WiredWX Hobby Weather ToolsLog in

 


I have some sort of malware linked to an antivirus scam

2 posters

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam27th November 2010, 7:25 am

more_horiz
========== Files/Folders - Created Within 30 Days ==========

[2010/11/27 01:00:04 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Missy\Desktop\OTL.exe
[2010/11/25 09:00:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/25 08:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/11/23 20:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/11/23 20:34:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/23 20:34:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/23 20:34:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/11/22 14:35:52 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/15 09:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2010/11/09 05:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ezt
[2010/11/05 13:31:59 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/11/05 13:30:17 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/11/05 13:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/11/05 13:29:55 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/11/05 13:29:55 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/11/05 13:29:55 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/05 13:29:55 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/11/05 13:13:22 | 000,000,000 | ---D | C] -- C:\Users\Missy\AppData\Local\Windows Live
[2010/11/05 13:12:57 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/11/05 13:12:57 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/11/05 13:12:57 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/11/05 13:12:57 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/11/05 13:12:57 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/11/05 13:12:56 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/11/05 13:12:55 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/11/05 12:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/11/05 12:27:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010/11/05 12:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/11/05 12:23:53 | 000,138,752 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l02t.dll
[2010/11/05 12:20:13 | 000,644,456 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2010/11/05 12:20:12 | 001,422,848 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwtiop4.dll
[2010/11/05 12:20:12 | 000,906,240 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpwwiax5.dll
[2010/11/05 12:20:10 | 000,553,472 | ---- | C] (Hewlett Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2010/11/03 10:49:37 | 000,000,000 | ---D | C] -- C:\Users\Missy\AppData\Roaming\Dropbox
[2010/11/02 12:36:33 | 000,000,000 | ---D | C] -- C:\Users\Missy\.android
[2010/10/29 13:47:39 | 000,125,344 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2010/10/29 13:47:39 | 000,013,728 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2010/10/29 13:47:39 | 000,013,728 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2010/10/29 09:47:08 | 000,036,256 | ---- | C] (Google Inc) -- C:\Windows\SysNative\drivers\androidusb.sys
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Missy\Documents\*.tmp files -> C:\Users\Missy\Documents\*.tmp -> ]
[1 C:\Users\Missy\AppData\Local\*.tmp files -> C:\Users\Missy\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/27 01:00:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Missy\Desktop\OTL.exe
[2010/11/27 00:58:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-416976048-2780482436-98884375-1001UA.job
[2010/11/27 00:57:26 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/27 00:57:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/26 21:26:42 | 000,009,167 | ---- | M] () -- C:\Users\Missy\Documents\Letter to Brent.docx
[2010/11/26 16:48:24 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/26 16:36:37 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-416976048-2780482436-98884375-1001Core.job
[2010/11/25 19:26:07 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/25 19:26:07 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/25 19:22:51 | 000,792,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/25 19:22:51 | 000,670,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/25 19:22:51 | 000,124,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/25 19:18:19 | 3163,709,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/25 09:12:39 | 000,000,000 | ---- | M] () -- C:\Users\Missy\Documents\Nuance Image Printer Writer Port
[2010/11/23 20:34:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/11/23 20:34:33 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/23 20:34:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/23 20:34:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/11/23 18:54:41 | 000,000,295 | ---- | M] () -- C:\Users\Missy\Documents\Document.rtf
[2010/11/23 17:08:28 | 000,001,069 | ---- | M] () -- C:\Users\Missy\Documents\CPS info.rtf
[2010/11/22 13:32:48 | 000,008,121 | ---- | M] () -- C:\Users\Missy\Documents\Injury comp letter 112210.rtf
[2010/11/22 11:32:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/11/05 14:33:38 | 000,228,949 | ---- | M] () -- C:\Windows\hpwins23.dat
[2010/11/05 12:41:46 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMissy.job
[2010/11/05 12:41:34 | 000,473,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/05 12:27:53 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/11/02 07:20:06 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2010/10/30 08:46:27 | 000,818,842 | ---- | M] () -- C:\Users\Missy\Desktop\Jeff 071310.jpg
[2010/10/29 11:02:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01007.Wdf
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Missy\Documents\*.tmp files -> C:\Users\Missy\Documents\*.tmp -> ]
[1 C:\Users\Missy\AppData\Local\*.tmp files -> C:\Users\Missy\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/23 17:08:27 | 000,001,069 | ---- | C] () -- C:\Users\Missy\Documents\CPS info.rtf
[2010/11/22 13:32:47 | 000,008,121 | ---- | C] () -- C:\Users\Missy\Documents\Injury comp letter 112210.rtf
[2010/11/21 19:35:49 | 000,000,295 | ---- | C] () -- C:\Users\Missy\Documents\Document.rtf
[2010/11/05 12:27:53 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/11/05 12:20:49 | 000,231,219 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2010/11/05 12:20:49 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2010/10/30 08:48:11 | 000,818,842 | ---- | C] () -- C:\Users\Missy\Desktop\Jeff 071310.jpg
[2010/10/29 11:02:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01007.Wdf
[2010/09/10 12:44:57 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2010/07/17 09:53:51 | 000,000,252 | ---- | C] () -- C:\Users\Missy\AppData\Roaming\wklnhst.dat
[2010/06/26 16:47:10 | 000,238,438 | ---- | C] () -- C:\Users\Missy\AppData\Local\tmp2010-03-13 18.49.43.0
[2010/06/26 16:47:10 | 000,121,423 | ---- | C] () -- C:\Users\Missy\AppData\Local\tmp2010-03-13 18.49.43.JPG
[2010/06/26 16:46:08 | 000,866,462 | ---- | C] () -- C:\Users\Missy\AppData\Local\tmp2010-06-26 01.10.42.JPG
[2010/06/26 16:46:07 | 000,957,721 | ---- | C] () -- C:\Users\Missy\AppData\Local\tmp2010-06-26 01.10.42.0
[2010/06/26 16:25:58 | 000,082,140 | ---- | C] () -- C:\Users\Missy\AppData\Local\tmp2010-06-26 01.12.01.JPG
[2010/06/24 12:27:29 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/06/24 12:27:29 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/05/12 14:48:02 | 000,970,530 | ---- | C] () -- C:\Users\Missy\AppData\Local\tmpDSCF1931.JPG
[2010/05/11 07:31:24 | 000,010,265 | ---- | C] () -- C:\Users\Missy\AppData\Local\tmpDAN IN HAWAII.JPG
[2010/05/10 15:38:21 | 000,000,000 | ---- | C] () -- C:\Windows\Route32.INI
[2010/05/10 15:37:48 | 000,000,033 | ---- | C] () -- C:\Windows\BOXERJAM.INI
[2010/05/06 08:20:16 | 003,569,832 | ---- | C] () -- C:\Users\Missy\AppData\Local\tmp030.JPG
[2010/04/23 18:32:45 | 001,596,390 | ---- | C] () -- C:\Users\Missy\AppData\Local\tmpSNC00010.0
[2010/04/23 18:32:45 | 000,540,976 | ---- | C] () -- C:\Users\Missy\AppData\Local\tmpSNC00010.JPG
[2010/04/22 10:34:34 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/04/19 13:31:01 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/18 10:10:10 | 000,002,941 | ---- | C] () -- C:\Users\Missy\AppData\Local\tmpTHE_MAN25_2005.JPG
[2010/04/18 10:10:10 | 000,002,913 | ---- | C] () -- C:\Users\Missy\AppData\Local\tmpTHE_MAN25_2005.0
[2010/04/06 09:40:49 | 000,000,004 | ---- | C] () -- C:\Users\Missy\AppData\Roaming\8CD7F2
[2010/04/06 09:40:48 | 000,870,128 | ---- | C] () -- C:\Users\Missy\AppData\Roaming\mcs.rma
[2010/04/03 12:21:10 | 000,238,303 | ---- | C] () -- C:\Users\Missy\AppData\Local\tmp2010-03-13 18.49.34.JPG
[2010/04/03 08:02:36 | 000,925,799 | ---- | C] () -- C:\Users\Missy\AppData\Local\tmpDSCF2151.JPG
[2010/03/21 06:03:53 | 000,022,679 | ---- | C] () -- C:\Users\Missy\AppData\Local\tmpFOR TIMMY.JPG
[2010/02/06 07:47:07 | 000,024,209 | ---- | C] () -- C:\Users\Missy\AppData\Roaming\UserTile.png
[2010/02/04 03:57:37 | 000,003,584 | ---- | C] () -- C:\Users\Missy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/04 03:55:24 | 000,000,088 | RHS- | C] () -- C:\ProgramData\8907F96578.sys
[2010/02/04 03:55:23 | 000,003,506 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/26 21:16:20 | 000,019,708 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/01/26 20:47:02 | 000,000,000 | ---- | C] () -- C:\Users\Missy\AppData\Local\QSwitch.txt
[2010/01/26 20:47:02 | 000,000,000 | ---- | C] () -- C:\Users\Missy\AppData\Local\DSwitch.txt
[2010/01/26 20:47:02 | 000,000,000 | ---- | C] () -- C:\Users\Missy\AppData\Local\AtStart.txt
[2010/01/26 20:47:00 | 000,000,191 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/12/24 04:00:30 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/12/24 04:00:26 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/12/24 04:00:15 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/12/24 03:59:59 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/12/24 03:59:26 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/12/24 03:56:08 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/12/24 03:56:08 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/12/24 03:56:08 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/12/24 03:56:08 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/12/24 03:56:08 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/12/24 03:56:08 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009/12/24 03:27:49 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2009/12/24 03:27:49 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/11/27 17:25:30 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/11/27 17:22:27 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/11/27 17:21:27 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/11/27 17:21:00 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/09/29 17:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 09:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/22 23:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/07/04 01:56:20 | 000,001,654 | -HS- | M] () -- C:\Users\Missy\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/26 20:47:59 | 000,000,221 | -HS- | M] () -- C:\Users\Missy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/09/03 13:22:08 | 000,000,186 | ---- | M] () -- C:\Users\Missy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url

< %USERPROFILE%\Desktop\*.exe >
[2010/11/27 01:00:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Missy\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/04/11 08:36:07 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/04/11 08:36:07 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/01/27 10:14:39 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/01/27 10:14:39 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/04/11 08:36:07 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/06/27 21:27:15 | 000,105,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2010/06/27 21:27:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2010/06/27 21:27:15 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2010/06/27 21:27:15 | 000,243,160 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/05 12:26:06 | 000,000,402 | -HS- | M] () -- C:\Users\Missy\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/03 08:02:01 | 000,000,088 | RHS- | M] () -- C:\ProgramData\8907F96578.sys
[2010/11/25 19:19:17 | 000,000,191 | ---- | M] () -- C:\ProgramData\HPWALog.txt
[2010/11/05 14:33:39 | 000,019,708 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/04/03 08:02:02 | 000,003,506 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2009/12/24 04:00:26 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/11/27 17:26:04 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/12/24 03:59:59 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/11/27 17:22:17 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/12/24 03:59:26 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/12/24 04:00:15 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/11/27 17:21:21 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/11/27 17:25:25 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/12/24 04:00:32 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2007/06/14 14:57:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysWOW64\PCASp50.sys
[2007/06/14 14:57:54 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysWOW64\PCASp50a64.sys
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/11/25 19:18:19 | 3163,709,440 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/08/12 05:13:07 | 135,888,164 | ---- | M] () -- C:\moto-droid2.01stock.sbf
[2010/11/25 19:18:25 | 4218,281,984 | -HS- | M] () -- C:\pagefile.sys
[2010/04/18 08:15:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\psapi.dll
[2010/07/25 06:55:45 | 006,345,657 | ---- | M] () -- C:\SPRecovery_ESE81.sbf
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI
[2010/08/14 12:15:33 | 010,184,104 | ---- | M] () -- C:\VZW_A855_ESD56_QSC6085BP_C_01.3E.01P_SW_UPDATE.sbf
[2010/08/14 12:15:33 | 009,553,535 | ---- | M] () -- C:\VZW_A855_ESE81_QSC6085BP_C_01.3E.03P_SW_UPDATE.sbf

< %PROGRAMFILES%\*. >
[2010/10/27 15:59:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/09/09 11:49:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ant Renamer
[2010/04/10 14:30:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/02/20 07:36:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2010/03/20 15:50:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AviSynth 2.5
[2010/07/27 19:05:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Babylon
[2010/04/30 06:36:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bandoo
[2010/03/19 15:40:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BlueAntDFU_Z9i
[2010/05/17 21:20:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/11/23 20:34:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/02/17 18:47:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2010/05/20 01:35:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Convert Multiple JPG Files To PDF Files Software
[2010/04/17 15:33:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Corel
[2009/11/27 17:26:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2010/09/04 07:14:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Driver Mender
[2010/09/03 15:37:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Encore
[2010/11/25 08:59:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ERUNT
[2010/11/22 12:25:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ezt
[2010/07/15 10:47:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free WMA to MP3 Converter
[2010/09/29 10:00:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/05/20 01:35:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GPLGS
[2010/07/16 04:58:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2010/11/05 12:25:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2009/11/27 16:00:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2010/08/31 20:22:39 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2009/12/24 03:35:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2010/11/25 08:01:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/05/17 21:21:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/10/29 23:00:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2009/12/24 03:29:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JMicron
[2010/02/20 08:15:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lame for Audacity
[2010/03/16 07:43:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LG Electronics
[2010/09/04 06:59:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LookInMyPC
[2010/09/14 09:44:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\maemo
[2010/08/26 06:54:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/10 10:20:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Messenger
[2010/10/16 09:44:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/11/22 14:13:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/08/17 16:10:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Small Business
[2010/04/22 11:59:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server
[2009/11/27 15:28:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/08/13 03:19:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/08/17 16:17:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/03/16 08:08:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mobile Stream
[2010/08/17 10:24:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Motorola
[2010/11/22 12:25:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/09/10 12:14:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN
[2010/01/27 07:00:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/09/03 13:22:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MyPhoneExplorer
[2010/05/25 04:37:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\myYearbook Toolbar
[2010/09/19 09:09:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nimbuzz
[2010/09/24 07:44:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nokia
[2009/12/24 04:01:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton Internet Security
[2009/12/24 04:00:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2010/03/03 17:13:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Novatel Wireless
[2010/08/31 20:22:45 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2010/07/17 10:35:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
[2010/10/29 13:47:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PdaNet for Android
[2010/08/02 16:43:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDF Reader 9.1
[2010/05/20 01:35:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDF Writer
[2010/07/15 10:47:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PlayItAll
[2010/07/08 11:31:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PlayItAll Media Player
[2010/10/16 16:44:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars
[2010/04/06 12:02:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pure Networks
[2010/04/12 20:59:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2010/02/12 11:49:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2010/03/28 16:07:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2010/03/20 15:50:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Red Kawa
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/03/20 15:50:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Regensoft
[2010/08/31 21:31:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Rhapsody
[2010/08/16 03:47:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RSD Lite
[2010/07/03 11:23:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Safari
[2010/04/22 10:34:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ScanSoft
[2010/03/31 17:54:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Singlesnet
[2010/03/08 04:03:32 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2010/09/03 11:15:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sprite Mobile
[2010/06/19 08:05:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SweetIM
[2009/11/27 16:15:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2009/07/13 22:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/04/06 09:39:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\V CAST Music with Rhapsody
[2010/04/06 08:53:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Verizon Wireless
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/11/05 13:32:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/05/12 02:02:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2009/12/24 03:54:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Components
[2010/10/16 14:00:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/13 23:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/01/26 20:39:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/03/23 05:12:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo Password
[2010/01/26 21:11:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
[2010/05/15 15:06:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\YInformer

< %appdata%\*.* >
[2010/10/15 19:54:42 | 000,000,004 | ---- | M] () -- C:\Users\Missy\AppData\Roaming\8CD7F2
[2010/10/15 19:54:42 | 000,870,128 | ---- | M] () -- C:\Users\Missy\AppData\Roaming\mcs.rma
[2010/02/06 07:47:07 | 000,024,209 | ---- | M] () -- C:\Users\Missy\AppData\Roaming\UserTile.png
[2010/07/17 11:18:18 | 000,000,252 | ---- | M] () -- C:\Users\Missy\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: EVENTLOG.DLL >
[2007/05/17 23:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2009/08/07 22:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\SwSetup\Drivers\IMSM\Winall\Driver\IaStor.sys
[2009/10/13 10:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/08/07 22:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\SwSetup\Drivers\IMSM\Winall\Driver64\IaStor.sys
[2009/08/07 22:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys
[2009/10/13 10:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/10/13 10:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/13 18:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/13 18:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam27th November 2010, 7:25 am

more_horiz
EXTRAS.TXT:


OTL Extras logfile created on: 11/27/2010 1:02:11 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Missy\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.63 Gb Total Space | 363.56 Gb Free Space | 81.04% Space Free | Partition Type: NTFS
Drive D: | 16.83 Gb Total Space | 2.72 Gb Free Space | 16.17% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 96.46 Mb Free Space | 97.41% Space Free | Partition Type: FAT32
Drive G: | 968.25 Mb Total Space | 401.84 Mb Free Space | 41.50% Space Free | Partition Type: FAT

Computer Name: MISSYS_LAPTOP | User Name: Missy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- C:\Users\Missy\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CE0034E-2119-4CDF-9597-DE28390A77F1}" = MobileMe Control Panel
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1AEC4664-06F1-4E56-AD0B-D7AFC3D86BC5}" = EasyTether
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{943BD9F2-E18A-4533-A6A7-B14326638958}" = Motorola Driver Installation 4.2.4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PDF Writer" = PDF Writer
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1747DF05-6890-440B-B094-2146F5DC50E0}" = HP MediaSmart SlingPlayer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CD4D45E-4851-496D-840F-2C2E752ECFB7}" = SweetIM Toolbar for Internet Explorer 3.9
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}" = HP User Guides 0153
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{3F470FED-77A1-4545-BF6E-AF687FF0B42D}" = RSDLite
"{3FF660F4-147B-48CB-B824-2B595759D9EF}" = VZAccess Manager
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F535C04-86BE-47D1-98C6-8AB26D28482B}" = Singlesnet
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform
"{5BE82B26-C982-4014-B1EB-E8E19642DCFC}" = Sprite Migrate
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BBBF237-A114-48E6-BBD0-A52BEF9CCFB2}" = Cisco Network Magic
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{75A0EB9D-2D1E-4FB7-BF61-498E33C73EB4}" = Motorola Driver Installation
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B2ADCB5-3F3D-478A-90A9-A8C04EF82BF6}" = Mobile Broadband Generic Drivers
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EAA36CC-E2CA-44AA-B113-CD65FD0F3AC8}" = ScanSoft PaperPort 11
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}" = Rhapsody MP3 Download Manager
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF64B968-C1E5-403C-8DDC-70893F576D19}" = BlueAntDFU_Z9i
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ant Renamer 2_is1" = Ant Renamer
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Bandoo" = Bandoo
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Convert Multiple JPG Files To PDF Files Software_is1" = Convert Multiple JPG Files To PDF Files Software
"ERUNT_is1" = ERUNT 1.1j
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LookInMyPC" = LookInMyPC
"Maemo Flasher 3.5_is1" = Maemo Flasher 3.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MPE" = MyPhoneExplorer
"MSNINST" = MSN
"myYearbook Toolbar" = myYearbook Toolbar
"Network MagicUninstall" = Network Magic
"Nimbuzz" = Nimbuzz 1.3.0
"NIS" = Norton Internet Security
"Password Recovery 5.0" = Password Recovery 5.0
"PdaNet_is1" = PdaNet for Android 2.45
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Rhapsody" = Rhapsody
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"Videora LG enV Touch Converter" = Videora LG enV Touch Converter 5.04
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Yahoo Password" = Yahoo Password
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInformer" = YInformer
"YouTube Downloader App" = YouTube Downloader App 2.03

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"Google Chrome" = Google Chrome
"HuluDesktop" = Hulu Desktop
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/26/2010 11:45:28 PM | Computer Name = Missys_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014

Error - 11/26/2010 11:45:28 PM | Computer Name = Missys_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014

Error - 11/26/2010 11:45:29 PM | Computer Name = Missys_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/26/2010 11:45:29 PM | Computer Name = Missys_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2013

Error - 11/26/2010 11:45:29 PM | Computer Name = Missys_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2013

Error - 11/26/2010 11:45:30 PM | Computer Name = Missys_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/26/2010 11:45:30 PM | Computer Name = Missys_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3089

Error - 11/26/2010 11:45:30 PM | Computer Name = Missys_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3089

Error - 11/27/2010 2:57:18 AM | Computer Name = Missys_Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/27/2010 3:00:13 AM | Computer Name = Missys_Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Hewlett-Packard Events ]
Error - 4/26/2010 5:20:03 PM | Computer Name = Missys_Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 5/24/2010 5:46:38 PM | Computer Name = Missys_Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 5/24/2010 5:46:38 PM | Computer Name = Missys_Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/5/2010 5:10:12 PM | Computer Name = Missys_Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/12/2010 5:46:21 PM | Computer Name = Missys_Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/12/2010 5:46:21 PM | Computer Name = Missys_Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/17/2010 12:45:00 PM | Computer Name = Missys_Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 8/14/2010 12:47:09 PM | Computer Name = Missys_Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 9/4/2010 12:29:56 PM | Computer Name = Missys_Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 9/19/2010 9:11:25 AM | Computer Name = Missys_Laptop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

[ Media Center Events ]
Error - 11/18/2010 10:46:22 AM | Computer Name = Missys_Laptop | Source = MCUpdate | ID = 0
Description = 8:46:22 AM - Error connecting to the internet. 8:46:22 AM - Unable
to contact server..

Error - 11/18/2010 10:46:59 AM | Computer Name = Missys_Laptop | Source = MCUpdate | ID = 0
Description = 8:46:52 AM - Error connecting to the internet. 8:46:52 AM - Unable
to contact server..

Error - 11/26/2010 6:37:57 PM | Computer Name = Missys_Laptop | Source = MCUpdate | ID = 0
Description = 4:37:57 PM - Error connecting to the internet. 4:37:57 PM - Unable
to contact server..

Error - 11/26/2010 6:38:32 PM | Computer Name = Missys_Laptop | Source = MCUpdate | ID = 0
Description = 4:38:26 PM - Error connecting to the internet. 4:38:26 PM - Unable
to contact server..

Error - 11/26/2010 7:39:06 PM | Computer Name = Missys_Laptop | Source = MCUpdate | ID = 0
Description = 5:39:06 PM - Error connecting to the internet. 5:39:06 PM - Unable
to contact server..

Error - 11/26/2010 7:39:39 PM | Computer Name = Missys_Laptop | Source = MCUpdate | ID = 0
Description = 5:39:35 PM - Error connecting to the internet. 5:39:35 PM - Unable
to contact server..

Error - 11/26/2010 8:40:10 PM | Computer Name = Missys_Laptop | Source = MCUpdate | ID = 0
Description = 6:40:10 PM - Error connecting to the internet. 6:40:10 PM - Unable
to contact server..

Error - 11/26/2010 8:40:40 PM | Computer Name = Missys_Laptop | Source = MCUpdate | ID = 0
Description = 6:40:39 PM - Error connecting to the internet. 6:40:39 PM - Unable
to contact server..

Error - 11/26/2010 9:41:11 PM | Computer Name = Missys_Laptop | Source = MCUpdate | ID = 0
Description = 7:41:11 PM - Error connecting to the internet. 7:41:11 PM - Unable
to contact server..

Error - 11/26/2010 9:41:41 PM | Computer Name = Missys_Laptop | Source = MCUpdate | ID = 0
Description = 7:41:41 PM - Error connecting to the internet. 7:41:41 PM - Unable
to contact server..

[ System Events ]
Error - 11/25/2010 11:04:00 AM | Computer Name = Missys_Laptop | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 11/25/2010 11:04:24 AM | Computer Name = Missys_Laptop | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 11/25/2010 11:05:02 AM | Computer Name = Missys_Laptop | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP

Error - 11/25/2010 11:05:43 AM | Computer Name = Missys_Laptop | Source = DCOM | ID = 10016
Description =

Error - 11/25/2010 11:36:43 AM | Computer Name = Missys_Laptop | Source = BROWSER | ID = 8032
Description =

Error - 11/25/2010 9:18:16 PM | Computer Name = Missys_Laptop | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 11/25/2010 9:18:16 PM | Computer Name = Missys_Laptop | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 11/25/2010 9:18:38 PM | Computer Name = Missys_Laptop | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 11/25/2010 9:19:00 PM | Computer Name = Missys_Laptop | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP

Error - 11/25/2010 9:19:48 PM | Computer Name = Missys_Laptop | Source = DCOM | ID = 10016
Description =


< End of report >

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam28th November 2010, 6:34 pm

more_horiz
Scan for malware

I have some sort of malware linked to an antivirus scam - Page 2 Bf_new Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam28th November 2010, 7:33 pm

more_horiz
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5207

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

11/28/2010 1:25:53 PM
mbam-log-2010-11-28 (13-25-53).txt

Scan type: Quick scan
Objects scanned: 202500
Time elapsed: 10 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\$Recycle.Bin\S-1-5-21-416976048-2780482436-98884375-1001\$R0RBMUS.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\Users\Missy\downloads\avupdate.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Missy\downloads\OTL.com (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\Users\Missy\downloads\OTL.scr (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam30th November 2010, 11:39 am

more_horiz
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam30th November 2010, 11:37 pm

more_horiz
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=951bd82f55ce984ea25724c5e89cfc32
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-30 11:29:11
# local_time=2010-11-30 05:29:11 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 10932295 10932295 0 0
# compatibility_mode=3588 16777214 85 85 28564614 39890935 0 0
# compatibility_mode=5893 16776573 100 94 0 42674961 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=488013
# found=13
# cleaned=13
# scan_time=28241
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Missy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\334136ca-6a2fb881 a variant of Java/Exploit.Agent.NAL trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Missy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-4444c199 Java/TrojanDownloader.Agent.NBK trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Missy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-77adb2e0 Java/TrojanDownloader.Agent.NBL trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Missy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\218affdd-61212ca6 a variant of Java/Rowindal.A trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Missy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-6d3d101f Java/TrojanDownloader.Agent.NBK trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Missy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5541aec4-1f653876 Java/TrojanDownloader.Agent.NBM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Missy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\556445eb-4ad4f57e probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Missy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-17af2eab Java/TrojanDownloader.Agent.NBL trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Missy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-40d20901 Java/TrojanDownloader.Agent.NBL trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Missy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\42441975-492f51f5 Java/TrojanDownloader.Agent.NBM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Missy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\fa8f07a-46015036 probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Missy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\43e0867f-2e2ad770 probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam1st December 2010, 2:49 am

more_horiz
Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam1st December 2010, 3:13 am

more_horiz
My computer seems less effecient lately, takes quite a while to download webpages despite dsl connection...even times out and makes me refresh to load a page. I had experienced the blue screen of death but haven't experienced it in a while...first situation of it was July?, not sure when it stopped, but believe about the end of September. It has been going along fairly well (slow/incomplete page loading), and last week my daughter and I each independently had facebook (her) and gmail (me) passwords compromised...mine was discovered when I had to reset my email password because it wouldn't let me log in...when I succeeded in changing my password, I received a couple of "delivery notification failure" emails and saw what had been sent out

Honestly I haven't paid attention to CPU usage, did go to msconfig and do a selective startup where I stopped process that weren't necessary...I hope. The selective startup changes has been done a few times in the time since I bought the computer in an effort to increace efficiency. The most recent "spring cleaning" I did on the startup was within the past couple of weeks I believe.

I have also been receiving a surprising number of pop-ups within the last month or so.

I'm not sure what else I can tell you, but please feel free to ask for whatever you need.

Thank you!

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam1st December 2010, 10:13 am

more_horiz
Please download RenewMyDNS by DragonMaster Jay.
  • Save it to your Desktop.
  • Double-click RenewMyDNS.exe to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete RenewMyDNS.exe

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam1st December 2010, 1:42 pm

more_horiz
I hadn't mentioned again in my last post that what initially brought me here was my system generating the antivirus malware linked to nugel.e...I did a system restore to an earlier date before hearing back from you and haven't had that pop up since.

==============================================================================================================


RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.3.2

Microsoft Windows [Version 6.1.7600]


``````````Network and DNS Information``````````



Windows IP Configuration

Host Name . . . . . . . . . . . . : Missys_Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : PdaNet Broadband Adapter #4
Physical Address. . . . . . . . . : 00-26-37-BD-39-42
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : EasyTether Tunnel Driver
Physical Address. . . . . . . . . : 02-00-54-74-68-72
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 90-4C-E5-BC-BD-83
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Missys Cable:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 43225 802.11b/g/n
Physical Address. . . . . . . . . : 90-4C-E5-BC-BD-83
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2c13:e2d9:2398:a42f%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, November 28, 2010 1:26:40 PM
Lease Expires . . . . . . . . . . : Thursday, December 02, 2010 7:27:15 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 378555621
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-C4-EB-9E-00-26-9E-BA-C2-8F
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-27-13-72-F8-2C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-26-9E-BA-C2-8F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C6DF5B1C-4839-473C-908E-9865BF765269}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{02D65E1E-D6C2-47D8-A9CC-55D30AE9D273}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c08:3770:479e:1f0e(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c08:3770:479e:1f0e%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{C2D6A75D-08A4-48EB-AE1F-7A462790C404}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F1FE0013-83E7-4687-8834-1DC5B6B7E27E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{28D65017-6E7B-4C85-84CD-F875F4662BD6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B2FD2ACC-F32C-4193-A738-3A749DAE66A2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


``````````Speed-test - Ping``````````

Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=114ms TTL=54
Reply from 72.30.2.43: bytes=32 time=113ms TTL=54
Reply from 72.30.2.43: bytes=32 time=114ms TTL=54
Reply from 72.30.2.43: bytes=32 time=113ms TTL=54

Ping statistics for 72.30.2.43:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 113ms, Maximum = 114ms, Average = 113ms

Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:
Reply from 64.202.189.170: bytes=32 time=121ms TTL=119
Reply from 64.202.189.170: bytes=32 time=117ms TTL=119
Reply from 64.202.189.170: bytes=32 time=122ms TTL=119
Reply from 64.202.189.170: bytes=32 time=118ms TTL=119

Ping statistics for 64.202.189.170:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 117ms, Maximum = 122ms, Average = 119ms

Pinging facebook.com [69.63.189.11] with 32 bytes of data:
Reply from 69.63.189.11: bytes=32 time=116ms TTL=245
Reply from 69.63.189.11: bytes=32 time=116ms TTL=245
Reply from 69.63.189.11: bytes=32 time=117ms TTL=245
Reply from 69.63.189.11: bytes=32 time=112ms TTL=245

Ping statistics for 69.63.189.11:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 112ms, Maximum = 117ms, Average = 115ms

Pinging google.com [209.85.225.104] with 32 bytes of data:
Reply from 209.85.225.104: bytes=32 time=80ms TTL=53
Reply from 209.85.225.104: bytes=32 time=82ms TTL=53
Reply from 209.85.225.104: bytes=32 time=78ms TTL=53
Reply from 209.85.225.104: bytes=32 time=82ms TTL=53

Ping statistics for 209.85.225.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 78ms, Maximum = 82ms, Average = 80ms

********************
EOF

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam2nd December 2010, 2:16 am

more_horiz
The log does reveal slower internet. Looks like it is being very latent.

Let's see what this picks up. If good, we can finish up.

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam4th December 2010, 5:37 pm

more_horiz
Is there a way I can send you the file with the results? I will have to break it up into several posts to get you the entire log. Please advise

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam5th December 2010, 1:33 am

more_horiz
Go to Mediafire.com and upload it, then post the download link here.

If you need help with MediaFire, let me know.

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam5th December 2010, 3:51 am

more_horiz
Here is the link:

http://www.mediafire.com/?ae1o3lvj0met2

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam6th December 2010, 7:17 pm

more_horiz
ESET Online Scan

Please run a free online scan once more with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionI have some sort of malware linked to an antivirus scam - Page 2 EmptyRe: I have some sort of malware linked to an antivirus scam

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum