Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: Malware for sure

  1. #11
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    From your DDS log

    TCP: {C7D3F404-1ABE-4855-AB37-AA214A87D281} = 93.188.164.125,93.188.160.205
    TCP: {EFC14176-A26F-4B19-8B0B-4D1960B7B5DD} = 93.188.164.125,93.188.160.205


    93.188.164.125.static.ukrtelegroup.com.ua (93.188.164.125)

    93.188.163.0 - 93.188.164.255
    Promnet Ltd.

    Ondrej Voloshin
    Ekaterininskaya str., 41, 65000, Odessa, Ukraine
    support@prom-net.com.ua
    +380504414402


    Hard to say, these people are like roaches that just come out at night. You clicked on a bad link and it infecfed you

    Years ago kids and people with nothing else to do wrote viruses, not anymore, all this garbage is written by gangs of cyber criminals.

    http://www.google.com/search?q=russi...ient=firefox-a

    There is a company in St Petersburg Russia called the RBN ( Russian Business Network ) They promote themselves as a legit company when in fact there resposible for about 2/3rds of all this garbage floating around.

    These people are mean and nasty , they disappear every once in awhile only to show up later in a different location. They make millions of dollars from not to savvy people buying what they are trying to sell. If your computer is infected by one of there rogue programs and they prompt you to purchase it to remove what it finds ( the only real infection is them ) what you would be doing is giving your credit card to criminals.



    Run OTL and post a new log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  2. #12
    Junior Member
    Join Date
    Feb 2011
    Posts
    14

    Default

    Thanks for all of the info!


    OTL logfile created on: 2/10/2011 3:55:14 PM - Run 2
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\hp\Downloads
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18904)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 64.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 140.96 Gb Total Space | 26.73 Gb Free Space | 18.96% Space Free | Partition Type: NTFS
    Drive D: | 8.09 Gb Total Space | 1.47 Gb Free Space | 18.17% Space Free | Partition Type: NTFS
    Drive F: | 15.30 Gb Total Space | 15.30 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

    Computer Name: CJS | User Name: hp | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
    PRC - C:\Users\hp\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
    PRC - C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
    PRC - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
    PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
    PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
    PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
    PRC - C:\WINDOWS\System32\wisptis.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\hp\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asOEHook.dll (Symantec Corporation)
    MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\Microsoft.VC90.CRT\msvcr90.dll (Microsoft Corporation)
    MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\Microsoft.VC90.CRT\msvcp90.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
    SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
    SRV - (hpqddsvc) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
    SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
    SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110210.003\NAVEX15.SYS (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110210.003\NAVENG.SYS (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
    DRV - (SYMTDIv) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMTDIV.SYS (Symantec Corporation)
    DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys (Symantec Corporation)
    DRV - (SRTSP) -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSP.SYS (Symantec Corporation)
    DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS (Symantec Corporation)
    DRV - (SMARTMouseFilterx86) -- C:\WINDOWS\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
    DRV - (SMARTVTabletPCx86) -- C:\WINDOWS\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
    DRV - (SMARTVHidMini2000x86) -- C:\WINDOWS\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
    DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS (Symantec Corporation)
    DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS (Symantec Corporation)
    DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110209.001\IDSvix86.sys (Symantec Corporation)
    DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS (Symantec Corporation)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Company)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (BCM43XX) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
    DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
    DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
    DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.)
    DRV - (CnxtHdAudService) -- C:\WINDOWS\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
    DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSXHWAZL) -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.)
    DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
    DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
    DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
    DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
    DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
    DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
    DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
    DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
    DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
    DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
    DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
    DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (UMPass) -- C:\WINDOWS\System32\drivers\umpass.sys (Microsoft Corporation)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
    DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
    DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
    DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)
    DRV - (ialm) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mrhancock.ca/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
    FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/15 11:56:24 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/02/05 21:03:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/02/05 21:02:21 | 000,000,000 | ---D | M]

    [2010/05/19 13:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Extensions
    [2010/05/19 13:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2010/11/27 12:21:59 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

    O1 HOSTS File: ([2011/02/06 16:31:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
    O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
    O4 - Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/05/04 13:59:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/10 06:51:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/02/09 18:12:20 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Apple
    [2011/02/08 16:41:51 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011/02/07 17:40:57 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Adobe
    [2011/02/06 22:48:42 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Apple Computer
    [2011/02/06 22:08:29 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Malwarebytes
    [2011/02/06 22:08:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/02/06 22:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/02/06 22:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/02/06 22:07:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/02/06 22:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/02/06 19:09:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/02/06 19:08:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/02/06 15:52:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/02/06 15:52:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/02/06 15:52:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/02/06 15:52:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/02/05 22:49:53 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\SUPERAntiSpyware.com
    [2011/02/05 22:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/02/05 22:16:17 | 000,000,000 | ---D | C] -- C:\Backup
    [2011/02/05 21:59:19 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
    [2011/02/05 21:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    [2011/02/05 21:28:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/02/05 21:14:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/02/05 21:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2011/02/05 21:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/02/05 21:02:59 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2011/02/05 21:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2011/02/05 21:02:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
    [2011/02/05 21:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
    [2011/02/05 21:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2011/02/05 21:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2011/02/05 19:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/02/05 19:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/02/05 19:36:24 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
    [2011/02/05 19:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
    [2011/02/05 19:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
    [2011/02/05 09:07:44 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Investigator
    [2011/02/05 09:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Investigator
    [2011/02/05 09:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Disk Investigator
    [2011/01/29 17:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/01/29 17:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/01/25 17:51:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}
    [2011/01/21 07:24:27 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Downloaded Installations
    [2011/01/18 20:17:17 | 000,127,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSWINSCK.OCX
    [2011/01/18 20:17:17 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\Windows\System32\aamd532.dll
    [2011/01/18 20:14:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2011/01/18 17:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2011/01/18 17:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2011/01/18 17:37:50 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\.clamwin
    [2011/01/18 17:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
    [2011/01/18 17:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\ClamWin
    [2011/01/18 17:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\.clamwin
    [2011/01/16 18:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
    [2010/02/03 23:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/02/10 15:34:45 | 000,155,116 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/02/10 15:34:23 | 000,000,255 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
    [2011/02/10 15:33:24 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/02/10 15:33:24 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/02/10 15:33:24 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/02/10 15:33:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/02/10 15:33:11 | 2078,916,608 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/09 19:55:43 | 000,216,576 | ---- | M] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/09 19:23:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/02/08 16:40:25 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011/02/07 20:23:40 | 000,155,116 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2011/02/07 20:22:49 | 000,000,680 | ---- | M] () -- C:\Users\hp\AppData\Local\d3d9caps.dat
    [2011/02/06 22:43:31 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/02/06 22:43:31 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/02/06 22:40:06 | 000,873,310 | ---- | M] () -- C:\Windows\System32\oem53.inf
    [2011/02/06 22:01:03 | 000,076,580 | ---- | M] () -- C:\Users\hp\AppData\Roaming\nvModes.001
    [2011/02/06 19:12:10 | 000,002,305 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
    [2011/02/06 16:31:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/02/06 16:11:43 | 2078,930,550 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/02/06 01:58:52 | 000,002,232 | ---- | M] () -- C:\{8907CF2F-C167-4E60-A9EC-A4698E13B7FE}
    [2011/02/06 01:29:43 | 000,002,584 | ---- | M] () -- C:\{A250B750-5A06-45AE-9EE8-FC86A47C9B61}
    [2011/02/05 23:26:31 | 000,002,400 | ---- | M] () -- C:\{726091D5-C88F-4DEC-BFA3-BD40095BE949}
    [2011/02/05 22:25:05 | 000,071,088 | ---- | M] () -- C:\Users\hp\Documents\cc_20110205_222455.reg
    [2011/02/05 21:13:02 | 000,000,913 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/02/05 21:02:59 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2011/02/05 21:02:59 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2011/02/05 21:02:59 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2011/02/05 20:56:11 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-2306492108-1335750355-2601094625-1000.job
    [2011/02/05 20:53:50 | 000,076,580 | ---- | M] () -- C:\Users\hp\AppData\Roaming\nvModes.dat
    [2011/02/05 19:21:38 | 000,002,272 | ---- | M] () -- C:\{2D49DAD0-6E02-4581-A1D0-3D236D680749}
    [2011/02/05 18:39:44 | 000,002,408 | ---- | M] () -- C:\{F433D8F5-63C6-4550-BD9B-695EFB044482}
    [2011/02/05 18:39:43 | 000,009,656 | ---- | M] () -- C:\{3A31629F-7EE1-47A4-BE03-270693871021}
    [2011/02/05 18:27:53 | 000,002,288 | ---- | M] () -- C:\{40C46778-E717-42C0-A28B-681C50168DB0}
    [2011/02/05 10:40:59 | 000,102,976 | ---- | M] () -- C:\Users\hp\Documents\cc_20110205_104019.reg
    [2011/02/05 10:17:48 | 000,011,808 | ---- | M] () -- C:\{0DEB647F-B05A-4671-A094-F1C515231C92}
    [2011/02/05 10:17:48 | 000,002,664 | ---- | M] () -- C:\{7EBA34AF-F909-499A-916A-F45881606E4A}
    [2011/02/04 20:13:40 | 000,011,453 | ---- | M] () -- C:\Users\hp\Documents\Brick.docx
    [2011/02/02 11:05:22 | 000,030,384 | ---- | M] () -- C:\{ADB7486A-54E5-45E1-A77A-63FFD8260844}
    [2011/01/31 08:23:48 | 000,002,280 | ---- | M] () -- C:\{1BB53319-C996-4F2D-B958-69F6805E0EB1}
    [2011/01/31 08:23:34 | 000,030,392 | ---- | M] () -- C:\{A32E979C-5994-4ED5-883B-33435B1646B1}
    [2011/01/29 16:54:45 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
    [2011/01/28 20:35:04 | 000,000,382 | ---- | M] () -- C:\Users\hp\Desktop\Celia.lnk
    [2011/01/27 18:34:30 | 000,030,384 | ---- | M] () -- C:\{C85E3D82-CFD9-4C77-9610-1D45E4AA3BE4}
    [2011/01/23 22:48:46 | 000,030,368 | ---- | M] () -- C:\{6BC61279-F3E2-439A-A7FF-5B840C953021}
    [2011/01/23 22:45:48 | 000,030,368 | ---- | M] () -- C:\{CA9AE55F-EDB0-40B9-A2B4-2591DAC8BE7D}
    [2011/01/23 22:42:50 | 000,030,368 | ---- | M] () -- C:\{808021E5-4016-4CB9-9442-B1391A180F91}
    [2011/01/22 10:40:32 | 008,037,633 | ---- | M] () -- C:\Users\hp\Documents\DVD Sleeves.docx
    [2011/01/22 09:14:08 | 000,117,568 | ---- | M] () -- C:\Users\hp\Documents\Jonathan Hancock Technology Story.pdf
    [2011/01/21 07:29:25 | 000,002,159 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART Board Tools.lnk
    [2011/01/11 16:08:56 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhp.job

    ========== Files Created - No Company Name ==========

    [2011/02/06 22:43:27 | 000,155,116 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2011/02/06 22:43:27 | 000,155,116 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2011/02/06 22:40:20 | 000,873,310 | ---- | C] () -- C:\Windows\System32\oem53.inf
    [2011/02/06 22:39:01 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2011/02/06 16:05:48 | 2078,930,550 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/02/06 15:52:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/02/06 15:52:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/02/06 15:52:51 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/02/06 15:52:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/02/06 15:52:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/02/06 01:58:51 | 000,002,232 | ---- | C] () -- C:\{8907CF2F-C167-4E60-A9EC-A4698E13B7FE}
    [2011/02/06 01:29:42 | 000,002,584 | ---- | C] () -- C:\{A250B750-5A06-45AE-9EE8-FC86A47C9B61}
    [2011/02/05 23:26:30 | 000,002,400 | ---- | C] () -- C:\{726091D5-C88F-4DEC-BFA3-BD40095BE949}
    [2011/02/05 22:24:58 | 000,071,088 | ---- | C] () -- C:\Users\hp\Documents\cc_20110205_222455.reg
    [2011/02/05 21:13:02 | 000,000,913 | ---- | C] () -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/02/05 21:02:59 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2011/02/05 21:02:59 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2011/02/05 20:38:44 | 2078,916,608 | -HS- | C] () -- C:\hiberfil.sys
    [2011/02/05 19:21:38 | 000,002,272 | ---- | C] () -- C:\{2D49DAD0-6E02-4581-A1D0-3D236D680749}
    [2011/02/05 18:39:43 | 000,009,656 | ---- | C] () -- C:\{3A31629F-7EE1-47A4-BE03-270693871021}
    [2011/02/05 18:39:43 | 000,002,408 | ---- | C] () -- C:\{F433D8F5-63C6-4550-BD9B-695EFB044482}
    [2011/02/05 18:27:53 | 000,002,288 | ---- | C] () -- C:\{40C46778-E717-42C0-A28B-681C50168DB0}
    [2011/02/05 10:40:32 | 000,102,976 | ---- | C] () -- C:\Users\hp\Documents\cc_20110205_104019.reg
    [2011/02/05 10:17:48 | 000,011,808 | ---- | C] () -- C:\{0DEB647F-B05A-4671-A094-F1C515231C92}
    [2011/02/05 10:17:48 | 000,002,664 | ---- | C] () -- C:\{7EBA34AF-F909-499A-916A-F45881606E4A}
    [2011/02/04 20:13:40 | 000,011,453 | ---- | C] () -- C:\Users\hp\Documents\Brick.docx
    [2011/02/02 11:05:22 | 000,030,384 | ---- | C] () -- C:\{ADB7486A-54E5-45E1-A77A-63FFD8260844}
    [2011/01/31 08:23:41 | 000,002,280 | ---- | C] () -- C:\{1BB53319-C996-4F2D-B958-69F6805E0EB1}
    [2011/01/31 08:23:34 | 000,030,392 | ---- | C] () -- C:\{A32E979C-5994-4ED5-883B-33435B1646B1}
    [2011/01/29 16:54:45 | 000,000,629 | ---- | C] () -- C:\Windows\System32\mapisvc.inf
    [2011/01/28 20:35:04 | 000,000,382 | ---- | C] () -- C:\Users\hp\Desktop\Celia.lnk
    [2011/01/27 18:34:30 | 000,030,384 | ---- | C] () -- C:\{C85E3D82-CFD9-4C77-9610-1D45E4AA3BE4}
    [2011/01/23 22:48:46 | 000,030,368 | ---- | C] () -- C:\{6BC61279-F3E2-439A-A7FF-5B840C953021}
    [2011/01/23 22:45:48 | 000,030,368 | ---- | C] () -- C:\{CA9AE55F-EDB0-40B9-A2B4-2591DAC8BE7D}
    [2011/01/23 22:42:50 | 000,030,368 | ---- | C] () -- C:\{808021E5-4016-4CB9-9442-B1391A180F91}
    [2011/01/22 09:14:05 | 000,117,568 | ---- | C] () -- C:\Users\hp\Documents\Jonathan Hancock Technology Story.pdf
    [2011/01/21 07:29:25 | 000,002,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART Board Tools.lnk
    [2011/01/04 18:52:24 | 000,001,940 | ---- | C] () -- C:\Users\hp\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/09/01 23:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2010/06/23 11:35:52 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/06/23 11:35:52 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/06/11 18:08:58 | 000,000,680 | ---- | C] () -- C:\Users\hp\AppData\Local\d3d9caps.dat
    [2010/05/14 18:52:23 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\FnF4.txt
    [2010/05/13 17:38:08 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
    [2010/05/12 15:08:49 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
    [2010/05/12 07:03:23 | 000,216,576 | ---- | C] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2007/05/04 13:45:22 | 000,004,829 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2007/02/27 15:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
    [2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2006/01/01 23:58:48 | 000,076,580 | ---- | C] () -- C:\Users\hp\AppData\Roaming\nvModes.001
    [2006/01/01 23:58:46 | 000,076,580 | ---- | C] () -- C:\Users\hp\AppData\Roaming\nvModes.dat
    [2006/01/01 08:34:39 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\QSwitch.txt
    [2006/01/01 08:34:39 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\DSwitch.txt
    [2006/01/01 08:34:39 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\AtStart.txt
    [2005/05/07 07:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

    ========== LOP Check ==========

    [2011/02/10 07:17:15 | 000,032,596 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >

  3. #13
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    You have a bunch of these entries in your OTL log, not sure what they are but when they dont Google there most times bad


    You need to enable windows to Show all Files and Folders
    Instructions for your Operating System HERE

    C:\{2D49DAD0-6E02-4581-A1D0-3D236D680749} <-- Delete this, but leave it you recycle bin. Reboot and see if there are any problems
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #14
    Junior Member
    Join Date
    Feb 2011
    Posts
    14

    Default

    I moved that file to the recycling bin. Should I run OTL again? Also I have many of those files under C:\ and they seem to be growing in number. Also I've started getting random poker pop ups here and there when I click a link from a site.

  5. #15
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets take a peek at one of those files

    Download and Run SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :file
      C:\{C85E3D82-CFD9-4C77-9610-1D45E4AA3BE4}
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt





    Scan With RootKitUnHooker

    • Please choose one link and download Rootkit Unhooker and save it to your desktop.
      Link 1
      Link 2
      Link 3
    • Now double-click on RKUnhookerLE.exe to run it.
    • Click the Report tab, then click Scan.
    • Check (Tick) Drivers and Stealth
    • Uncheck the rest. then click OK
    • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
    • Wait till the scanner has finished and then click File > Save Report.
    • Save the report somewhere where you can find it. Click Close.
    • Copy the entire contents of the report and paste it in your next reply.


    Note** you may get the following warning, just click OK and continue.

    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #16
    Junior Member
    Join Date
    Feb 2011
    Posts
    14

    Default

    My computer started fine with the file in the recycle bin.

    I ran systemlook...

    SystemLook 04.09.10 by jpshortstuff
    Log created at 13:06 on 12/02/2011 by hp
    Administrator - Elevation successful

    No Context: C:\{C85E3D82-CFD9-4C77-9610-1D45E4AA3BE4}

    -= EOF =-

    I ran RootKitUnhooker...

    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows Vista
    Version 6.0.6000
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x8E0CE000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7544832 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 179.91 )
    0x81C00000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
    0x81C00000 PnpManager 3805184 bytes
    0x81C00000 RAW 3805184 bytes
    0x81C00000 WMIxWDM 3805184 bytes
    0x97000000 Win32k 2097152 bytes
    0x97000000 C:\Windows\System32\win32k.sys 2097152 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xA30B5000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110211.033\NAVEX15.SYS 1355776 bytes (Symantec Corporation, AV Engine)
    0x8DEB8000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1343488 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
    0x876F8000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
    0x874FC000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
    0x8EC3C000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
    0x8E900000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1048576 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
    0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
    0x9AD22000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x8EE35000 C:\Windows\System32\drivers\tcpip.sys 872448 bytes (Microsoft Corporation, TCP/IP Driver)
    0x8EF4B000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
    0x8F844000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
    0x8063D000 C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS 671744 bytes (Symantec Corporation, Symantec Extended File Attributes)
    0x8B223000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x9C4B2000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
    0xA187B000 C:\Windows\system32\drivers\NIS\1205000.07D\SRTSP.SYS 544768 bytes (Symantec Corporation, Symantec AutoProtect)
    0x804A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
    0x87459000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x9ED97000 C:\Windows\system32\drivers\HTTP.sys 430080 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x8F907000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
    0x8F965000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110211.002\IDSvix86.sys 372736 bytes (Symantec Corporation, IDS Core Driver)
    0x8F1A8000 C:\Windows\system32\drivers\NIS\1205000.07D\SYMTDIV.SYS 360448 bytes (Symantec Corporation, Network Dispatch Driver)
    0x80700000 C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS 356352 bytes (Symantec Corporation, Symantec Data Store)
    0x8DE2D000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
    0x9EC2C000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
    0x99E20000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0x8040D000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x8F127000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x8022A000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x80788000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
    0x8ED3F000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
    0x8B433000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x8027A000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
    0x8F030000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x9ECB3000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x874C3000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x87423000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x81FA1000 ACPI_HAL 212992 bytes
    0x81FA1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x8E862000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x8F0F5000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x8EDCF000 C:\Windows\system32\drivers\CHDRT32.sys 200704 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
    0x80757000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x8E09E000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
    0xA180D000 C:\Windows\System32\Drivers\RDPWD.SYS 188416 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
    0x8EDA2000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x8E073000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
    0x80609000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x9C9BB000 C:\Windows\system32\DRIVERS\nwifi.sys 176128 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
    0x8E8D6000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
    0x8F182000 C:\Windows\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
    0x8ED7D000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0x876D3000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
    0x8047F000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x8F09A000 C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS 147456 bytes (Symantec Corporation, Iron Driver)
    0x9EC7D000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x8E039000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x8F06B000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
    0x876A1000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x8EC1B000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
    0x8EF2A000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x9ED0A000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0x807E2000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0x9ECEC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x8F013000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
    0x99705000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0x9E20C000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
    0x89C3C000 C:\Windows\System32\Drivers\dump_nvstor32.sys 106496 bytes
    0x807C8000 C:\Windows\system32\DRIVERS\nvstor32.sys 106496 bytes (NVIDIA Corporation, NVIDIAŽ nForce(TM) Sata Performance Driver)
    0x9ED3E000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x8EE1C000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x8B41B000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x8DEA0000 C:\Windows\system32\DRIVERS\sdbus.sys 98304 bytes (Microsoft Corporation, SecureDigital Bus Driver)
    0x8F8F0000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
    0x8E05C000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x8E80B000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xABB2A000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0x8F0DF000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x8EE07000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
    0x9ED2A000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x9B00C000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110211.033\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
    0x8DE7E000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
    0x8F16E000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
    0x8DE08000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
    0x8E026000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x9C9A8000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x8F0BE000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x8DE1B000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x9ECA1000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x876C2000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x806F0000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x89D20000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
    0x99400000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x80465000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
    0x89D60000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
    0x89D30000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0x8B5B5000 C:\Windows\system32\DRIVERS\amdk8.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
    0x806E1000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
    0x880E8000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
    0x87405000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0x87414000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
    0x8B5C4000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x8B5D3000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
    0x8020A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
    0x8B40D000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0x99E10000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
    0x8F0D1000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x8EC01000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x80457000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x8DE92000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
    0x8B208000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x8FF4A000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x8E009000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
    0x8B400000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x8B216000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
    0x8026D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
    0x9C880000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
    0x8EC0F000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0x8B35B000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x8B366000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
    0x8B392000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x8B37C000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x8B39D000 C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)
    0x8841E000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x8B371000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x8B3A8000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
    0x8B350000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x80475000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
    0x8B48E000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
    0x8B498000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x8B470000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x8B4F2000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
    0x8B47A000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x8B4E8000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x89C32000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
    0x8B2C0000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
    0x87698000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
    0x8B2E4000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x8B2C9000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
    0x880F7000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0x802BD000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x80634000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0x8B2F6000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0x99E00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x8B2D2000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8B2DB000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
    0x80221000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x80405000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x802B5000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x802C6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0x88068000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0x80219000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x88038000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x88080000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x88000000 C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys 32768 bytes (SMART Technologies ULC, Mouse Upper Filter Driver)
    0x80601000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x95EB0000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
    0x8847D000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x88453000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0x88476000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x80200000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0x89CA0000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0x89CAC000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
    0x89C84000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
    0x9F294000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
    0x89C9C000 C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys 16384 bytes (SMART Technologies ULC, Driver for SMART Virtual TabletPC HID Device)
    0x80207000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
    0x88501000 C:\Windows\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Company, HP Tablet PC Key Button HID Driver)
    0x8851F000 C:\Windows\system32\DRIVERS\nvsmu.sys 12288 bytes (NVIDIA Corporation, NVIDIAŽ nForce(TM) SMU Microcontroller Driver)
    0x88519000 C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys 12288 bytes (SMART Technologies ULC, Driver for SMART HID Device)
    0x88545000 C:\Windows\system32\DRIVERS\eabfiltr.sys 8192 bytes (Hewlett-Packard Development Company, L.P., QLB PS/2 Keyboard filter driver)
    0x8853D000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x8853B000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    ==============================================
    >Stealth
    ==============================================
    0x009E0000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x83D54B20 ] PID: 4800, 110592 bytes

  7. #17
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Not sure that those entries are about that System Look couldn't find. But I am checking into them

    You need to enable windows to show all files and folders, instructions Here

    Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

    C:\{40C46778-E717-42C0-A28B-681C50168DB0}

    If the site is busy you can try this one
    http://virusscan.jotti.org/en
    Last edited by ken545; 2011-02-12 at 22:55.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #18
    Junior Member
    Join Date
    Feb 2011
    Posts
    14

    Default

    I have my windows files showing...is there something you aren't seeing?

    jotti.org

    'found nothing' with that file

    for virus total I am currently #155

  9. #19
    Junior Member
    Join Date
    Feb 2011
    Posts
    14

    Default

    AhnLab-V3 2011.02.06.00 2011.02.06 -
    AntiVir 7.11.3.53 2011.02.13 -
    Antiy-AVL 2.0.3.7 2011.02.13 -
    Avast 4.8.1351.0 2011.02.13 -
    Avast5 5.0.677.0 2011.02.13 -
    AVG 10.0.0.1190 2011.02.13 -
    BitDefender 7.2 2011.02.13 -
    CAT-QuickHeal 11.00 2011.02.13 -
    ClamAV 0.96.4.0 2011.02.13 -
    Commtouch 5.2.11.5 2011.02.12 -
    Comodo 7676 2011.02.13 -
    DrWeb 5.0.2.03300 2011.02.13 -
    Emsisoft 5.1.0.2 2011.02.13 -
    eSafe 7.0.17.0 2011.02.13 -
    eTrust-Vet 36.1.8154 2011.02.11 -
    F-Prot 4.6.2.117 2011.02.04 -
    F-Secure 9.0.16160.0 2011.02.13 -
    Fortinet 4.2.254.0 2011.02.13 -
    GData 21 2011.02.13 -
    Ikarus T3.1.1.97.0 2011.02.13 -
    Jiangmin 13.0.900 2011.02.13 -
    K7AntiVirus 9.83.3839 2011.02.13 -
    Kaspersky 7.0.0.125 2011.02.13 -
    McAfee 5.400.0.1158 2011.02.13 -
    McAfee-GW-Edition 2010.1C 2011.02.13 -
    Microsoft 1.6502 2011.02.13 -
    NOD32 5871 2011.02.13 -
    Norman 6.07.03 None.. -
    nProtect 2011-01-27.01 2011.02.02 -
    Panda 10.0.3.5 2011.02.13 -
    PCTools 7.0.3.5 2011.02.13 -
    Prevx 3.0 2011.02.13 -
    Rising 23.44.06.06 2011.02.13 -
    Sophos 4.61.0 2011.02.13 -
    SUPERAntiSpyware 4.40.0.1006 2011.02.13 -
    Symantec 20101.3.0.103 2011.02.13 -
    TheHacker 6.7.0.1.130 2011.02.13 -
    TrendMicro 9.200.0.1012 2011.02.13 -
    TrendMicro-HouseCall 9.200.0.1012 2011.02.13 -
    VBA32 3.12.14.3 2011.02.11 -
    VIPRE 8408 2011.02.13 -
    ViRobot 2011.2.12.4307 2011.02.13 -
    VirusBuster 13.6.198.0 2011.02.13 -


    Additional Info

    MD5 : 9bca06ed5456f7bfd5705996d67aad66
    SHA1 : a2f013aed6d5438f0ac4ab0f7edad40290338aa1
    SHA256: 82ea406be2ac84f8daca8f0e1843f298f7f0173ac637cd54852c9582aa580c25
    ssdeep: 48:6lqXkDorWBZXB10+GcDjs5sVDuHk/DtRXCFshNeWxBC7IxrQxT+yeB:KqXkDoqO+GI4sV9/D
    txCyZxBC0xrxyU
    File size : 2288 bytes
    First seen: 2011-02-13 19:42:10
    Last seen : 2011-02-13 19:42:10
    TrID:
    Unknown!
    sigcheck:
    publisher....: n/a
    copyright....: n/a
    product......: n/a
    description..: n/a
    original name: n/a
    internal name: n/a
    file version.: n/a
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned

  10. #20
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Looks like those entries are ok but I really don't know what there related to

    How are things running now ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •