Jump to content

Undetectable Trojan, Malware, Virus.


Recommended Posts

Well over a month ago my laptop was infected. After that I scanned my laptop with COMODO, Malware Bytes Anti Malware,Super anti spyware, and Avira. But they didn't detect anything. So Comodo firewall, shows that my laptop was sending out information to some other computer, also I had some "unknown" .exe, I can't remember the name, also they're were like over 780 svchost.exe running, and system.exe kept doing something like send out or take in info. After that, I used system restore, and so , the problem wasn't fixed. After the trojan or virus, malware or whatever, stopped everything from working, none of the .exe work, nothing. The virus/malware/trojan deleted a bunch of important files and dlls. I used system restore again, but it wasn't successful, the system restore failed near the end. Then, I started up my laptop (I turned it on), and it wouldn't start up, after the screen where it says "Starting Windows" Everything does black, with a mouse cursor still working but nothing shows up, and nothing loads. (I have windows 7 by the way). And so I had to reinstall windows, and here we are. But the malware/virus/trojan is STILL on my laptop. I know because it continues to send out my information to another computer, showing the same symtoms like before. Anyhow, how am I supposed to remove this undetectable, virus/trojan/malware? Please help. Thank you in advance. (I'm in safe mode with networking), Also running,Security Task Manager I found that there was one service, and 2 processors that do not belong to my system.)

OTL Logs:

OTL Extras logfile created on: 1/21/2011 4:38:40 AM - Run 1

OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Nguyen\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 42.00% Memory free

8.00 Gb Paging File | 5.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.29 Gb Total Space | 259.18 Gb Free Space | 90.85% Space Free | Partition Type: NTFS

Drive D: | 12.60 Gb Total Space | 2.10 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: NGUYEN-PC | User Name: Nguyen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java 6 Update 15 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java SE Development Kit 6 Update 15 (64-bit)

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security

"HDMI" = Intel® Graphics Media Accelerator Driver

"LSI Soft Modem" = LSI HDA Modem

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 15

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar

"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing

"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}" = HP Support Assistant

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI

"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software

"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Smart Web Printing" = HP Smart Web Printing

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"NIS" = Norton Internet Security

"SpywareBlaster_is1" = SpywareBlaster 4.4

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ System Events ]

Error - 1/21/2011 4:08:04 AM | Computer Name = Nguyen-PC | Source = Service Control Manager | ID = 7022

Description = The Windows Search service hung on starting.

< End of report >

OTL logfile created on: 1/21/2011 4:38:40 AM - Run 1

OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Nguyen\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 42.00% Memory free

8.00 Gb Paging File | 5.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.29 Gb Total Space | 259.18 Gb Free Space | 90.85% Space Free | Partition Type: NTFS

Drive D: | 12.60 Gb Total Space | 2.10 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: NGUYEN-PC | User Name: Nguyen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/21 04:11:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nguyen\Desktop\OTL.exe

PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2009/10/15 04:40:04 | 000,729,664 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe

PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

PRC - [2009/07/17 22:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe

PRC - [2009/07/16 13:35:18 | 000,130,400 | ---- | M] (Microsoft Corp.) -- c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msntask.exe

PRC - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

PRC - [2009/05/24 22:26:22 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

========== Modules (SafeList) ==========

MOD - [2011/01/21 04:11:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nguyen\Desktop\OTL.exe

MOD - [2010/12/29 01:42:04 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll

MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/17 23:30:48 | 002,466,032 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2009/08/13 15:09:38 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b 87ff64c8b56b7db\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/03/27 21:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)

SRV:64bit: - [2009/03/02 16:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b 87ff64c8b56b7db\AESTSr64.exe -- (AESTFilters)

SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/06 17:36:58 | 000,014,184 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)

DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2009/09/21 21:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/08/29 19:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2009/08/29 19:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2009/08/27 11:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/08/13 15:09:38 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/07/14 18:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/07/10 09:45:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/22 09:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2009/04/06 20:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009/08/29 04:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS -- (NAVEX15)

DRV - [2009/08/29 04:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS -- (NAVENG)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547389768-2243331184-1174209917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE - HKU\S-1-5-21-1547389768-2243331184-1174209917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKU\S-1-5-21-1547389768-2243331184-1174209917-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/06 22:42:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\

FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-1547389768-2243331184-1174209917-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1547389768-2243331184-1174209917-1001..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/21 14:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery

[2011/01/21 14:00:59 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2011/01/21 04:11:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nguyen\Desktop\OTL.exe

[2011/01/21 03:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

[2011/01/21 03:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster

[2011/01/21 03:42:00 | 000,000,000 | ---D | C] -- C:\Users\Nguyen\AppData\Roaming\Malwarebytes

[2011/01/21 03:41:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/01/21 03:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/01/21 03:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/01/21 03:41:46 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/01/21 03:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/01/21 03:34:52 | 000,000,000 | ---D | C] -- C:\Users\Nguyen\AppData\Roaming\SUPERAntiSpyware.com

[2011/01/21 03:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011/01/21 03:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011/01/21 03:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE

[2011/01/21 03:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011/01/21 03:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO

[2011/01/21 03:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2011/01/21 03:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2011/01/21 03:22:01 | 000,000,000 | ---D | C] -- C:\Users\Nguyen\AppData\Roaming\HpUpdate

[2011/01/21 03:19:11 | 000,000,000 | ---D | C] -- C:\Users\Nguyen\AppData\Roaming\Macromedia

[2011/01/21 03:19:10 | 000,000,000 | ---D | C] -- C:\Users\Nguyen\AppData\Roaming\Adobe

[2011/01/21 03:13:35 | 000,000,000 | ---D | C] -- C:\Users\Nguyen\AppData\Roaming\PictureMover

[2011/01/21 03:13:19 | 000,000,000 | R--D | C] -- C:\Users\Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2011/01/21 03:13:19 | 000,000,000 | R--D | C] -- C:\Users\Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2011/01/21 03:13:18 | 000,000,000 | R--D | C] -- C:\Users\Nguyen\Searches

[2011/01/21 03:13:18 | 000,000,000 | -H-D | C] -- C:\Users\Nguyen\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2011/01/21 03:13:12 | 000,000,000 | ---D | C] -- C:\Users\Nguyen\AppData\Roaming\Identities

[2011/01/21 03:13:10 | 000,000,000 | R--D | C] -- C:\Users\Nguyen\Contacts

[2011/01/21 03:13:09 | 000,000,000 | ---D | C] -- C:\Users\Nguyen\AppData\Local\VirtualStore

[2011/01/21 03:12:57 | 000,000,000 | ---D | C] -- C:\Users\Nguyen\AppData\Roaming\hpqlog

[2011/01/21 03:12:40 | 000,000,000 | ---D | C] -- C:\Users\Nguyen\AppData\Local\Hewlett-Packard

[2011/01/21 03:08:10 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2011/01/21 03:08:10 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll

[2011/01/21 03:08:10 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll

[2011/01/21 03:08:10 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll

[2011/01/21 03:07:55 | 000,000,000 | ---D | C] -- C:\Users\Nguyen\AppData\Roaming\Hewlett-Packard

[2011/01/21 03:06:06 | 000,000,000 | --SD | C] -- C:\Users\Nguyen\AppData\Roaming\Microsoft

[2011/01/21 03:06:06 | 000,000,000 | R--D | C] -- C:\Users\Nguyen\Videos

[2011/01/21 03:06:06 | 000,000,000 | R--D | C] -- C:\Users\Nguyen\Saved Games

[2011/01/21 03:06:06 | 000,000,000 | R--D | C] -- C:\Users\Nguyen\Pictures

[2011/01/21 03:06:06 | 000,000,000 | R--D | C] -- C:\Users\Nguyen\Music

[2011/01/21 03:06:06 | 000,000,000 | R--D | C] -- C:\Users\Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2011/01/21 03:06:06 | 000,000,000 | R--D | C] -- C:\Users\Nguyen\Links

[2011/01/21 03:06:06 | 000,000,000 | R--D | C] -- C:\Users\Nguyen\Favorites

[2011/01/21 03:06:06 | 000,000,000 | R--D | C] -- C:\Users\Nguyen\Downloads

[2011/01/21 03:06:06 | 000,000,000 | R--D | C] -- C:\Users\Nguyen\My Documents

[2011/01/21 03:06:06 | 000,000,000 | R--D | C] -- C:\Users\Nguyen\Desktop

[2011/01/21 03:06:06 | 000,000,000 | R--D | C] -- C:\Users\Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\AppData\Local\Temporary Internet Files

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\Templates

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\Start Menu

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\SendTo

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\Recent

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\PrintHood

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\NetHood

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\Documents\My Videos

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\Documents\My Pictures

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\Documents\My Music

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\My Documents

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\Local Settings

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\AppData\Local\History

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\Cookies

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\Application Data

[2011/01/21 03:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Nguyen\AppData\Local\Application Data

[2011/01/21 03:06:06 | 000,000,000 | -H-D | C] -- C:\Users\Nguyen\AppData

[2011/01/21 03:06:06 | 000,000,000 | ---D | C] -- C:\Users\Nguyen\AppData\Local\Temp

[2011/01/21 03:06:06 | 000,000,000 | ---D | C] -- C:\Users\Nguyen\AppData\Local\Microsoft

[2011/01/21 03:06:06 | 000,000,000 | ---D | C] -- C:\Users\Nguyen\AppData\Roaming\Media Center Programs

[2011/01/06 17:36:58 | 000,014,184 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys

[2010/12/29 01:42:04 | 000,285,480 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll

[2010/12/29 01:42:02 | 000,362,784 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll

========== Files - Modified Within 30 Days ==========

[2011/01/21 14:04:20 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2011/01/21 14:04:20 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2011/01/21 04:11:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nguyen\Desktop\OTL.exe

[2011/01/21 03:48:41 | 000,001,007 | ---- | M] () -- C:\Users\Nguyen\Desktop\SpywareBlaster.lnk

[2011/01/21 03:41:51 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/01/21 03:36:57 | 000,094,352 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat

[2011/01/21 03:34:38 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/01/21 03:34:38 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/01/21 03:34:24 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/01/21 03:33:05 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/01/21 03:33:05 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/01/21 03:33:05 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/01/21 03:27:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/01/21 03:27:01 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys

[2011/01/21 03:25:03 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2011/01/21 03:18:53 | 000,001,441 | ---- | M] () -- C:\Users\Nguyen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/01/06 17:36:58 | 000,014,184 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys

[2010/12/29 01:42:04 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll

[2010/12/29 01:42:02 | 000,362,784 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll

========== Files Created - No Company Name ==========

[2011/01/21 14:00:52 | 3144,880,128 | -HS- | C] () -- C:\hiberfil.sys

[2011/01/21 03:48:41 | 000,001,007 | ---- | C] () -- C:\Users\Nguyen\Desktop\SpywareBlaster.lnk

[2011/01/21 03:41:51 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/01/21 03:34:24 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/01/21 03:26:57 | 000,094,352 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat

[2011/01/21 03:25:03 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2011/01/21 03:18:53 | 000,001,441 | ---- | C] () -- C:\Users\Nguyen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/01/21 03:13:43 | 000,000,000 | ---- | C] () -- C:\Users\Nguyen\AppData\Local\QSwitch.txt

[2011/01/21 03:13:43 | 000,000,000 | ---- | C] () -- C:\Users\Nguyen\AppData\Local\DSwitch.txt

[2011/01/21 03:13:43 | 000,000,000 | ---- | C] () -- C:\Users\Nguyen\AppData\Local\AtStart.txt

[2011/01/21 03:13:41 | 000,000,648 | ---- | C] () -- C:\ProgramData\HPWALog.txt

[2011/01/21 03:07:46 | 000,002,268 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk

[2011/01/21 03:06:06 | 000,000,290 | ---- | C] () -- C:\Users\Nguyen\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2011/01/21 03:06:06 | 000,000,272 | ---- | C] () -- C:\Users\Nguyen\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2009/11/06 22:31:20 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log

[2009/11/06 22:26:24 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

[2009/11/06 22:24:59 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

[2009/11/06 22:24:15 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

[2009/10/15 04:35:47 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

[2009/10/15 04:35:42 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log

[2009/10/15 04:35:31 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log

[2009/10/15 04:35:14 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log

[2009/10/15 04:34:38 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log

[2009/10/15 04:21:02 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini

[2009/10/15 04:21:02 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

Malware Bytes Anti Malware Log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5566

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/21/2011 3:54:13 AM

mbam-log-2011-01-21 (03-54-13).txt

Scan type: Quick scan

Objects scanned: 154827

Time elapsed: 11 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Glad we could help. :blink:

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.