Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Adware and Trojan on Vista / HP Laptop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Adware and Trojan on Vista / HP Laptop

Unread postby jerermyw » August 28th, 2011, 2:08 am

Description of Problem

Code: Select all
 My mom borrowed the computer for a day and now the computer won't boot.  Desktop wont load.  Friend gave me Dr Web LIVECD adware and trojans found.  Cant figure out how to save DrWeb report.   He recommend malware removal.



DDS.scr run in safe mode. Desktop wont load
DDS.txt

Code: Select all
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 7.0.6002.18005
Run by hp at 23:32:48 on 2011-08-27
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3998.3395 [GMT -6:00]
.
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2929271
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll
mURLSearchHooks: quixley_v1 Toolbar: {e50ada55-898b-4ea5-a392-aaeae55710f0} - C:\Program Files (x86)\quixley_v1\prxtbquix.dll
mWinlogon: Userinit=C:\Windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Play Pickle Text: {02f0243c-2e71-4a1a-a790-6c30888119d0} - C:\Program Files (x86)\Play Pickle\pptl.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO: GamePlayLabsBHO Class: {984a9162-8891-4d19-8cfe-17648bb4e1ec} - C:\Program Files (x86)\GamePlayLabs\BHO.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Play Pickle: {aeb04b5e-c981-47a9-b847-33ee4c92f6b9} - C:\Program Files (x86)\Play Pickle\playpicklelib32.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: quixley_v1 Toolbar: {e50ada55-898b-4ea5-a392-aaeae55710f0} - C:\Program Files (x86)\quixley_v1\prxtbquix.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: quixley_v1 Toolbar: {e50ada55-898b-4ea5-a392-aaeae55710f0} - C:\Program Files (x86)\quixley_v1\prxtbquix.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
uRun: [Google Update] "C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>] 
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
StartupFolder: C:\Users\hp\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - {3E2DFD6A-4E20-4d4c-AA8B-E1F9DBEF3C80} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.28\ShoppingReport.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {EB620C54-E229-4942-87CE-E717109FC8C6} - {714E0876-FCEE-49ce-A429-B9AD8AEFCB56} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.28\ShoppingReport.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2889C24E-36A7-4D71-8751-ADC3AE692189} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64:     0x1 - No File
BHO-X64: Play Pickle Text: {02F0243C-2E71-4a1a-A790-6C30888119D0} - C:\Program Files (x86)\Play Pickle\pptl.dll
BHO-X64:     Play Pickle Text - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64:     HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64:     Conduit Engine - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO-X64:     Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO-X64:     Symantec Intrusion Prevention - No File
BHO-X64: GamePlayLabsBHO Class: {984A9162-8891-4D19-8CFE-17648BB4E1EC} - C:\Program Files (x86)\GamePlayLabs\BHO.dll
BHO-X64:     GamePlayLabsBHO - No File
BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Play Pickle: {AEB04B5E-C981-47a9-B847-33EE4C92F6B9} - C:\Program Files (x86)\Play Pickle\playpicklelib32.dll
BHO-X64:     Play Pickle - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64:     Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: quixley_v1 Toolbar: {e50ada55-898b-4ea5-a392-aaeae55710f0} - C:\Program Files (x86)\quixley_v1\prxtbquix.dll
BHO-X64:     quixley_v1 - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64:     HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB-X64: quixley_v1 Toolbar: {e50ada55-898b-4ea5-a392-aaeae55710f0} - C:\Program Files (x86)\quixley_v1\prxtbquix.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)] 
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
S1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\drivers\NISx64\1008000.029\BHDrvx64.sys --> C:\Windows\system32\drivers\NISx64\1008000.029\BHDrvx64.sys [?]
S1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys [?]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110615.001\IDSviA64.sys [2011-6-15 488056]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-22 135664]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
S2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-6-22 117640]
S2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-6-1 365952]
S2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-2-4 296320]
S2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-2-24 116104]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-5-31 222512]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-9 136824]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-22 135664]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\Drivers\NISx64\1008000.029\SYMNDISV.SYS --> C:\Windows\system32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-6-25 89920]
.
=============== Created Last 30 ================
.
2011-08-17 02:14:15	0	----a-w-	C:\Users\hp\AppData\Local\wlmg.exe
2011-08-17 02:14:15	0	----a-w-	C:\Users\hp\AppData\Local\ksuv.exe
2011-08-17 02:14:15	0	----a-w-	C:\Users\hp\AppData\Local\bokv.exe
2011-08-17 02:14:15	0	----a-w-	C:\Users\hp\AppData\Local\aqox.exe
2011-08-17 02:14:15	0	----a-w-	C:\ProgramData\skmt.exe
2011-08-17 02:14:15	0	----a-w-	C:\ProgramData\mujq.exe
2011-08-17 02:14:15	0	----a-w-	C:\ProgramData\ilmf.exe
2011-08-17 02:14:15	0	----a-w-	C:\ProgramData\gyqb.exe
2011-08-17 02:14:00	361984	----a-w-	C:\Users\hp\AppData\Local\xby.exe
2011-08-16 11:58:19	8578896	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D241BA9B-9CD0-4DFA-8686-46DB5775B187}\mpengine.dll
2011-08-09 18:14:19	451072	----a-w-	C:\Windows\System32\winsrv.dll
2011-08-09 18:14:17	2409784	----a-w-	C:\Program Files\Windows Mail\OESpamFilter.dat
2011-08-09 18:14:17	2409784	----a-w-	C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-08-09 18:14:06	275456	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys
2011-08-09 18:14:00	1427344	----a-w-	C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M  ====================
.
2011-07-22 14:10:31	1383424	----a-w-	C:\Windows\System32\mshtml.tlb
2011-07-22 13:54:40	1383424	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2011-06-21 16:06:57	1032192	----a-w-	C:\Windows\System32\wininet.dll
2011-06-21 15:49:52	834048	----a-w-	C:\Windows\SysWow64\wininet.dll
2011-06-21 14:41:18	485376	----a-w-	C:\Windows\System32\html.iec
2011-06-21 14:13:51	389632	----a-w-	C:\Windows\SysWow64\html.iec
2011-06-20 08:45:17	4699536	----a-w-	C:\Windows\System32\ntoskrnl.exe
2011-06-02 13:50:04	2764288	----a-w-	C:\Windows\System32\win32k.sys
.
============= FINISH: 23:34:06.89 ===============


attach.txt

Code: Select all
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 6/15/2010 7:04:46 PM
System Uptime: 8/27/2011 11:28:05 PM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 30F7
Processor: Intel(R) Core(TM)2 Duo CPU     T6500  @ 2.10GHz | CPU | 2094/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 240.335 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.897 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
Apple Application Support
Apple Software Update
Ares 2.1.2
Ask Toolbar
blinkx beat
Compatibility Pack for the 2007 Office system
Conduit Engine
CyberLink DVD Suite
Default Manager
ESU for Microsoft Vista
Facetheme
GamePlayLabs Plugin
Google Chrome
Google Update Helper
Hotbar
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Advisor
HP Common Access Service Library
HP Customer Experience Enhancements
HP Doc Viewer
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart TV
HP MediaSmart Webcam
HP Quick Launch Buttons
HP Support Assistant
HP Total Care Setup
HP Update
HP User Guides 0125
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java(TM) 6 Update 13
JMicron Flash Media Controller Driver
K-Lite Codec Pack 5.8.3 (Full)
LabelPrint
LightScribe System Software
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Norton Internet Security
Play Pickle
Power2Go
PowerDirector
QuickTime
quixley_v1 Toolbar
Realtek 8101E/8168/8169 PCI/PCIe Adapters
ResultBar 1.0 build 113
ScanQuery 1.0 build 127 powered by FIRST SEARCHBAR
Search Toolbar
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
ShopperReports
Skype Toolbars
Skype™ 5.3
SmartWebPrinting
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/27/2011 11:30:24 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2011 11:30:22 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/27/2011 11:30:21 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/27/2011 11:30:08 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx64 ccHP DfsC eeCtrl IDSVia64 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIM SYMTDI tdx Wanarpv6
8/27/2011 11:30:08 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2011 11:30:08 PM, Error: Service Control Manager [7001]  - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
8/27/2011 11:30:08 PM, Error: Service Control Manager [7001]  - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2011 11:30:08 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/27/2011 11:30:08 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
8/27/2011 11:30:08 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2011 11:30:08 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2011 11:30:08 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error:  A device attached to the system is not functioning.
8/27/2011 11:30:08 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2011 11:30:08 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2011 11:30:08 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/27/2011 11:30:08 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/27/2011 11:30:08 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2011 11:29:47 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/27/2011 11:29:47 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/27/2011 11:29:47 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/27/2011 11:29:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/27/2011 11:29:21 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
.
==== End Of File ===========================
jerermyw
Active Member
 
Posts: 9
Joined: August 25th, 2011, 10:04 pm
Advertisement
Register to Remove

Re: Adware and Trojan on Vista / HP Laptop

Unread postby askey127 » September 1st, 2011, 7:40 am

Hi jerermyw,
HP laptops have a Recovery partition that can be used (when all else fails) to put the machine back in its "As Purchased" condition.
You will need to review your User Guide or go to the HP website for that model to see how to use it if necessary.

The machine undoubtedly got infected from using Ares.
Not having System Restore active is not a good idea either.

Let's see whether we can rescue it.
Boot into Safe Mode if you must, and attempt to remove all of these.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Ares 2.1.2
Ask Toolbar
Conduit Engine
Google Update Helper
Hotbar
Java(TM) 6 Update 13
quixley_v1 Toolbar
Search Toolbar
ShopperReports
Yahoo! BrowserPlus 2.9.8
Yahoo! Toolbar

Take extra care in answering questions posed by any Uninstaller.

Reboot and see if you can get into Normal Mode.
If you can get into Normal Mode, have Norton run a Full scan and delete anything it finds.

Let me know how it goes and we will take the next step.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Adware and Trojan on Vista / HP Laptop

Unread postby jerermyw » September 3rd, 2011, 1:49 am

I was able to delete most of the items during safe mode. Some disappeared after removing others.

The computer booted to the desktop. Though after watching it still took a long time.

I removed the Java files after booting normally. None of the items are in the programs list under Control Panel.

Windows Defender mentioned a few adware files, I allowed it to remove.

Norton is out of date so I am using Dr. Web cure it to scan and remove adware (to quarantine)

Waiting on your ok to deal with any trojans or other problems.

J
jerermyw
Active Member
 
Posts: 9
Joined: August 25th, 2011, 10:04 pm

Re: Adware and Trojan on Vista / HP Laptop

Unread postby askey127 » September 3rd, 2011, 10:03 am

jerermyw,
Manual scans with Dr Web Cureit is not adequate to deal with today's threats.
Do not do any Internet Surfing until you complete this sequence.

Go to Control Panel, System, and click on System Protection in the left pane.
Click on the System Protection tab, and turn the System Restore to ON for the C: drive.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Norton Internet Security

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Save it to your desktop.
-----------------------------------------------------------
Install Microsoft Security Essentials
Double Click the icon for the Microsoft Security Essentials installer.
Let it install, update itself, run a scan and delete anything it finds.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Double click on the icon to run it. For Vista or Win7, right click the icon and choose "Run as administrator".
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Adware and Trojan on Vista / HP Laptop

Unread postby jerermyw » September 7th, 2011, 10:18 am

Uninstalled Norton
Installed MSE
Still running OTL

Machine is booting more quickly.
jerermyw
Active Member
 
Posts: 9
Joined: August 25th, 2011, 10:04 pm

Re: Adware and Trojan on Vista / HP Laptop

Unread postby askey127 » September 7th, 2011, 2:26 pm

If you posted while OTL was running, I would stop it and run it again.
It doesn't like having you touch it while the scan is running.
Normally the scan will only take 5-10 minutes max.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Adware and Trojan on Vista / HP Laptop

Unread postby jerermyw » September 7th, 2011, 3:28 pm

Reran OTL:
MSE found nothing.

Can send Extras I suppose once you respond to this message.
Thank you.

OTL.txt

Code: Select all
OTL logfile created on: 9/7/2011 10:35:10 AM - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\hp\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.90 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 49.83% Memory free
8.04 Gb Paging File | 5.99 Gb Available in Paging File | 74.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.41 Gb Total Space | 235.98 Gb Free Space | 82.39% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 1.90 Gb Free Space | 16.24% Space Free | Partition Type: NTFS
Drive E: | 132.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: HP-PC | User Name: hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/09/07 08:12:48 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2009/03/09 18:54:12 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2009/02/25 19:53:16 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/02/24 17:58:00 | 000,203,872 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/02/24 16:04:52 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/02/13 13:11:22 | 001,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2009/02/13 13:09:36 | 000,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/02/04 16:57:06 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/11/04 21:04:16 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2009/02/13 13:09:34 | 000,906,536 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/04 16:57:08 | 000,267,656 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
MOD - [2009/02/04 16:57:08 | 000,124,288 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
MOD - [2009/02/04 16:57:08 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
MOD - [2009/02/04 16:57:06 | 000,349,480 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll
MOD - [2009/01/27 22:37:20 | 007,331,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/01/27 22:37:20 | 002,023,424 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/01/27 22:37:10 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2009/01/28 07:15:24 | 000,290,304 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2008/11/17 13:22:44 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe -- (AESTFilters)
SRV:[b]64bit:[/b] - [2008/08/26 08:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:[b]64bit:[/b] - [2008/03/18 17:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:[b]64bit:[/b] - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/09 18:54:12 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2009/02/24 16:04:52 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/02/04 16:57:06 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2010/06/15 19:08:31 | 002,041,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:[b]64bit:[/b] - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:[b]64bit:[/b] - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2009/02/25 07:53:26 | 000,137,056 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:[b]64bit:[/b] - [2009/01/28 07:16:06 | 000,473,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2008/12/30 06:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:[b]64bit:[/b] - [2008/12/03 07:21:52 | 000,184,832 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:[b]64bit:[/b] - [2008/11/21 11:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:[b]64bit:[/b] - [2008/10/28 03:33:30 | 008,039,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2008/06/04 11:55:16 | 000,129,536 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:[b]64bit:[/b] - [2008/03/27 13:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:[b]64bit:[/b] - [2008/03/27 13:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:[b]64bit:[/b] - [2008/01/31 17:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:[b]64bit:[/b] - [2008/01/20 20:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R)
DRV:[b]64bit:[/b] - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:[b]64bit:[/b] - [2006/10/03 19:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/http://www.bing.com/ [binary data]
IE - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2929271
IE - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.facebook.com/?ref=hp
IE - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\hp\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\hp\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/16 22:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files (x86)\HBLite\bin\11.0.323.0\firefox\extensions [2010/11/16 17:37:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/16 22:21:31 | 000,000,000 | ---D | M]
 
[2011/04/02 09:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\Mozilla\Extensions
 
O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Play Pickle Text) - {02F0243C-2E71-4a1a-A790-6C30888119D0} - C:\Program Files (x86)\Play Pickle\pptl.dll ()
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2992021353-1665391232-650672208-1000..\Run: [ares]  File not found
O4 - HKU\S-1-5-21-2992021353-1665391232-650672208-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2992021353-1665391232-650672208-1000..\Run: [WMPNSCFG]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -  File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} -  File not found
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2889C24E-36A7-4D71-8751-ADC3AE692189}: DhcpNameServer = 192.168.2.254
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2992021353-1665391232-650672208-1000..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 360 Days ==========[/color]
 
[2011/09/07 08:12:43 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
[2011/09/06 23:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/09/06 23:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/09/06 23:25:45 | 000,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/09/02 22:57:53 | 000,000,000 | ---D | C] -- C:\Users\hp\DoctorWeb
[2011/08/27 23:32:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\hp\Desktop\dds.scr
[2011/08/09 12:14:19 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/09 12:14:07 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/09 12:13:57 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/09 12:13:06 | 000,759,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/09 12:13:06 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/09 12:13:06 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/09 12:13:06 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/09 12:13:05 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/09 12:13:05 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/09 12:13:05 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/08/09 12:13:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/09 12:13:05 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/08/09 12:13:05 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/09 12:13:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/07/26 11:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/12 21:02:28 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/12 21:01:56 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/06/16 14:24:02 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2011/06/16 14:24:01 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2011/06/16 14:15:38 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/05/26 03:27:26 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\New Folder
[2011/05/22 17:14:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/05/01 21:09:15 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Apple Computer
[2011/05/01 21:09:15 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Apple Computer
[2011/05/01 21:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/01 21:08:33 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011/05/01 21:08:33 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011/05/01 21:08:33 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/05/01 21:08:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/05/01 21:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/01 21:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/05/01 21:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/01 21:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/05/01 21:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/01 21:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/05/01 21:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/05/01 21:03:05 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Apple
[2011/05/01 21:02:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/05/01 20:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/05/01 20:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/01 20:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/05/01 20:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/05/01 20:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/05/01 18:03:06 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\Incomplete
[2011/05/01 18:02:59 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\New Folder
[2011/05/01 18:02:18 | 000,000,000 | ---D | C] -- C:\Users\hp\Incomplete
[2011/05/01 17:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Incomplete
[2011/05/01 17:56:44 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\FrostWire
[2011/05/01 17:56:02 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/05/01 17:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire
[2011/05/01 17:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Object
[2011/04/27 21:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/04/27 21:38:33 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/27 21:38:33 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/27 21:38:16 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2011/04/27 21:38:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011/04/27 21:38:15 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011/04/27 21:38:15 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011/04/27 21:29:11 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/04/27 21:24:59 | 000,000,000 | ---D | C] -- C:\119973fcecc73e87686a
[2011/04/27 15:25:24 | 000,084,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys
[2011/04/17 19:40:33 | 000,991,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/04/17 19:40:33 | 000,979,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/04/17 19:40:32 | 001,076,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/04/17 19:40:32 | 001,063,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/04/17 19:40:32 | 000,018,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/04/17 19:40:31 | 000,020,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/04/17 19:40:30 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/04/17 19:39:17 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/17 19:39:16 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/17 19:39:14 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/17 19:37:32 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/04/17 19:37:31 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/17 19:37:30 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/04/17 19:37:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/17 19:37:21 | 001,398,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/04/17 19:37:21 | 001,360,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/04/17 19:37:21 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/17 19:37:20 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/17 19:37:13 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/04/17 19:37:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/17 19:37:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/13 21:36:15 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Media Player Classic
[2011/04/13 21:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/04/13 21:35:03 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2011/04/13 21:35:02 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2011/04/13 21:35:02 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2011/04/13 21:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2011/04/06 16:26:58 | 000,237,856 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/04/06 16:26:58 | 000,119,584 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/04/06 16:26:58 | 000,096,544 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/04/06 16:26:58 | 000,069,408 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[2011/04/02 09:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011/04/02 09:22:54 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Mozilla
[2011/04/02 09:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Play Pickle
[2011/03/28 23:29:59 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/03/27 21:56:43 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\OneNote Notebooks
[2011/03/22 16:40:32 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/03/22 16:40:32 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/03/22 16:40:32 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/03/20 12:15:11 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Symantec
[2011/03/08 19:23:58 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/03/08 19:23:57 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/08 19:23:57 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/03/08 19:23:57 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/03/08 19:23:45 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/03/08 19:23:45 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/03/08 19:23:44 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/03/08 19:23:44 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/03/08 19:23:44 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/08 19:23:43 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/03/08 19:23:43 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll
[2011/03/08 19:23:34 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbeio.dll
[2011/02/23 21:44:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2011/02/23 21:44:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2011/02/23 21:40:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2011/02/23 21:40:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2011/02/23 21:40:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2011/02/23 21:40:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2011/02/23 21:40:09 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2011/02/23 21:40:09 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2011/02/23 21:39:54 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2011/02/23 21:39:53 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2011/02/23 21:39:52 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2011/02/23 21:39:52 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2011/02/23 21:39:51 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2011/02/23 21:39:41 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2011/02/23 21:39:41 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2011/02/23 21:39:39 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2011/02/23 21:39:39 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2011/02/23 21:39:39 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2011/02/23 21:39:37 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2011/02/23 21:39:37 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2011/02/23 21:39:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2011/02/23 21:39:36 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2011/02/23 21:39:36 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2011/02/23 21:39:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2011/02/23 21:39:10 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2011/02/23 21:39:10 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2011/02/23 21:39:10 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2011/02/23 21:39:10 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2011/02/23 21:39:10 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2011/02/23 21:39:10 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2011/02/23 21:39:10 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2011/02/23 21:39:09 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2011/02/23 21:39:09 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2011/02/23 21:39:09 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2011/02/20 19:55:03 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Conduit
[2011/02/18 16:36:58 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2011/02/18 16:36:58 | 000,051,712 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2011/02/08 17:53:52 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/02/08 17:53:52 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2011/02/08 17:53:52 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2011/02/08 17:53:51 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/02/08 17:53:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/02/08 17:53:50 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2011/02/08 17:53:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/02/08 17:53:49 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2011/02/08 17:53:49 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2011/02/08 17:53:49 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2011/02/08 17:53:49 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2011/02/08 17:53:49 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2011/02/08 17:53:49 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/02/08 17:53:49 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2011/02/08 17:53:49 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/02/08 17:53:48 | 003,548,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/02/08 17:53:48 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2011/02/08 17:53:48 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2011/02/08 17:53:48 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/02/08 17:53:47 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/02/08 17:53:47 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/02/08 17:53:46 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2011/02/08 17:53:46 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2011/02/08 17:53:46 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2011/02/08 17:53:46 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2011/02/08 17:53:46 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2011/02/08 17:53:46 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2011/02/08 17:53:46 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2011/02/08 17:53:46 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2011/02/08 17:53:44 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/02/08 17:53:43 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/08 17:53:42 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2011/02/08 17:53:42 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2011/02/08 17:53:41 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2011/02/08 17:53:41 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2011/02/08 17:53:08 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll
[2011/02/08 17:53:00 | 001,585,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/01/30 19:44:30 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Adobe
[2011/01/26 22:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/01/12 10:09:12 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/12 10:09:11 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/12 10:08:58 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe
[2010/12/20 23:02:19 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/12/20 23:02:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/12/20 23:01:59 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010/12/20 22:57:33 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010/12/20 22:57:32 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010/12/20 22:57:32 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/12/20 22:57:31 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010/12/20 22:57:29 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010/12/20 22:57:28 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/12/14 16:36:06 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\HPAppData
[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010/11/16 17:38:29 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Ares
[2010/11/16 17:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
[2010/11/16 17:37:23 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\blinkx beat
[2010/11/16 17:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blinkx
[2010/11/16 17:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HBLiteSA
[2010/11/16 17:37:15 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\HBLite
[2010/11/16 17:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HBLite
[2010/11/16 11:50:25 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Microsoft Games
[2010/10/26 20:30:21 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/10/26 20:30:21 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/10/14 23:02:19 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 23:02:12 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 23:02:11 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 23:02:09 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 23:02:09 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 23:02:03 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 23:02:00 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/14 23:01:10 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 23:01:06 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 23:01:02 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 23:01:02 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 22:59:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/14 22:59:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/14 22:59:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/14 22:59:37 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/14 22:59:09 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 22:59:09 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/09/15 19:14:02 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2010/09/15 19:14:00 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010/09/15 19:14:00 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
 
[color=#E56717]========== Files - Modified Within 360 Days ==========[/color]
 
[2011/09/07 10:17:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2992021353-1665391232-650672208-1000UA.job
[2011/09/07 10:15:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/07 09:33:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 09:33:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 08:12:48 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
[2011/09/07 03:05:27 | 000,721,976 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/07 03:05:27 | 000,606,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/07 03:05:27 | 000,105,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/07 00:15:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/06 23:33:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/06 23:31:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/09/06 23:30:56 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/09/06 23:26:55 | 000,721,764 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/06 22:11:08 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhp.job
[2011/09/06 16:49:44 | 524,288,000 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2011/09/03 15:18:36 | 000,002,027 | ---- | M] () -- C:\Users\hp\Desktop\Google Chrome.lnk
[2011/09/03 15:18:36 | 000,001,989 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/03 11:17:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2992021353-1665391232-650672208-1000Core.job
[2011/09/02 22:36:31 | 076,035,536 | ---- | M] () -- C:\Users\hp\Desktop\9294ace4.exe
[2011/08/27 23:29:41 | 000,011,356 | -HS- | M] () -- C:\ProgramData\uv7lwmos5575ht87g8p62wnfot2qk736e83258x881af
[2011/08/27 23:29:40 | 000,011,356 | -HS- | M] () -- C:\Users\hp\AppData\Local\uv7lwmos5575ht87g8p62wnfot2qk736e83258x881af
[2011/08/25 21:23:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\hp\Desktop\dds.scr
[2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\Users\hp\AppData\Local\wlmg.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\skmt.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\mujq.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\Users\hp\AppData\Local\ksuv.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\ilmf.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\gyqb.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\Users\hp\AppData\Local\bokv.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\Users\hp\AppData\Local\aqox.exe
[2011/08/15 18:08:05 | 000,000,495 | ---- | M] () -- C:\Users\hp\Desktop\careerbuilder.lnk
[2011/08/12 21:42:04 | 366,480,935 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/11 17:59:01 | 000,002,551 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2011/07/26 11:32:03 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/13 12:45:12 | 000,316,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/11 00:12:19 | 000,064,223 | ---- | M] () -- C:\Users\hp\Documents\n7167105_7922006484493_17211671_42456545_1729103_n.jpg
[2011/07/10 22:50:05 | 000,065,351 | ---- | M] () -- C:\Users\hp\Documents\n7221989_909086702523_17211671_43021557_619195_n.jpg
[2011/06/21 10:06:39 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/06/21 10:04:47 | 000,759,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/21 10:04:46 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/21 10:04:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/06/21 10:03:59 | 000,422,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/06/21 09:49:41 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/06/21 09:48:11 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/21 09:47:36 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/06/21 09:47:36 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/21 08:41:18 | 000,485,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/06/21 08:13:51 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/20 02:45:17 | 004,699,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/06/17 10:16:33 | 000,451,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/06/15 10:16:53 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/05/22 17:29:33 | 000,216,593 | ---- | M] () -- C:\Users\hp\Documents\iyca important info.xps
[2011/05/22 17:15:36 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/22 16:11:59 | 000,006,080 | ---- | M] () -- C:\Users\hp\AppData\Local\d3d9caps.dat
[2011/05/22 16:11:31 | 000,000,732 | ---- | M] () -- C:\Users\hp\AppData\Local\d3d9caps64.dat
[2011/05/09 20:34:25 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/08 20:50:25 | 000,000,104 | ---- | M] () -- C:\Users\hp\Desktop\Internet - Shortcut.lnk
[2011/05/01 21:08:45 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/01 21:04:25 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/01 17:56:02 | 000,000,663 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire.lnk
[2011/05/01 17:56:02 | 000,000,639 | ---- | M] () -- C:\Users\hp\Desktop\FrostWire.lnk
[2011/04/28 21:48:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys
[2011/04/21 09:24:26 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2011/04/21 08:57:48 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2011/04/20 09:58:37 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/04/13 22:50:09 | 000,008,704 | ---- | M] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/12 10:15:13 | 001,210,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/04/06 16:26:58 | 000,237,856 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/04/06 16:26:58 | 000,119,584 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/04/06 16:26:58 | 000,096,544 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/04/06 16:26:58 | 000,069,408 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[2011/03/27 21:56:42 | 000,001,141 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/03/12 16:52:03 | 001,653,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/03/12 15:55:52 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/03/10 11:18:03 | 001,360,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/03/10 11:18:02 | 001,398,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/03/10 11:03:51 | 001,162,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/03/10 11:03:51 | 001,136,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/03/03 09:59:49 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2011/03/03 09:40:13 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011/03/03 08:00:00 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011/03/03 07:35:36 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011/03/02 10:12:19 | 000,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/02/24 10:38:07 | 000,991,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/02/24 10:38:07 | 000,979,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/02/24 10:37:57 | 001,076,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/02/24 10:37:57 | 001,063,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/02/24 10:37:53 | 000,020,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/02/24 10:37:53 | 000,018,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/02/24 10:37:53 | 000,017,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/02/22 08:47:08 | 000,479,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/22 08:13:01 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/22 07:53:33 | 001,555,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/02/18 16:36:58 | 004,184,352 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2011/02/16 10:43:31 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/16 10:40:21 | 000,755,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/16 10:37:47 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/16 10:18:53 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/16 10:16:37 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/02/16 08:15:24 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/02/16 08:02:23 | 000,292,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/01/26 22:48:09 | 000,000,994 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/26 22:48:09 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/01/21 10:50:13 | 000,456,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll
[2011/01/20 10:17:15 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2011/01/20 10:17:03 | 000,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2011/01/20 10:16:53 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2011/01/20 10:16:52 | 001,268,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2011/01/20 10:16:52 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/20 10:16:52 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/20 10:16:47 | 000,748,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2011/01/20 10:16:40 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/20 10:16:33 | 001,204,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2011/01/20 10:16:10 | 003,548,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/01/20 10:16:08 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2011/01/20 10:14:49 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2011/01/20 10:14:49 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/01/20 10:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/01/20 10:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2011/01/20 10:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2011/01/20 09:01:50 | 003,068,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2011/01/20 08:59:59 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2011/01/20 08:58:38 | 001,461,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2011/01/20 08:57:28 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/20 08:42:00 | 001,257,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2011/01/20 08:41:29 | 000,428,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2011/01/20 08:40:17 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/01/20 08:40:14 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2011/01/20 08:40:11 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2011/01/20 08:37:06 | 002,002,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/20 08:35:30 | 000,566,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2011/01/20 08:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2011/01/20 08:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2011/01/20 08:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/20 08:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2011/01/20 08:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2011/01/20 08:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2011/01/20 08:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/01/20 08:06:15 | 000,834,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2010/12/29 13:01:38 | 000,416,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2010/12/29 13:01:38 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sbeio.dll
[2010/12/29 13:01:24 | 000,559,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2010/12/29 12:59:41 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/12/29 12:28:45 | 000,322,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2010/12/29 12:28:45 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll
[2010/12/29 12:28:28 | 000,429,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2010/12/29 12:26:47 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/12/28 10:08:18 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2010/12/28 09:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2010/12/20 10:59:00 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/12/17 11:34:20 | 002,425,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2010/12/17 09:45:10 | 002,067,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2010/12/17 09:41:41 | 000,731,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2010/12/17 07:54:03 | 000,677,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2010/12/14 10:15:49 | 001,251,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010/11/06 05:18:48 | 000,500,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010/11/06 05:18:27 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010/11/06 05:18:27 | 000,410,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010/11/04 17:58:17 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010/11/04 12:55:38 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/11/04 12:55:38 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/11/01 13:13:03 | 001,452,996 | ---- | M] () -- C:\Users\hp\Desktop\tmj.jpg
[2010/11/01 13:13:03 | 001,452,996 | ---- | M] () -- C:\Users\hp\Desktop\DSC_0187-3-2.jpg
[2010/11/01 12:52:56 | 000,012,870 | ---- | M] () -- C:\Users\hp\Desktop\shiraz.3.jpg
[2010/10/18 09:35:48 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010/10/15 07:43:22 | 001,585,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/10/12 22:21:40 | 000,004,033 | ---- | M] () -- C:\Users\hp\Desktop\shiraz2.jpg
[2010/09/13 10:13:56 | 013,426,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/09/13 09:46:13 | 010,627,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/09/13 08:32:37 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/09/13 07:56:41 | 008,147,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/09/06 23:30:56 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/09/06 23:26:55 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/06 23:26:31 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/09/02 22:36:28 | 076,035,536 | ---- | C] () -- C:\Users\hp\Desktop\9294ace4.exe
[2011/09/02 21:20:27 | 524,288,000 | ---- | C] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2011/08/16 20:14:16 | 000,011,356 | -HS- | C] () -- C:\Users\hp\AppData\Local\uv7lwmos5575ht87g8p62wnfot2qk736e83258x881af
[2011/08/16 20:14:16 | 000,011,356 | -HS- | C] () -- C:\ProgramData\uv7lwmos5575ht87g8p62wnfot2qk736e83258x881af
[2011/08/16 20:14:15 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\wlmg.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\skmt.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\mujq.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\ksuv.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\ilmf.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\gyqb.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\bokv.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\aqox.exe
[2011/08/15 16:27:04 | 000,000,495 | ---- | C] () -- C:\Users\hp\Desktop\careerbuilder.lnk
[2011/07/26 11:32:03 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/11 00:12:17 | 000,064,223 | ---- | C] () -- C:\Users\hp\Documents\n7167105_7922006484493_17211671_42456545_1729103_n.jpg
[2011/07/10 22:50:04 | 000,065,351 | ---- | C] () -- C:\Users\hp\Documents\n7221989_909086702523_17211671_43021557_619195_n.jpg
[2011/05/22 17:29:30 | 000,216,593 | ---- | C] () -- C:\Users\hp\Documents\iyca important info.xps
[2011/05/22 17:15:36 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/22 17:15:35 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/09 20:34:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/08 20:50:25 | 000,000,104 | ---- | C] () -- C:\Users\hp\Desktop\Internet - Shortcut.lnk
[2011/05/01 21:08:45 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/01 21:04:25 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/01 21:02:53 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/01 17:56:02 | 000,000,663 | ---- | C] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire.lnk
[2011/05/01 17:56:02 | 000,000,639 | ---- | C] () -- C:\Users\hp\Desktop\FrostWire.lnk
[2011/04/28 22:12:35 | 000,000,732 | ---- | C] () -- C:\Users\hp\AppData\Local\d3d9caps64.dat
[2011/04/28 21:48:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/04/27 21:29:57 | 000,002,027 | ---- | C] () -- C:\Users\hp\Desktop\Google Chrome.lnk
[2011/04/27 21:29:57 | 000,001,989 | ---- | C] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/27 21:26:23 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2992021353-1665391232-650672208-1000UA.job
[2011/04/27 21:26:08 | 000,000,844 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2992021353-1665391232-650672208-1000Core.job
[2011/04/13 21:35:04 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/04/13 21:35:04 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/04/13 21:35:03 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2011/04/13 21:35:02 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/13 21:35:02 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/04/13 21:35:00 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/03/28 23:29:28 | 366,480,935 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/03/27 21:56:42 | 000,001,141 | ---- | C] () -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/03/20 14:01:39 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForhp.job
[2011/02/23 21:39:16 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2011/02/23 21:39:16 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2011/02/23 21:39:15 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2011/02/23 21:39:15 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2011/02/23 21:39:15 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2011/02/23 21:39:15 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2011/01/26 22:48:09 | 000,000,994 | ---- | C] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/26 22:48:09 | 000,000,970 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/11/01 13:26:11 | 001,452,996 | ---- | C] () -- C:\Users\hp\Desktop\tmj.jpg
[2010/11/01 12:53:33 | 000,012,870 | ---- | C] () -- C:\Users\hp\Desktop\shiraz.3.jpg
[2010/10/12 22:26:38 | 000,004,033 | ---- | C] () -- C:\Users\hp\Desktop\shiraz2.jpg
[2010/08/22 21:17:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/16 22:21:06 | 000,023,111 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/06/25 22:30:47 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/06/25 22:30:17 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/06/25 22:29:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/06/22 22:51:15 | 000,008,704 | ---- | C] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/20 16:14:11 | 000,006,080 | ---- | C] () -- C:\Users\hp\AppData\Local\d3d9caps.dat
[2009/05/31 23:00:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/05/31 22:33:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/10/28 03:32:24 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/10/28 03:32:24 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/10/28 03:32:24 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/09/06 23:31:11 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >
jerermyw
Active Member
 
Posts: 9
Joined: August 25th, 2011, 10:04 pm

Re: Adware and Trojan on Vista / HP Laptop

Unread postby askey127 » September 8th, 2011, 8:43 am

jerermyw,
I see you have also had Frostwire on here, in addition to Ares. No need to guess further about where the serious infections came from.
It's not your relatives.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
    IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
    IE - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
    IE - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2929271
    IE - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-2992021353-1665391232-650672208-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKU\S-1-5-21-2992021353-1665391232-650672208-1000..\Run: [ares]  File not found
    O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -  File not found
    O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} -  File not found
    [2011/05/01 17:56:44 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\FrostWire
    [2011/05/01 17:56:02 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
    [2011/05/01 17:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire
    [2011/02/20 19:55:03 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Conduit
    [2010/11/16 17:38:29 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Ares
    [2010/11/16 17:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
    [2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\ilmf.exe
    [2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\gyqb.exe
    [2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\skmt.exe
    [2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\mujq.exe
    [2011/05/01 17:56:02 | 000,000,663 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire.lnk
    [2011/05/01 17:56:02 | 000,000,639 | ---- | M] () -- C:\Users\hp\Desktop\FrostWire.lnk
    [2011/05/01 17:56:02 | 000,000,663 | ---- | C] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire.lnk
    [2011/05/01 17:56:02 | 000,000,639 | ---- | C] () -- C:\Users\hp\Desktop\FrostWire.lnk
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
----------------------------------------------
Run a Quick scan with Microsoft Security Essentials and let it remove anything it finds.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Adware and Trojan on Vista / HP Laptop

Unread postby jerermyw » September 11th, 2011, 9:20 pm

I ran the script for OTL. It ran and rebooted.

My friend scanned OTL.exe on his computer and it reported a virus in it and quarantined it. It identified Trojan.Siggen2.64145

Code: Select all
OTL logfile created on: 9/11/2011 7:29:44 PM - Run 2
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\hp\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.90 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 62.43% Memory free
7.98 Gb Paging File | 6.35 Gb Available in Paging File | 79.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.41 Gb Total Space | 233.66 Gb Free Space | 81.58% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 1.90 Gb Free Space | 16.24% Space Free | Partition Type: NTFS
 
Computer Name: HP-PC | User Name: hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/09/07 08:12:48 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2009/03/09 18:54:12 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2009/02/25 19:53:16 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/02/24 17:58:00 | 000,203,872 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/02/24 16:04:52 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/02/13 13:11:22 | 001,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2009/02/13 13:09:36 | 000,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/02/04 16:57:06 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/11/04 21:04:16 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2009/02/13 13:09:34 | 000,906,536 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/04 16:57:08 | 000,267,656 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
MOD - [2009/02/04 16:57:08 | 000,124,288 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
MOD - [2009/02/04 16:57:08 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
MOD - [2009/02/04 16:57:06 | 000,349,480 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll
MOD - [2009/01/27 22:37:20 | 007,331,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/01/27 22:37:20 | 002,023,424 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/01/27 22:37:10 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2009/01/28 07:15:24 | 000,290,304 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2008/11/17 13:22:44 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe -- (AESTFilters)
SRV:[b]64bit:[/b] - [2008/08/26 08:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:[b]64bit:[/b] - [2008/03/18 17:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:[b]64bit:[/b] - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/09 18:54:12 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2009/02/24 16:04:52 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/02/04 16:57:06 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2010/06/15 19:08:31 | 002,041,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:[b]64bit:[/b] - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:[b]64bit:[/b] - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2009/02/25 07:53:26 | 000,137,056 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:[b]64bit:[/b] - [2009/01/28 07:16:06 | 000,473,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2008/12/30 06:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:[b]64bit:[/b] - [2008/12/03 07:21:52 | 000,184,832 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:[b]64bit:[/b] - [2008/11/21 11:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:[b]64bit:[/b] - [2008/10/28 03:33:30 | 008,039,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2008/06/04 11:55:16 | 000,129,536 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:[b]64bit:[/b] - [2008/03/27 13:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:[b]64bit:[/b] - [2008/03/27 13:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:[b]64bit:[/b] - [2008/01/31 17:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:[b]64bit:[/b] - [2008/01/20 20:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R)
DRV:[b]64bit:[/b] - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:[b]64bit:[/b] - [2006/10/03 19:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.facebook.com/?ref=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\hp\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\hp\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/16 22:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files (x86)\HBLite\bin\11.0.323.0\firefox\extensions [2010/11/16 17:37:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/16 22:21:31 | 000,000,000 | ---D | M]
 
[2011/04/02 09:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\Mozilla\Extensions
 
O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O2 - BHO: (Play Pickle Text) - {02F0243C-2E71-4a1a-A790-6C30888119D0} - C:\Program Files (x86)\Play Pickle\pptl.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E50ADA55-898B-4EA5-A392-AAEAE55710F0} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.107.31.80 129.107.62.80 129.107.45.80
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2889C24E-36A7-4D71-8751-ADC3AE692189}: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DE08706-2161-4C12-92EC-E6829B0DD85D}: DhcpNameServer = 129.107.31.80 129.107.62.80 129.107.45.80
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/09/11 18:56:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/11 18:54:25 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL2.exe
[2011/09/07 08:12:43 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
[2011/09/06 23:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/09/06 23:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/09/06 23:25:45 | 000,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/09/02 22:57:53 | 000,000,000 | ---D | C] -- C:\Users\hp\DoctorWeb
[2011/08/27 23:32:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\hp\Desktop\dds.scr
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/09/11 19:17:06 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2992021353-1665391232-650672208-1000UA.job
[2011/09/11 19:15:10 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/11 19:12:55 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/11 19:12:54 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/11 19:12:51 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/11 19:09:26 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhp.job
[2011/09/11 19:09:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/11 19:07:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/09/11 18:54:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL2.exe
[2011/09/11 15:05:25 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2992021353-1665391232-650672208-1000Core.job
[2011/09/07 08:12:48 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
[2011/09/07 03:05:27 | 000,721,976 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/07 03:05:27 | 000,606,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/07 03:05:27 | 000,105,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/06 23:30:56 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/09/06 23:26:55 | 000,721,764 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/03 15:18:36 | 000,002,027 | ---- | M] () -- C:\Users\hp\Desktop\Google Chrome.lnk
[2011/09/03 15:18:36 | 000,001,989 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/02 22:36:31 | 076,035,536 | ---- | M] () -- C:\Users\hp\Desktop\9294ace4.exe
[2011/08/27 23:29:41 | 000,011,356 | -HS- | M] () -- C:\ProgramData\uv7lwmos5575ht87g8p62wnfot2qk736e83258x881af
[2011/08/27 23:29:40 | 000,011,356 | -HS- | M] () -- C:\Users\hp\AppData\Local\uv7lwmos5575ht87g8p62wnfot2qk736e83258x881af
[2011/08/25 21:23:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\hp\Desktop\dds.scr
[2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\Users\hp\AppData\Local\wlmg.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\Users\hp\AppData\Local\ksuv.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\Users\hp\AppData\Local\bokv.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | M] () -- C:\Users\hp\AppData\Local\aqox.exe
[2011/08/15 18:08:05 | 000,000,495 | ---- | M] () -- C:\Users\hp\Desktop\careerbuilder.lnk
[2011/08/12 21:42:04 | 366,480,935 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/09/06 23:30:56 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/09/06 23:26:55 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/06 23:26:31 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/09/02 22:36:28 | 076,035,536 | ---- | C] () -- C:\Users\hp\Desktop\9294ace4.exe
[2011/08/16 20:14:16 | 000,011,356 | -HS- | C] () -- C:\Users\hp\AppData\Local\uv7lwmos5575ht87g8p62wnfot2qk736e83258x881af
[2011/08/16 20:14:16 | 000,011,356 | -HS- | C] () -- C:\ProgramData\uv7lwmos5575ht87g8p62wnfot2qk736e83258x881af
[2011/08/16 20:14:15 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\wlmg.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\ksuv.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\bokv.exe
[2011/08/16 20:14:15 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\aqox.exe
[2011/08/15 16:27:04 | 000,000,495 | ---- | C] () -- C:\Users\hp\Desktop\careerbuilder.lnk
[2011/05/09 20:34:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/28 22:12:35 | 000,000,732 | ---- | C] () -- C:\Users\hp\AppData\Local\d3d9caps64.dat
[2011/04/13 21:35:04 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/04/13 21:35:04 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/04/13 21:35:02 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/13 21:35:02 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/04/13 21:35:00 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/08/22 21:17:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/16 22:21:06 | 000,023,111 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/06/25 22:30:47 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/06/25 22:30:17 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/06/25 22:29:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/06/22 22:51:15 | 000,008,704 | ---- | C] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/20 16:14:11 | 000,006,080 | ---- | C] () -- C:\Users\hp\AppData\Local\d3d9caps.dat
[2009/05/31 23:00:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/05/31 22:33:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/10/28 03:32:24 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/10/28 03:32:24 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/10/28 03:32:24 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >
Last edited by jerermyw on September 11th, 2011, 9:47 pm, edited 1 time in total.
jerermyw
Active Member
 
Posts: 9
Joined: August 25th, 2011, 10:04 pm

Re: Adware and Trojan on Vista / HP Laptop

Unread postby jerermyw » September 11th, 2011, 9:28 pm

I ran the script for OTL. It ran and rebooted.

My friend scanned OTL.exe on his computer and it reported a virus in it and quarantined it. It identified Trojan.Siggen2.64145

[code][/code]
jerermyw
Active Member
 
Posts: 9
Joined: August 25th, 2011, 10:04 pm

Re: Adware and Trojan on Vista / HP Laptop

Unread postby askey127 » September 12th, 2011, 1:55 pm

jerermyw,
OTL does not report viruses, ever.

If his antivirus reported OTL itself as infected, it is a false positive on the part of the antivirus.
The program OTL.exe can usually be plugged into an antivirus as a file to ignore, if necessary, or the Antivirus can be disabled during the OTL download and OTL scan.

Some of the antivirus programs are offered and updated by not-too-careful work crews.
Virtually all of the legitimate anti-spyware programs have been reported as viruses by some AV at one time or another.

Now back to your Machine:
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E50ADA55-898B-4EA5-A392-AAEAE55710F0} - No CLSID value found.
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKCU..\Run: [WMPNSCFG]  File not found
    
    :Files
    C:\Program Files (x86)\Ask.com
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Adware and Trojan on Vista / HP Laptop

Unread postby jerermyw » September 14th, 2011, 11:00 am

OTL report.

Code: Select all
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E50ADA55-898B-4EA5-A392-AAEAE55710F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E50ADA55-898B-4EA5-A392-AAEAE55710F0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
========== FILES ==========
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\hp\Desktop\cmd.bat deleted successfully.
C:\Users\hp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: hp
->Temp folder emptied: 1427873 bytes
->Temporary Internet Files folder emptied: 54040160 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3973 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 619704 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 54.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.27.0 log created on 09132011_234328

Files\Folders moved on Reboot...
C:\Users\hp\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LSWOU6JB\like[1].htm not found!
File\Folder C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LSWOU6JB\viewtopic[1].htm not found!
File\Folder C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BYKJ39FE\bing_com[1].htm not found!
C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BYKJ39FE\bing_com[2].htm moved successfully.
File\Folder C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BYKJ39FE\like[1].htm not found!
C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BYKJ39FE\u[1].htm moved successfully.
C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5YC53C2B\r[1].htm moved successfully.
File\Folder C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5YC53C2B\r[2].htm not found!
C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...
jerermyw
Active Member
 
Posts: 9
Joined: August 25th, 2011, 10:04 pm

Re: Adware and Trojan on Vista / HP Laptop

Unread postby askey127 » September 14th, 2011, 12:25 pm

jerermyw,

------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
In the first section on the page, labeled Java SE 7(JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform (Windows 64-bit), and click it.
Download it, choose Save, and save it to your desktop.
Then right click and choose "Run as administrator", and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.

When it finishes, you can remove the Installer from your desktop.
Tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Adware and Trojan on Vista / HP Laptop

Unread postby jerermyw » September 17th, 2011, 8:22 pm

The computer has made some gains in booting faster initially, but no dramatic increases afterwards. I perceive that some or most of the "malware" has been removed since the system seems to be moving with less interruptions. I have some problems that I probably introduced along the way that are probably not malware related i.e. size of desktop icons that don't seem to change. Since malware works hidden it is hard for me to identify anything other than a feeling. Let me know if there is anything else I need to do. I assume we have probably already "cleaned" temp files and such as your introductory guides suggest for slow computers.

Thank you. Let me know what you think.

JW
jerermyw
Active Member
 
Posts: 9
Joined: August 25th, 2011, 10:04 pm

Re: Adware and Trojan on Vista / HP Laptop

Unread postby askey127 » September 18th, 2011, 5:56 am

jerermyw,
You appear to be good to go.
Since we needed to clear out the DNS cache, your Internet surfing will be a bit slower for a few days until it rebuilds the collection of website locations. It should then be a bit faster.

Good Luck, and please avoid P2P programs if you value your machine.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 287 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware