRAR archiver
Yahoo! BrowserPlus
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
6/18/2011 9:04:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007041d: Security Update for Windows Vista (KB2544893).
6/18/2011 9:04:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007041d: Security Update for Windows Vista (KB2536276).
6/18/2011 9:04:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007041d: Security Update for Internet Explorer 8 for Windows Vista (KB2544521).
6/18/2011 8:55:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007041d: Security Update for Windows Vista (KB2536275).
6/18/2011 8:55:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007041d: Security Update for Windows Vista (KB2535512).
6/18/2011 8:55:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007041d: Security Update for Windows Vista (KB2503665).
6/18/2011 8:55:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007041d: Security Update for Windows Vista (KB2476490).
6/18/2011 8:55:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007041d: Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 x86 (KB2449742).
6/18/2011 8:55:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007041d: Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2530548).
6/18/2011 8:54:50 AM, Error: Microsoft-Windows-SharedAccess_NAT [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.100. The allocator has disabled itself on the interface to avoid confusing DHCP clients.
6/18/2011 8:54:29 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2544893_client~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
6/18/2011 8:54:29 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2544893_client_2~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
6/18/2011 8:54:29 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2544893_client_1~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
6/18/2011 8:54:29 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2544521_ie8~31bf3856ad364e35~x86~~8.0.1.1 () into Resolved(Resolved) state
6/18/2011 8:54:29 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2544521_ie8_0~31bf3856ad364e35~x86~~8.0.1.1 () into Resolved(Resolved) state
6/18/2011 8:54:29 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2536276_client~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
6/18/2011 8:54:29 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2536276_client_2~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2536276_client_1~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2536275_client~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2536275_client_2~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2536275_client_1~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2535512~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2535512_client~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2535512_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2535512_client_1~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2530548_ie8~31bf3856ad364e35~x86~~8.0.1.1 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2530548_ie8_0~31bf3856ad364e35~x86~~8.0.1.1 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2503665_client~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2503665_client_2~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2503665_client_1~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2476490_client~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2476490_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2476490_client_1~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2449742_client~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2449742_client_2~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB2449742~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB2536276~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB2535512~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB2503665~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB2476490~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_4_for_KB2536275~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_3_for_KB2544893~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2536276~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2535512~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2503665~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2476490~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2544893~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2544521~31bf3856ad364e35~x86~~8.0.1.1 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2536275~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2530548~31bf3856ad364e35~x86~~8.0.1.1 () into Resolved(Resolved) state
6/18/2011 8:54:28 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2449742~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
6/18/2011 8:54:22 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2503665~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
6/18/2011 8:54:16 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2449742~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
6/18/2011 8:54:10 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2536275~31bf3856ad364e35~x86~~6.0.1.2 () into Resolved(Resolved) state
6/18/2011 8:54:05 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2476490~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state
6/18/2011 8:53:59 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2530548~31bf3856ad364e35~x86~~8.0.1.1 () into Resolved(Resolved) state
6/18/2011 8:53:54 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2544893~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
6/18/2011 8:53:52 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2544521~31bf3856ad364e35~x86~~8.0.1.1 () into Resolved(Resolved) state
6/18/2011 8:53:50 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2536276~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
6/18/2011 8:46:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
6/18/2011 8:43:43 AM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
6/18/2011 8:43:35 AM, Error: Service Control Manager [7024] - The SQL Server (INSTANCENAME) service terminated with service-specific error 3414 (0xD56).
6/18/2011 8:43:35 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/18/2011 8:17:57 AM, Error: volmgr [46] - Crash dump initialization failed!
6/18/2011 7:30:17 AM, Error: Service Control Manager [7034] - The ReadyComm.DirectRouter service terminated unexpectedly. It has done this 1 time(s).
6/18/2011 7:30:17 AM, Error: Service Control Manager [7034] - The ReadyComm Network Monitor and Configuration service terminated unexpectedly. It has done this 1 time(s).
6/18/2011 7:29:07 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.14.44, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
6/18/2011 3:36:35 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
6/18/2011 3:03:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2535818).
6/18/2011 3:02:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
6/18/2011 3:02:13 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2011 3:02:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/18/2011 10:32:35 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
6/17/2011 9:16:33 PM, Error: Service Control Manager [7030] - The Bandoo Coordinator service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/17/2011 10:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {B543EF05-9758-464E-9F37-4C28525B4A4C}. The error: "2" Happened while starting this command: "C:\PROGRA~1\Bandoo\BndCore.exe" -Embedding
6/16/2011 8:11:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows PowerShell 2.0 and WinRM 2.0 for Windows Vista (KB968930).
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WindowsRemoteManagement from package KB950099(Software Update) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WindowsRemoteManagement from package KB950099(Language Pack) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-zh-tw-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-zh-hk-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-zh-cn-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-uk-ua-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-tr-tr-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-th-th-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-sv-se-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-sr-latn-cs-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-sl-si-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-sk-sk-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-ru-ru-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-ro-ro-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-pt-pt-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-pt-br-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-pl-pl-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-nl-nl-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-Neutral from package KB968930(Update) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-nb-no-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-lv-lv-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-lt-lt-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-ko-kr-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-ja-jp-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-it-it-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-hu-hu-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-hr-hr-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-he-il-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-fr-fr-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-fi-fi-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-et-ee-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-es-es-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-en-us-LP from package Windows-Management-Framework-Core-Package-en-us-MiniLP(Update) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-en-us-LP-Toplevel from package KB968930(Update) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-el-gr-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-de-de-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-da-dk-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-cs-cz-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-bg-bg-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-ar-sa-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update MicrosoftWindowsPowerShellISE from package PowerShell ISE_en-US(Language Pack) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update MicrosoftWindowsPowerShellISE from package KB968931(Software Update) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update MicrosoftWindowsPowerShell2 from package KB968923(Software Update) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update MicrosoftWindowsPowerShell2 from package KB928439(Language Pack) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Microsoft-Windows-WINRM-WTR-Neutral-PACKAGE from package KB968930(Software Update) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Microsoft-Windows-WINRM-WTR-Neutral-PACKAGE from package KB968930(Language Pack) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Microsoft-Windows-PowerShell-WTR-Neutral-PACKAGE from package KB968930(Software Update) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Microsoft-Windows-PowerShell-WTR-Neutral-PACKAGE from package KB968930(Language Pack) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Microsoft-Windows-PowerShell-ISE-WTR-Neutral-PACKAGE from package KB968930(Software Update) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Microsoft-Windows-PowerShell-ISE-WTR-Neutral-PACKAGE from package KB968930(Language Pack) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update KB950099_server_neutral_PACKAGE from package KB950099(Software Update) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update KB950099_server_neutral_PACKAGE from package KB950099(Language Pack) into Absent(Absent) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update KB950099_client_neutral_PACKAGE from package KB950099(Software Update) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update KB950099_client_neutral_PACKAGE from package KB950099(Language Pack) into Staged(Staged) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows-Management-Framework-Core-Package-en-us-MiniLP (Update) into Install Requested(Install Requested) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package PowerShell ISE_en-US (Language Pack) into Install Requested(Install Requested) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968931 (Software Update) into Install Requested(Install Requested) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968930 (Software Update) into Install Requested(Install Requested) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968930 (Language Pack) into Install Requested(Install Requested) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968923 (Software Update) into Install Requested(Install Requested) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB950099 (Software Update) into Install Requested(Install Requested) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB950099 (Language Pack) into Install Requested(Install Requested) state
6/16/2011 8:11:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB928439 (Language Pack) into Install Requested(Install Requested) state
6/16/2011 8:11:17 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968930 (Update) into Install Requested(Install Requested) state
6/16/2011 7:14:28 AM, Error: Service Control Manager [7022] - The Yahoo! Updater service hung on starting.
6/16/2011 4:13:19 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
6/15/2011 3:42:37 PM, Error: PlugPlayManager [12] - The device 'Optiarc DVD RW AD-7560S' (IDE\CdRomOptiarc_DVD_RW_AD-7560S_________________S805____\4&1a5db773&0&0.1.0) disappeared from the system without first being prepared for removal.
6/15/2011 12:28:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 x86 (KB2449742).
6/14/2011 2:20:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).
6/13/2011 9:34:31 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 x86 (KB2449742).
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-83_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-82_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-81_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-80_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-8_neutral_GDR from package KB2449742(Security Update) into Staged(Staged) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-79_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-78_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-77_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-76_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-75_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-74_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-73_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-72_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-71_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-70_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-69_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-68_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-67_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-66_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-65_neutral_PACKAGE from package KB2449742(Security Update) into Staged(Staged) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-64_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-63_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-62_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-61_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-60_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-6_neutral_GDR from package KB2449742(Security Update) into Staged(Staged) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-59_neutral_PACKAGE from package KB2449742(Security Update) into Staged(Staged) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-4_neutral_GDR from package KB2449742(Security Update) into Staged(Staged) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-244_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-243_neutral_PACKAGE from package KB2449742(Security Update) into Absent(Absent) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-242_neutral_PACKAGE from package KB2449742(Security Update) into Staged(Staged) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-239_neutral_PACKAGE from package KB2449742(Security Update) into Staged(Staged) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-22_neutral_GDR from package KB2449742(Security Update) into Staged(Staged) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-2_neutral_GDR from package KB2449742(Security Update) into Staged(Staged) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2449742-10_neutral_GDR from package KB2449742(Security Update) into Staged(Staged) state
6/13/2011 9:34:25 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2449742 (Security Update) into Install Requested(Install Requested) state
6/12/2011 12:00:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007041d: Windows PowerShell 2.0 and WinRM 2.0 for Windows Vista (KB968930).
6/12/2011 11:51:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows-Management-Protocols-Package~31bf3856ad364e35~x86~en-US~7.0.6002.18181 () into Staged(Staged) state
6/12/2011 11:51:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows-Management-Protocols-Package~31bf3856ad364e35~x86~~7.0.6002.18181 () into Staged(Staged) state
6/12/2011 11:51:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows-Management-Framework-Core~31bf3856ad364e35~x86~en-US~7.0.6002.18181 () into Staged(Staged) state
6/12/2011 11:51:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows-Management-Framework-Core~31bf3856ad364e35~x86~~7.0.6002.18181 () into Staged(Staged) state
6/12/2011 11:51:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows-Management-Framework-Core-TopLevel~31bf3856ad364e35~x86~~7.0.6002.18191 () into Staged(Staged) state
6/12/2011 11:51:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows-Management-Framework-Core-MiniLP~31bf3856ad364e35~x86~en-US~7.0.6002.18181 () into Staged(Staged) state
6/12/2011 11:51:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB950099_client~31bf3856ad364e35~x86~en-US~7.0.6002.18181 () into Staged(Staged) state
6/12/2011 11:51:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB950099_client~31bf3856ad364e35~x86~~7.0.6002.18181 () into Staged(Staged) state
6/12/2011 11:51:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-PowerShell-WTR-Package~31bf3856ad364e35~x86~en-US~7.0.6002.18181 () into Staged(Staged) state
6/12/2011 11:51:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-PowerShell-WTR-Package~31bf3856ad364e35~x86~~7.0.6002.18181 () into Staged(Staged) state
6/12/2011 11:51:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-PowerShell-ISE-Package~31bf3856ad364e35~x86~en-US~7.0.6002.18181 () into Staged(Staged) state
6/12/2011 11:51:24 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-PowerShell-ISE-Package~31bf3856ad364e35~x86~~7.0.6002.18181 () into Staged(Staged) state
.
==== End Of File ===========================
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm
Advertisement
Register to Remove

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » June 22nd, 2011, 8:44 am

Looking over your log, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » June 22nd, 2011, 9:04 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.
  • Download ERUNT to your desktop
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Download OTL by OldTimer to your Desktop.

Alternative Download

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 22nd, 2011, 10:33 pm

Hello Sir!

Sorry i've been away. Anyway here are my OTL log, Extras Log and TDSSkillerlogs. I'll be posting it separately as you instructed. Thank you so much for replying. Looking forward to learn more from you and to be able to remove this thing.


HERE IS THE OTL LOG

OTL logfile created on: 6/23/2011 10:05:53 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Y450\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 34.79% Memory free
3.97 Gb Paging File | 2.38 Gb Available in Paging File | 60.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.81 Gb Total Space | 168.05 Gb Free Space | 66.47% Space Free | Partition Type: NTFS
Drive D: | 30.52 Gb Total Space | 14.84 Gb Free Space | 48.62% Space Free | Partition Type: NTFS

Computer Name: Y450-PC | User Name: Y450 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/23 10:04:36 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Y450\Desktop\OTL.exe
PRC - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2009/11/19 06:57:39 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/11/19 06:57:39 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/11/02 09:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/09/25 13:06:06 | 005,145,912 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/09/22 13:30:28 | 000,246,272 | ---- | M] () -- C:\Program Files\Globe Tattoo\AssistantServices.exe
PRC - [2009/09/22 13:29:00 | 000,132,096 | ---- | M] () -- C:\Program Files\Globe Tattoo\UIExec.exe
PRC - [2009/09/09 05:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/09/04 21:18:48 | 003,112,960 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\VeriFace\PManage.exe
PRC - [2009/07/17 07:33:46 | 005,330,760 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/04/28 03:32:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/04/28 03:32:28 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/03 07:27:34 | 000,326,144 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe
PRC - [2009/03/03 04:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/10 19:45:24 | 000,860,160 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo OneKey Theater\OneKeyTheater.exe
PRC - [2008/12/20 01:35:50 | 008,828,744 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/12/18 06:52:40 | 000,036,480 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2008/12/18 04:56:34 | 000,429,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/04 23:10:20 | 000,780,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2008/11/04 23:10:20 | 000,555,560 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2008/09/28 02:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008/07/24 07:48:34 | 000,169,256 | ---- | M] () -- C:\Program Files\Lenovo\OneKey App\OneKey Recovery\FHPService.exe
PRC - [2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe
PRC - [2008/01/21 10:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/21 10:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2008/01/12 08:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2006/11/02 20:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (SafeList) ==========

MOD - [2011/06/23 10:04:36 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Y450\Desktop\OTL.exe
MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2009/11/19 06:57:39 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/11/19 06:57:39 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/22 13:30:28 | 000,246,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Globe Tattoo\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/09/09 05:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/04/28 03:32:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/12/18 06:52:40 | 000,036,480 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 23:10:20 | 000,555,560 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/09/28 02:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008/07/24 07:48:34 | 000,169,256 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\OneKey Recovery\FHPService.exe -- (FHPService)
SRV - [2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IgrsSvcs.exe -- (IncSvc)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/12 08:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/12/09 02:41:20 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/19 06:57:40 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/11/19 06:57:40 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/09/04 21:19:45 | 000,048,192 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009/09/01 09:55:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/09/01 09:55:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/09/01 09:55:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/09/01 09:55:54 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/07/14 09:03:32 | 000,021,008 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/07/10 07:25:00 | 000,048,144 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2009/07/10 06:11:24 | 000,082,928 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2009/04/11 12:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/02/14 03:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/09 18:34:14 | 001,185,960 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/12/18 06:50:56 | 000,008,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Wdkbdmou.sys -- (Wdkbdmou)
DRV - [2008/12/18 04:58:38 | 000,008,832 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2008/10/20 17:32:00 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/09/22 05:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/08/28 23:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/06/20 09:47:02 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/01/25 01:08:34 | 000,010,880 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ITEhidCIR.sys -- (vhidmini)
DRV - [2007/05/23 16:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 15:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/
IE - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com/firefox/?fr=yff40-sfp"
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.8.0
FF - prefs.js..extensions.enabledItems: {0200c2a9-70da-4f6d-b527-f5f7d7877228}:0.4.5
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=101&q="


FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/05 08:05:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/11 17:10:57 | 000,000,000 | ---D | M]

[2009/11/12 10:53:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Y450\AppData\Roaming\Mozilla\Extensions
[2011/06/17 23:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Y450\AppData\Roaming\Mozilla\Firefox\Profiles\x45w10gd.default\extensions
[2011/04/05 08:05:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Y450\AppData\Roaming\Mozilla\Firefox\Profiles\x45w10gd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/04 02:54:24 | 000,002,476 | ---- | M] () -- C:\Users\Y450\AppData\Roaming\Mozilla\Firefox\Profiles\x45w10gd.default\searchplugins\BearShareWebSearch.xml
[2011/06/17 21:16:49 | 000,002,497 | ---- | M] () -- C:\Users\Y450\AppData\Roaming\Mozilla\Firefox\Profiles\x45w10gd.default\searchplugins\SearchResults.xml
[2011/04/05 08:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/05 06:59:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/04/05 08:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/04/05 08:05:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) --
[2009/11/24 23:54:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/01/01 16:00:00 | 000,135,168 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/12/04 02:54:24 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/06/17 21:16:49 | 000,002,497 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Desktop Navigator] C:\Program Files\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe (Lenovo)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MDS_Menu] c:\Program Files\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [OneKey Theater] C:\Program Files\Lenovo\Lenovo OneKey Theater\OneKeyTheater.exe (Lenovo)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Globe Tattoo\UIExec.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005..\Run: [cdloader] C:\Users\Y450\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005..\Run: [ReadyComm] C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe (Lenovo Group Limited)
O7 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
O15 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Y450\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Y450\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{423ecedf-f55f-11de-8619-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{423ecedf-f55f-11de-8619-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{423eceeb-f55f-11de-8619-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{423eceeb-f55f-11de-8619-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{78f959c2-f5f5-11df-94d8-00238bfc3831}\Shell\AutoRun\command - "" = wscript.exe jargon.vbs
O33 - MountPoints2\{78f959c2-f5f5-11df-94d8-00238bfc3831}\Shell\Open\Command - "" = wscript.exe jargon.vbs
O33 - MountPoints2\{87f96c1d-cf35-11de-9004-002556fdfa60}\Shell - "" = AutoRun
O33 - MountPoints2\{87f96c1d-cf35-11de-9004-002556fdfa60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{87f96c3d-cf35-11de-9004-002556fdfa60}\Shell - "" = AutoRun
O33 - MountPoints2\{87f96c3d-cf35-11de-9004-002556fdfa60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{92ddcf46-cfaa-11df-83b5-00238bfc3831}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL WaLIh.eXE
O33 - MountPoints2\{bde627be-a024-11df-a6f9-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{bde627be-a024-11df-a6f9-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bde627c3-a024-11df-a6f9-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{bde627c3-a024-11df-a6f9-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c1a06ed1-4a72-11df-854f-00238bfc3831}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{c1a06ed1-4a72-11df-854f-00238bfc3831}\Shell\verb\command - "" = F:\installer.exe
O33 - MountPoints2\{c85fc0b1-d98b-11df-8d45-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{c85fc0b1-d98b-11df-8d45-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c85fc0ce-d98b-11df-8d45-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{c85fc0ce-d98b-11df-8d45-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c85fc0d9-d98b-11df-8d45-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{c85fc0d9-d98b-11df-8d45-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c85fc0e3-d98b-11df-8d45-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{c85fc0e3-d98b-11df-8d45-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c85fc0ee-d98b-11df-8d45-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{c85fc0ee-d98b-11df-8d45-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{db38fc01-e6d4-11df-a03b-00238bfc3831}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ZIwUT.Exe
O33 - MountPoints2\{fb7411f5-3162-11df-a450-002556fdfa60}\Shell\AutoRun\command - "" = F:\vircure/vircure32.exe
O33 - MountPoints2\{fb7411f5-3162-11df-a450-002556fdfa60}\Shell\explore\command - "" = F:\vircure/vircure32.exe
O33 - MountPoints2\{fb7411f5-3162-11df-a450-002556fdfa60}\Shell\open\command - "" = F:\vircure/vircure32.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 10:04:34 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Y450\Desktop\OTL.exe
[2011/06/23 10:01:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/23 10:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/06/23 10:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/23 09:56:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Y450\Desktop\erunt-setup.exe
[2011/06/17 21:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/06/17 21:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bandoo
[2011/05/27 16:29:19 | 000,000,000 | ---D | C] -- C:\Users\Y450\Desktop\DECEMBER 25, 2010
[2011/05/27 15:55:16 | 000,000,000 | ---D | C] -- C:\Users\Y450\Desktop\JOVY
[2011/05/26 21:39:51 | 000,000,000 | ---D | C] -- C:\Users\Y450\Desktop\JR'S CASE
[2011/05/26 21:10:40 | 000,000,000 | ---D | C] -- C:\Users\Y450\Desktop\CASE REVIEW
[2011/05/26 17:23:38 | 000,000,000 | ---D | C] -- C:\Users\Y450\Desktop\MED. MISSION JR
[2011/05/25 10:30:06 | 000,000,000 | ---D | C] -- C:\Users\Y450\Desktop\PARADE AND DIADI
[2011/05/24 20:34:07 | 000,000,000 | ---D | C] -- C:\Users\Y450\Desktop\MED. MISSION AMMUNGAN
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2 C:\Users\Y450\AppData\Local\*.tmp files -> C:\Users\Y450\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/23 10:04:36 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Y450\Desktop\OTL.exe
[2011/06/23 10:00:52 | 000,000,674 | ---- | M] () -- C:\Users\Y450\Desktop\ERUNT.lnk
[2011/06/23 09:56:55 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Y450\Desktop\erunt-setup.exe
[2011/06/23 09:51:04 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2011/06/23 09:50:57 | 000,698,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/23 09:50:57 | 000,139,732 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/23 09:47:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/23 09:44:12 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011/06/23 09:44:03 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/23 09:44:03 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/23 09:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/18 20:55:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/18 20:14:59 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/18 12:24:02 | 000,721,792 | ---- | M] () -- C:\Users\Y450\Desktop\5TH BATCH NOV. '11.rar
[2011/06/17 23:36:34 | 000,002,070 | ---- | M] () -- C:\Users\Y450\Desktop\OneKey Recovery.lnk
[2011/06/15 10:59:34 | 000,180,224 | ---- | M] () -- C:\Users\Y450\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 08:07:52 | 000,282,024 | ---- | M] () -- C:\Users\Y450\Desktop\DSCN1502.JPG
[2011/06/05 11:06:55 | 000,296,034 | ---- | M] () -- C:\Users\Y450\Desktop\acnescarsguide.pdf
[2011/06/04 20:16:05 | 000,045,984 | ---- | M] () -- C:\Users\Y450\Desktop\walk-in-closet-design.jpg
[2011/06/02 03:24:38 | 001,524,112 | ---- | M] () -- C:\Windows\System32\bandoolmx.dll
[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2 C:\Users\Y450\AppData\Local\*.tmp files -> C:\Users\Y450\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/23 10:00:52 | 000,000,674 | ---- | C] () -- C:\Users\Y450\Desktop\ERUNT.lnk
[2011/06/18 12:24:01 | 000,721,792 | ---- | C] () -- C:\Users\Y450\Desktop\5TH BATCH NOV. '11.rar
[2011/06/17 21:16:23 | 001,524,112 | ---- | C] () -- C:\Windows\System32\bandoolmx.dll
[2011/06/05 11:06:55 | 000,296,034 | ---- | C] () -- C:\Users\Y450\Desktop\acnescarsguide.pdf
[2011/06/04 20:15:57 | 000,045,984 | ---- | C] () -- C:\Users\Y450\Desktop\walk-in-closet-design.jpg
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/05/05 07:03:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/07 02:13:31 | 000,007,728 | ---- | C] () -- C:\Users\Y450\AppData\Local\d3d9caps.dat
[2009/11/24 12:22:27 | 000,024,206 | ---- | C] () -- C:\Users\Y450\AppData\Roaming\UserTile.png
[2009/11/20 09:10:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/11/19 09:43:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/19 09:43:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/17 00:32:43 | 000,180,224 | ---- | C] () -- C:\Users\Y450\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/12 05:53:19 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/11/12 05:53:13 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/12 05:53:13 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/11/12 05:53:11 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/11/12 05:53:06 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/04 21:19:46 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll
[2009/09/04 21:19:46 | 000,048,192 | ---- | C] () -- C:\Windows\System32\drivers\funfrm.sys
[2009/09/04 21:19:42 | 000,241,664 | ---- | C] () -- C:\Windows\System32\3DImageRenderer.dll
[2009/09/04 21:19:05 | 002,101,248 | ---- | C] () -- C:\Windows\System32\Apblend.dll
[2009/09/04 21:19:05 | 001,404,928 | ---- | C] () -- C:\Windows\System32\IcnOvrly.dll
[2009/09/04 21:19:05 | 000,655,360 | ---- | C] () -- C:\Windows\System32\EncIcons.dll
[2009/09/04 21:19:05 | 000,507,904 | ---- | C] () -- C:\Windows\System32\SimpleExt.dll
[2009/09/04 21:02:11 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/09/04 20:20:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/12/30 11:24:48 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/12/30 11:24:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2008/12/30 11:24:46 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/12/18 06:50:56 | 000,008,832 | ---- | C] () -- C:\Windows\System32\drivers\Wdkbdmou.sys
[2008/09/20 03:14:16 | 000,024,056 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 20:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:37 | 000,401,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,698,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,139,732 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/15 03:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/04/03 16:59:11 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\LenovoDesktopNavigator
[2011/04/03 10:47:00 | 000,000,000 | ---D | M] -- C:\Users\ROSS\AppData\Roaming\LenovoDesktopNavigator
[2009/11/12 14:28:46 | 000,000,000 | ---D | M] -- C:\Users\Y450\AppData\Roaming\EasyCapture
[2011/04/15 11:15:41 | 000,000,000 | ---D | M] -- C:\Users\Y450\AppData\Roaming\Flip Video
[2009/10/24 08:49:07 | 000,000,000 | ---D | M] -- C:\Users\Y450\AppData\Roaming\Lenovo
[2009/10/24 08:50:14 | 000,000,000 | ---D | M] -- C:\Users\Y450\AppData\Roaming\LenovoDesktopNavigator
[2011/04/18 13:52:39 | 000,000,000 | ---D | M] -- C:\Users\Y450\AppData\Roaming\mjusbsp
[2009/11/24 12:22:27 | 000,000,000 | ---D | M] -- C:\Users\Y450\AppData\Roaming\PeerNetworking
[2009/11/20 14:00:57 | 000,000,000 | ---D | M] -- C:\Users\Y450\AppData\Roaming\PlayFirst
[2011/06/23 09:51:04 | 000,000,270 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2011/06/18 20:55:13 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 22nd, 2011, 10:35 pm

HERE IS THE EXTRAS LOG :


OTL Extras logfile created on: 6/23/2011 10:05:53 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Y450\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 34.79% Memory free
3.97 Gb Paging File | 2.38 Gb Available in Paging File | 60.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.81 Gb Total Space | 168.05 Gb Free Space | 66.47% Space Free | Partition Type: NTFS
Drive D: | 30.52 Gb Total Space | 14.84 Gb Free Space | 48.62% Space Free | Partition Type: NTFS

Computer Name: Y450-PC | User Name: Y450 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0877D4E6-3605-41B8-B38E-25146E42FA06}" = lport=2869 | protocol=6 | dir=in | app=system |
"{12A61B77-87AD-4A4F-A032-065731BB3DCC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20CA3F5A-703A-4807-ADD9-141542721A7E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32EC8E71-608A-433A-AA88-930D6E19A43A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{651B2EEF-173B-422D-BBEB-C08E343817D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{70D7E3E7-DAA2-4F97-AF86-DA40A70E9B4E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{757ABBBE-C51E-4F74-B267-65CB97092C01}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |
"{7C786387-6D4D-4855-8C99-6339005A9807}" = rport=2869 | protocol=6 | dir=out | app=system |
"{82A0C6A9-DA8A-467E-A1C2-869FD8FABA4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8F2E7AFA-8D08-41DB-A6CD-70C4466F24E0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C2ECBE37-A382-47C9-9191-24CC9916880F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C3BB420B-65B0-4499-B1A2-69390D829E77}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EFD36925-EA0D-4F63-AD6F-8FD02854A06D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F1478037-2E3B-4887-AFE9-CCE8250E9547}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085AF022-35BB-4A92-97E7-698AC08DC64C}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{0C03E5E1-9A84-42F2-8C0A-A3F1FAAEB636}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{186F1A0E-3232-43D4-A2FE-9E3ECD090992}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C94B02E-71BB-4C8D-B165-583D74AA14BA}" = dir=in | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{1ED3E72D-7A70-4181-B7F8-7A76F0244959}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{219C2F8F-8D9D-4088-87AC-E6247A531643}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{31A4D61B-3E56-4178-A589-5A544206307E}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{394D96CE-B80C-4977-99F3-66153EDE8A43}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{5BBB4C25-3C36-4FB6-A1B7-343F999719AC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{68DEC50F-CF71-427E-BB0D-FCD20CB09598}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{78796390-7A7D-4015-8AA3-AD7BD4B6FD0E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{814E628F-6BDE-4223-B39D-A54EED8AB06E}" = protocol=6 | dir=out | app=system |
"{818F124C-FB4D-413C-BA83-A64F003C2C16}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A273D708-C211-411E-B1C1-D6A92D39D89F}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{A2F4D7D7-FB13-4D97-B3C3-A7E18284DA1F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AA621A1F-90A6-4D36-969A-3EB0E85F64FD}" = dir=out | app=c:\program files\lenovo\readycomm\filereceiver.exe |
"{B0695372-6DC4-4255-BC4A-B492F45BFD0E}" = dir=in | app=c:\program files\lenovo\readycomm\filereceiver.exe |
"{B9B0A214-4AB6-48A1-9E05-E4676B94EBB4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BB707E4D-B4C0-42EA-B843-0615DAC8A899}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C50FBC08-3F20-494B-A3C7-9C6EB8C4A64A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA320736-6CC8-4E7D-8C20-4783602C991C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CC0F0810-BA24-4CFB-84C7-1683C7B668B1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CEB75605-FF3F-4DAE-A35C-86B446DEE053}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{CF1084E8-940D-4584-9211-573B7D6A109B}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{D0B41E7C-C062-4FE1-894D-84CE9D75ECBB}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{D91D8B27-E896-481E-A4F1-84DC29BCF3C8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0983229-2BF6-44FE-A90A-FEC01FEE34C6}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{E2F2466A-86BE-43EB-8E9C-5DC913F68908}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EF1CA0E5-3575-455A-B388-F68EC90EBEEE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EFF8593B-7E39-4898-8837-A749E5F75A3E}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{FADBD277-48A8-44FE-9A34-861F6C7190EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{125DE41A-4A71-4963-8EFC-B0A8914506BD}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{13BE05E8-F176-4245-BD14-C408D0DEEA41}C:\users\y450\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\y450\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{194AAFDB-0D37-4F36-836B-BB78F620BBC0}C:\users\y450\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\y450\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{44E3F089-814B-40D5-8AED-C653C403B6D9}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{E034460D-D0A8-440F-8E83-62B3A3EF9310}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{2F697BE9-F2AD-4DEC-8952-18C82BF1A37A}C:\users\y450\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\y450\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{37BA24A3-DDE4-40CE-9184-CBFA503C7245}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{4E412378-27CB-4B41-93A6-180F26639750}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{72C9CBB2-EA6F-4D2E-8C48-25CE70092A06}C:\users\y450\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\y450\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{BA731C67-4187-4419-86F9-99491E1EF107}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08D1EEC8-D5D2-41FD-9A15-6499231ADF5F}" = Lenovo Desktop Navigator
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1900_series" = Canon iP1900 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (INSTANCENAME)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 4.0
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = MediaShow
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = SMART BRO
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Globe Tattoo
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E464702F-5433-46EC-8F65-159276C0A54F}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.2.0.6300
"{EE0FE4A7-317D-4B65-B443-B022ACFCA0CA}" = Lenovo OneKey Theater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA20BCA6-229E-4BED-ABE7-D0D664415255}" = Lenovo Desktop Navigator Library Tool
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CCleaner" = CCleaner (remove only)
"EasyCapture3.5" = EasyCapture
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{08D1EEC8-D5D2-41FD-9A15-6499231ADF5F}" = Lenovo Desktop Navigator
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = MediaShow
"InstallShield_{EE0FE4A7-317D-4B65-B443-B022ACFCA0CA}" = Lenovo OneKey Theater
"InstallShield_{FA20BCA6-229E-4BED-ABE7-D0D664415255}" = Lenovo Desktop Navigator Library Tool
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"Lippincott's Review for NCLEX-RN 8th Edition" = Lippincott's Review for NCLEX-RN 8th Edition
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mosby's Comp Review of Nursing for NCLEX-RN, 17e" = Mosby's Comp Review of Nursing for NCLEX-RN, 17e
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Pediatric Nursing Skills and Student Tutorial" = Pediatric Nursing Skills and Student Tutorial
"PROHYBRIDR" = 2007 Microsoft Office system
"Saunders NCLEX-RN4e" = Saunders NCLEX-RN4e
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.0.3
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/3/2010 5:30:23 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10093

Error - 10/3/2010 5:30:24 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/3/2010 5:30:24 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11138

Error - 10/3/2010 5:30:24 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11138

Error - 10/3/2010 5:30:25 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/3/2010 5:30:25 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12230

Error - 10/3/2010 5:30:25 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12230

Error - 10/3/2010 5:30:27 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/3/2010 5:30:27 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13260

Error - 10/3/2010 5:30:27 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13260

[ Media Center Events ]
Error - 2/6/2010 8:53:55 PM | Computer Name = Y450-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 4/20/2010 8:16:44 PM | Computer Name = Y450-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2310
seconds with 720 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/18/2011 8:55:33 AM | Computer Name = Y450-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 6/22/2011 9:44:16 PM | Computer Name = Y450-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/22/2011 9:44:16 PM | Computer Name = Y450-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 6/22/2011 9:44:20 PM | Computer Name = Y450-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 6/22/2011 9:46:52 PM | Computer Name = Y450-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/22/2011 9:47:48 PM | Computer Name = Y450-PC | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on the same network as the interface with IP address 192.168.0.100. The allocator
has disabled itself on the interface to avoid confusing DHCP clients.

Error - 6/22/2011 9:54:12 PM | Computer Name = Y450-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 6/22/2011 9:57:31 PM | Computer Name = Y450-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 6/22/2011 9:57:50 PM | Computer Name = Y450-PC | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on the same network as the interface with IP address 192.168.0.100. The allocator
has disabled itself on the interface to avoid confusing DHCP clients.

Error - 6/22/2011 10:00:25 PM | Computer Name = Y450-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.


< End of report >
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 22nd, 2011, 10:39 pm

here is the last log.. Hope to hear from you again soon. HERE IS THE TDSSKILLER LOG :

2011/06/23 10:35:54.0544 1400 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/23 10:35:56.0546 1400 ================================================================================
2011/06/23 10:35:56.0546 1400 SystemInfo:
2011/06/23 10:35:56.0546 1400
2011/06/23 10:35:56.0546 1400 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/23 10:35:56.0546 1400 Product type: Workstation
2011/06/23 10:35:56.0546 1400 ComputerName: Y450-PC
2011/06/23 10:35:56.0546 1400 UserName: Y450
2011/06/23 10:35:56.0546 1400 Windows directory: C:\Windows
2011/06/23 10:35:56.0546 1400 System windows directory: C:\Windows
2011/06/23 10:35:56.0546 1400 Processor architecture: Intel x86
2011/06/23 10:35:56.0547 1400 Number of processors: 2
2011/06/23 10:35:56.0547 1400 Page size: 0x1000
2011/06/23 10:35:56.0547 1400 Boot type: Normal boot
2011/06/23 10:35:56.0547 1400 ================================================================================
2011/06/23 10:35:57.0769 1400 Initialize success
2011/06/23 10:35:59.0746 4824 ================================================================================
2011/06/23 10:35:59.0746 4824 Scan started
2011/06/23 10:35:59.0746 4824 Mode: Manual;
2011/06/23 10:35:59.0746 4824 ================================================================================
2011/06/23 10:36:00.0611 4824 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/23 10:36:00.0776 4824 ACPIVPC (4d1beee66fb1bcab56609c1ff2f5453d) C:\Windows\system32\DRIVERS\AcpiVpc.sys
2011/06/23 10:36:01.0168 4824 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/23 10:36:01.0405 4824 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/23 10:36:01.0601 4824 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/23 10:36:01.0808 4824 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/23 10:36:02.0122 4824 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/23 10:36:02.0308 4824 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/23 10:36:02.0584 4824 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/23 10:36:02.0838 4824 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/23 10:36:03.0049 4824 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/23 10:36:03.0184 4824 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/23 10:36:03.0460 4824 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/23 10:36:03.0664 4824 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/23 10:36:04.0075 4824 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/23 10:36:04.0564 4824 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/23 10:36:04.0842 4824 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/23 10:36:05.0012 4824 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/23 10:36:05.0190 4824 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/06/23 10:36:05.0501 4824 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/23 10:36:05.0725 4824 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/23 10:36:05.0993 4824 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/23 10:36:06.0383 4824 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/23 10:36:06.0703 4824 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/23 10:36:07.0099 4824 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/23 10:36:07.0342 4824 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/23 10:36:07.0527 4824 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/23 10:36:07.0793 4824 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/23 10:36:07.0961 4824 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/23 10:36:08.0088 4824 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/23 10:36:08.0278 4824 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/23 10:36:08.0628 4824 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/23 10:36:08.0912 4824 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/23 10:36:09.0094 4824 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/23 10:36:09.0573 4824 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/06/23 10:36:09.0732 4824 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/23 10:36:09.0911 4824 btwaudio (14164c0cfd9d5a2704fdab93a9688630) C:\Windows\system32\drivers\btwaudio.sys
2011/06/23 10:36:10.0143 4824 btwavdt (94dc6e5f3f532c5054f078d845714129) C:\Windows\system32\drivers\btwavdt.sys
2011/06/23 10:36:10.0344 4824 btwl2cap (b9920fb30bcaff10c111654909b275c9) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/06/23 10:36:10.0512 4824 btwrchid (61e29ba977b972c9baa847cc11d48c3d) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/06/23 10:36:10.0814 4824 Cam5607 (f425a0c6c7b3537eb6fb2fabbbee43fd) C:\Windows\system32\Drivers\BisonC07.sys
2011/06/23 10:36:10.0972 4824 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/23 10:36:11.0258 4824 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/23 10:36:11.0460 4824 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/23 10:36:11.0603 4824 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/23 10:36:11.0801 4824 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/23 10:36:12.0003 4824 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/23 10:36:12.0191 4824 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/23 10:36:12.0384 4824 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/23 10:36:12.0600 4824 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/23 10:36:12.0844 4824 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/23 10:36:13.0081 4824 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/23 10:36:13.0237 4824 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/23 10:36:13.0599 4824 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/23 10:36:13.0986 4824 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/23 10:36:14.0288 4824 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/23 10:36:14.0667 4824 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/23 10:36:15.0041 4824 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/23 10:36:15.0309 4824 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/23 10:36:15.0456 4824 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/23 10:36:15.0658 4824 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/23 10:36:15.0945 4824 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/23 10:36:16.0110 4824 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/23 10:36:16.0346 4824 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/23 10:36:16.0716 4824 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/23 10:36:16.0936 4824 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/23 10:36:17.0169 4824 funfrm (f923fdea75675f5c2cc55d01e0fd2891) C:\Windows\system32\drivers\funfrm.sys
2011/06/23 10:36:17.0351 4824 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/23 10:36:17.0581 4824 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/23 10:36:17.0969 4824 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/23 10:36:18.0167 4824 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/23 10:36:18.0404 4824 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/23 10:36:18.0556 4824 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/23 10:36:18.0699 4824 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/23 10:36:19.0065 4824 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/23 10:36:19.0252 4824 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/23 10:36:19.0945 4824 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/23 10:36:20.0160 4824 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/23 10:36:20.0374 4824 iaStor (6c554f5638be4b8d0ecf8b5c00b13eec) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/23 10:36:20.0672 4824 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/23 10:36:21.0151 4824 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/23 10:36:21.0976 4824 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/23 10:36:22.0488 4824 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/23 10:36:22.0796 4824 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
2011/06/23 10:36:22.0959 4824 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/23 10:36:23.0208 4824 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/23 10:36:23.0434 4824 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/23 10:36:23.0743 4824 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/23 10:36:23.0957 4824 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/23 10:36:24.0207 4824 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/23 10:36:24.0361 4824 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/23 10:36:24.0619 4824 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/23 10:36:24.0764 4824 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/23 10:36:24.0927 4824 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/23 10:36:25.0191 4824 JMCR (ab772e9cc29c29f59cb4b75f9d6f3f96) C:\Windows\system32\DRIVERS\jmcr.sys
2011/06/23 10:36:25.0444 4824 k57nd60x (e1d7dcbb8811f8be7784046d4dd3a837) C:\Windows\system32\DRIVERS\k57nd60x.sys
2011/06/23 10:36:25.0602 4824 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/23 10:36:25.0778 4824 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/23 10:36:25.0969 4824 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/23 10:36:26.0284 4824 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/23 10:36:26.0542 4824 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/23 10:36:26.0699 4824 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/23 10:36:27.0039 4824 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/23 10:36:27.0243 4824 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/23 10:36:27.0431 4824 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
2011/06/23 10:36:27.0659 4824 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/23 10:36:27.0794 4824 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/23 10:36:27.0983 4824 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/23 10:36:28.0106 4824 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/23 10:36:28.0304 4824 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/23 10:36:28.0497 4824 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/23 10:36:28.0634 4824 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/23 10:36:28.0881 4824 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/23 10:36:29.0039 4824 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/23 10:36:29.0220 4824 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/23 10:36:29.0349 4824 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/23 10:36:29.0649 4824 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/23 10:36:29.0863 4824 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/23 10:36:30.0198 4824 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/23 10:36:30.0351 4824 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
2011/06/23 10:36:30.0540 4824 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/23 10:36:30.0719 4824 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/23 10:36:30.0833 4824 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/23 10:36:31.0168 4824 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/23 10:36:31.0296 4824 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/23 10:36:31.0520 4824 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/23 10:36:31.0709 4824 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/23 10:36:31.0979 4824 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/23 10:36:32.0220 4824 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/23 10:36:32.0343 4824 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/23 10:36:32.0535 4824 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/23 10:36:32.0705 4824 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/23 10:36:32.0864 4824 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/23 10:36:33.0022 4824 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/23 10:36:33.0187 4824 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/23 10:36:33.0453 4824 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/23 10:36:33.0633 4824 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/23 10:36:33.0793 4824 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/23 10:36:34.0114 4824 NETw5v32 (ba420e8ebfcad35581fe8e4c64f71469) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/06/23 10:36:34.0378 4824 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/23 10:36:34.0561 4824 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/23 10:36:34.0705 4824 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/23 10:36:34.0904 4824 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/23 10:36:35.0106 4824 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/23 10:36:35.0312 4824 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/23 10:36:35.0735 4824 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/23 10:36:35.0891 4824 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/23 10:36:36.0116 4824 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/23 10:36:36.0724 4824 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/23 10:36:36.0982 4824 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/23 10:36:37.0307 4824 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/23 10:36:37.0506 4824 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/23 10:36:37.0663 4824 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/23 10:36:37.0832 4824 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/06/23 10:36:38.0027 4824 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/23 10:36:38.0276 4824 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/23 10:36:38.0674 4824 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/23 10:36:38.0804 4824 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/06/23 10:36:39.0012 4824 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/23 10:36:39.0242 4824 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/23 10:36:39.0517 4824 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/23 10:36:39.0661 4824 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/23 10:36:39.0812 4824 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/23 10:36:40.0048 4824 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/23 10:36:40.0302 4824 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/23 10:36:40.0529 4824 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/23 10:36:40.0700 4824 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/23 10:36:40.0819 4824 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/23 10:36:41.0021 4824 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/06/23 10:36:41.0186 4824 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/23 10:36:41.0366 4824 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/23 10:36:41.0568 4824 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/23 10:36:41.0823 4824 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys
2011/06/23 10:36:42.0013 4824 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/23 10:36:42.0209 4824 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/23 10:36:42.0451 4824 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/23 10:36:42.0610 4824 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/23 10:36:42.0820 4824 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/23 10:36:43.0045 4824 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/23 10:36:43.0185 4824 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/23 10:36:43.0341 4824 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/06/23 10:36:43.0505 4824 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/23 10:36:43.0705 4824 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/23 10:36:43.0899 4824 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/23 10:36:44.0168 4824 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/23 10:36:44.0348 4824 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/23 10:36:44.0569 4824 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/23 10:36:44.0799 4824 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/23 10:36:45.0001 4824 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
2011/06/23 10:36:45.0240 4824 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/23 10:36:45.0466 4824 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/23 10:36:45.0729 4824 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/23 10:36:46.0072 4824 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/23 10:36:46.0208 4824 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/06/23 10:36:46.0464 4824 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/23 10:36:46.0673 4824 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/23 10:36:46.0918 4824 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/23 10:36:47.0193 4824 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/23 10:36:47.0385 4824 SynTP (a4ee086cb6c3c56e1d95863979a35bb0) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/23 10:36:47.0672 4824 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
2011/06/23 10:36:47.0860 4824 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/23 10:36:48.0063 4824 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/23 10:36:48.0254 4824 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/23 10:36:48.0466 4824 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/23 10:36:48.0613 4824 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/23 10:36:48.0799 4824 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/23 10:36:49.0015 4824 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/23 10:36:49.0221 4824 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/23 10:36:49.0448 4824 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/23 10:36:49.0575 4824 tvtumon (865421f6aacf299ec74706ea8fe7eb3e) C:\Windows\system32\DRIVERS\tvtumon.sys
2011/06/23 10:36:49.0731 4824 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/23 10:36:49.0911 4824 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/23 10:36:50.0211 4824 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/23 10:36:50.0394 4824 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/23 10:36:50.0733 4824 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/23 10:36:50.0892 4824 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/23 10:36:51.0050 4824 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/23 10:36:51.0273 4824 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/23 10:36:51.0486 4824 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/06/23 10:36:51.0631 4824 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/23 10:36:52.0025 4824 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/23 10:36:52.0169 4824 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/23 10:36:52.0339 4824 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/23 10:36:52.0543 4824 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/23 10:36:52.0813 4824 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/23 10:36:53.0103 4824 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/23 10:36:53.0330 4824 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/23 10:36:53.0484 4824 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/23 10:36:53.0666 4824 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/23 10:36:53.0800 4824 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/23 10:36:53.0964 4824 vhidmini (8e969805420e8a28822d539327ce8fff) C:\Windows\system32\DRIVERS\ITEhidCIR.sys
2011/06/23 10:36:54.0118 4824 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/23 10:36:54.0251 4824 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/23 10:36:54.0607 4824 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/23 10:36:54.0804 4824 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/23 10:36:55.0036 4824 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/23 10:36:55.0238 4824 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/23 10:36:55.0575 4824 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/23 10:36:55.0753 4824 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/23 10:36:55.0921 4824 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/23 10:36:55.0988 4824 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/23 10:36:56.0223 4824 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/23 10:36:56.0470 4824 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/23 10:36:56.0819 4824 Wdkbdmou (36f2beda08b629cd3a1f7805d1f90378) C:\Windows\system32\DRIVERS\Wdkbdmou.sys
2011/06/23 10:36:56.0970 4824 wdmirror (c1043a2336625dff9f48b9953a2f7291) C:\Windows\system32\DRIVERS\WDMirror.sys
2011/06/23 10:36:57.0235 4824 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/06/23 10:36:57.0530 4824 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/23 10:36:57.0734 4824 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/23 10:36:57.0919 4824 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/23 10:36:58.0101 4824 WSVD (e8c5bc0249e39514628cc6af14e1e14d) C:\Windows\system32\drivers\WSVD.sys
2011/06/23 10:36:58.0357 4824 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/23 10:36:58.0577 4824 ZTEusbmdm6k (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/06/23 10:36:58.0741 4824 ZTEusbnmea (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/06/23 10:36:58.0879 4824 ZTEusbser6k (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/06/23 10:36:58.0958 4824 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/23 10:36:58.0986 4824 ================================================================================
2011/06/23 10:36:58.0986 4824 Scan finished
2011/06/23 10:36:58.0986 4824 ================================================================================
2011/06/23 10:36:59.0007 1224 Detected object count: 0
2011/06/23 10:36:59.0007 1224 Actual detected object count: 0
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » June 23rd, 2011, 2:23 am

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/
IE - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..extensions.enabledItems: {0200c2a9-70da-4f6d-b527-f5f7d7877228}:0.4.5
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=101&q="
[2009/12/04 02:54:24 | 000,002,476 | ---- | M] () -- C:\Users\Y450\AppData\Roaming\Mozilla\Firefox\Profiles\x45w10gd.default\searchplugins\BearShareWebSearch.xml
[2011/06/17 21:16:49 | 000,002,497 | ---- | M] () -- C:\Users\Y450\AppData\Roaming\Mozilla\Firefox\Profiles\x45w10gd.default\searchplugins\SearchResults.xml
[2009/12/04 02:54:24 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2011/06/17 21:16:49 | 000,002,497 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O33 - MountPoints2\{423ecedf-f55f-11de-8619-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{423ecedf-f55f-11de-8619-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{423eceeb-f55f-11de-8619-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{423eceeb-f55f-11de-8619-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{78f959c2-f5f5-11df-94d8-00238bfc3831}\Shell\AutoRun\command - "" = wscript.exe jargon.vbs
O33 - MountPoints2\{78f959c2-f5f5-11df-94d8-00238bfc3831}\Shell\Open\Command - "" = wscript.exe jargon.vbs
O33 - MountPoints2\{87f96c1d-cf35-11de-9004-002556fdfa60}\Shell - "" = AutoRun
O33 - MountPoints2\{87f96c1d-cf35-11de-9004-002556fdfa60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{87f96c3d-cf35-11de-9004-002556fdfa60}\Shell - "" = AutoRun
O33 - MountPoints2\{87f96c3d-cf35-11de-9004-002556fdfa60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{92ddcf46-cfaa-11df-83b5-00238bfc3831}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL WaLIh.eXE
O33 - MountPoints2\{bde627be-a024-11df-a6f9-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{bde627be-a024-11df-a6f9-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bde627c3-a024-11df-a6f9-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{bde627c3-a024-11df-a6f9-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c1a06ed1-4a72-11df-854f-00238bfc3831}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{c1a06ed1-4a72-11df-854f-00238bfc3831}\Shell\verb\command - "" = F:\installer.exe
O33 - MountPoints2\{c85fc0b1-d98b-11df-8d45-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{c85fc0b1-d98b-11df-8d45-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c85fc0ce-d98b-11df-8d45-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{c85fc0ce-d98b-11df-8d45-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c85fc0d9-d98b-11df-8d45-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{c85fc0d9-d98b-11df-8d45-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c85fc0e3-d98b-11df-8d45-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{c85fc0e3-d98b-11df-8d45-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c85fc0ee-d98b-11df-8d45-00238bfc3831}\Shell - "" = AutoRun
O33 - MountPoints2\{c85fc0ee-d98b-11df-8d45-00238bfc3831}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{db38fc01-e6d4-11df-a03b-00238bfc3831}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ZIwUT.Exe
O33 - MountPoints2\{fb7411f5-3162-11df-a450-002556fdfa60}\Shell\AutoRun\command - "" = F:\vircure/vircure32.exe
O33 - MountPoints2\{fb7411f5-3162-11df-a450-002556fdfa60}\Shell\explore\command - "" = F:\vircure/vircure32.exe
O33 - MountPoints2\{fb7411f5-3162-11df-a450-002556fdfa60}\Shell\open\command - "" = F:\vircure/vircure32.exe

:Files
C:\Program Files\Bandoo
C:\Windows\System32\bandoolmx.dll
C:\program files\bearshare applications
ipconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{125DE41A-4A71-4963-8EFC-B0A8914506BD}C:\program files\bearshare applications\bearshare\bearshare.exe"=-
"TCP Query User{E034460D-D0A8-440F-8E83-62B3A3EF9310}C:\program files\bearshare applications\bearshare\bearshare.exe"=-
"UDP Query User{37BA24A3-DDE4-40CE-9184-CBFA503C7245}C:\program files\bearshare applications\bearshare\bearshare.exe"=-
"UDP Query User{BA731C67-4187-4419-86F9-99491E1EF107}C:\program files\bearshare applications\bearshare\bearshare.exe"=-

:Commands
[emptytemp]
[emptyflash]
[resethosts]
[purity]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please download Malwarebytes' Anti-Malware to your Desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.

  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.
    • Click the Updates tab.
      • Click Check for Updates and allow the programme to download the latest definitions.
    • Click the Scanner tab.
      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.
        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.
      • Post the log in your next reply please.

You can also access the log by doing the following
  • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL log
  • MBAM log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » June 26th, 2011, 2:32 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » June 26th, 2011, 12:48 pm

Topic re-opened, please post the logs I asked for in my earlier post.

OTL, MBAM, E-Set.

I'm going to be out for the rest of this evening, so it will be tomorrow morning (my time GMT) before I get chance to have a look at them.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 26th, 2011, 11:04 pm

Thank you so much for re-opening my post. Here are the logs you asked :

OTL LOG :

All processes killed
========== OTL ==========
HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1827207934-2233158183-2734905608-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "Search Results" removed from browser.search.selectedEngine
Prefs.js: {0200c2a9-70da-4f6d-b527-f5f7d7877228}:0.4.5 removed from extensions.enabledItems
Prefs.js: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1 removed from extensions.enabledItems
Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=101&q=" removed from keyword.URL
C:\Users\Y450\AppData\Roaming\Mozilla\Firefox\Profiles\x45w10gd.default\searchplugins\BearShareWebSearch.xml moved successfully.
C:\Users\Y450\AppData\Roaming\Mozilla\Firefox\Profiles\x45w10gd.default\searchplugins\SearchResults.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{423ecedf-f55f-11de-8619-00238bfc3831}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{423ecedf-f55f-11de-8619-00238bfc3831}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{423ecedf-f55f-11de-8619-00238bfc3831}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{423ecedf-f55f-11de-8619-00238bfc3831}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{423eceeb-f55f-11de-8619-00238bfc3831}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{423eceeb-f55f-11de-8619-00238bfc3831}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{423eceeb-f55f-11de-8619-00238bfc3831}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{423eceeb-f55f-11de-8619-00238bfc3831}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78f959c2-f5f5-11df-94d8-00238bfc3831}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78f959c2-f5f5-11df-94d8-00238bfc3831}\ not found.
File wscript.exe jargon.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78f959c2-f5f5-11df-94d8-00238bfc3831}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78f959c2-f5f5-11df-94d8-00238bfc3831}\ not found.
File wscript.exe jargon.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87f96c1d-cf35-11de-9004-002556fdfa60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87f96c1d-cf35-11de-9004-002556fdfa60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87f96c1d-cf35-11de-9004-002556fdfa60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87f96c1d-cf35-11de-9004-002556fdfa60}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87f96c3d-cf35-11de-9004-002556fdfa60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87f96c3d-cf35-11de-9004-002556fdfa60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87f96c3d-cf35-11de-9004-002556fdfa60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87f96c3d-cf35-11de-9004-002556fdfa60}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92ddcf46-cfaa-11df-83b5-00238bfc3831}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92ddcf46-cfaa-11df-83b5-00238bfc3831}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL WaLIh.eXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bde627be-a024-11df-a6f9-00238bfc3831}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bde627be-a024-11df-a6f9-00238bfc3831}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bde627be-a024-11df-a6f9-00238bfc3831}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bde627be-a024-11df-a6f9-00238bfc3831}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bde627c3-a024-11df-a6f9-00238bfc3831}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bde627c3-a024-11df-a6f9-00238bfc3831}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bde627c3-a024-11df-a6f9-00238bfc3831}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bde627c3-a024-11df-a6f9-00238bfc3831}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1a06ed1-4a72-11df-854f-00238bfc3831}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1a06ed1-4a72-11df-854f-00238bfc3831}\ not found.
File F:\installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1a06ed1-4a72-11df-854f-00238bfc3831}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1a06ed1-4a72-11df-854f-00238bfc3831}\ not found.
File F:\installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c85fc0b1-d98b-11df-8d45-00238bfc3831}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c85fc0b1-d98b-11df-8d45-00238bfc3831}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c85fc0b1-d98b-11df-8d45-00238bfc3831}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c85fc0b1-d98b-11df-8d45-00238bfc3831}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c85fc0ce-d98b-11df-8d45-00238bfc3831}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c85fc0ce-d98b-11df-8d45-00238bfc3831}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c85fc0ce-d98b-11df-8d45-00238bfc3831}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c85fc0ce-d98b-11df-8d45-00238bfc3831}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c85fc0d9-d98b-11df-8d45-00238bfc3831}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c85fc0d9-d98b-11df-8d45-00238bfc3831}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c85fc0d9-d98b-11df-8d45-00238bfc3831}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c85fc0d9-d98b-11df-8d45-00238bfc3831}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c85fc0e3-d98b-11df-8d45-00238bfc3831}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c85fc0e3-d98b-11df-8d45-00238bfc3831}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c85fc0e3-d98b-11df-8d45-00238bfc3831}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c85fc0e3-d98b-11df-8d45-00238bfc3831}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c85fc0ee-d98b-11df-8d45-00238bfc3831}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c85fc0ee-d98b-11df-8d45-00238bfc3831}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c85fc0ee-d98b-11df-8d45-00238bfc3831}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c85fc0ee-d98b-11df-8d45-00238bfc3831}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db38fc01-e6d4-11df-a03b-00238bfc3831}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db38fc01-e6d4-11df-a03b-00238bfc3831}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ZIwUT.Exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb7411f5-3162-11df-a450-002556fdfa60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb7411f5-3162-11df-a450-002556fdfa60}\ not found.
File F:\vircure/vircure32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb7411f5-3162-11df-a450-002556fdfa60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb7411f5-3162-11df-a450-002556fdfa60}\ not found.
File F:\vircure/vircure32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb7411f5-3162-11df-a450-002556fdfa60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb7411f5-3162-11df-a450-002556fdfa60}\ not found.
File F:\vircure/vircure32.exe not found.
========== FILES ==========
C:\Program Files\Bandoo\Plugins\Yahoo folder moved successfully.
C:\Program Files\Bandoo\Plugins\IE folder moved successfully.
C:\Program Files\Bandoo\Plugins folder moved successfully.
C:\Program Files\Bandoo folder moved successfully.
C:\Windows\System32\bandoolmx.dll moved successfully.
C:\program files\BearShare Applications folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Y450\Desktop\cmd.bat deleted successfully.
C:\Users\Y450\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{125DE41A-4A71-4963-8EFC-B0A8914506BD}C:\program files\bearshare applications\bearshare\bearshare.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E034460D-D0A8-440F-8E83-62B3A3EF9310}C:\program files\bearshare applications\bearshare\bearshare.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{37BA24A3-DDE4-40CE-9184-CBFA503C7245}C:\program files\bearshare applications\bearshare\bearshare.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BA731C67-4187-4419-86F9-99491E1EF107}C:\program files\bearshare applications\bearshare\bearshare.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 75452 bytes
->Temporary Internet Files folder emptied: 149964 bytes

User: Public

User: ROSS
->Temp folder emptied: 42708 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Y450
->Temp folder emptied: 214613151 bytes
->Temporary Internet Files folder emptied: 260046598 bytes
->FireFox cache emptied: 71744133 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 13148 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15701397 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 536.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest

User: Public

User: ROSS

User: Y450
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.1 log created on 06262011_204158

Files\Folders moved on Reboot...
C:\Users\Y450\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3182EWSL\viewtopic[1].htm moved successfully.
C:\Users\Y450\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 26th, 2011, 11:06 pm

MBAM LOG :

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6954

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

6/27/2011 11:00:49 AM
mbam-log-2011-06-27 (11-00-49).txt

Scan type: Quick scan
Objects scanned: 182804
Time elapsed: 9 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » June 27th, 2011, 1:57 am

I don't see the E-Set log I asked for, if you've just forgotten to post the log please post it.

If you haven't yet run the scan, please run it and then post me the log.

If you're having any problems running it, please let me know.

How is your computer behaving now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 27th, 2011, 8:17 am

hello sir! i was about to post the e-set log but my laptop hanged up so i had to do force shutdown. Lastnight im having a hard time turning on my computer since its not opening the operating system i always had to do force shutdown 3 times or even more. Sometimes what i do is access the CMOS setup and pretend to change something and save and exit before it allows me to access the options were i can open it using the safe mode then i'll restart the computer so i can run the OS normally. I'm trying to run the scan again and i'll be posting it after. Thank you for your patience sir!
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » June 27th, 2011, 11:26 am

No problem, post when you're ready.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 27th, 2011, 11:31 am

Hello sir! here is the e-set log :

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

It also displayed 1 infected file
target - c:\users\y450\documents\plants vs zombies\plants vs zombies.7z
threat - win32/hacktool.cheatengine AB Application
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware