Jump to content

brightjoy2

Members
  • Posts

    15
  • Joined

  • Last visited

Everything posted by brightjoy2

  1. It seems like it is all good to go. Got to reset a anti-virus program back though, should I go back to the Avira Anti-virus?. Do I do anything about those hidden files that I had to uncover, or just leave them as it is? I suppose the rest of those text files can go too? I really need to clean it up, having too much junk stored in there instead of my external hard disk. Thanks alot for all the efforts and time taken. I really appreciate that you took all the time and patience. Thanks
  2. 2012/05/19 19:27:28 -0800 STOLL MESSAGE Starting protection 2012/05/19 19:27:36 -0800 STOLL MESSAGE Protection started successfully 2012/05/19 19:27:39 -0800 STOLL MESSAGE Executing scheduled update: Daily 2012/05/19 19:27:39 -0800 STOLL MESSAGE Starting IP protection 2012/05/19 19:27:56 -0800 STOLL MESSAGE Scheduled update executed successfully: database updated from version v2012.05.18.08 to version v2012.05.20.01 2012/05/19 19:29:16 -0800 STOLL Jeff MESSAGE IP Protection started successfully 2012/05/19 19:29:16 -0800 STOLL Jeff MESSAGE Starting database refresh 2012/05/19 19:29:16 -0800 STOLL Jeff MESSAGE Stopping IP protection 2012/05/19 19:29:17 -0800 STOLL Jeff MESSAGE IP Protection stopped 2012/05/19 19:29:27 -0800 STOLL Jeff MESSAGE Database refreshed successfully 2012/05/19 19:29:27 -0800 STOLL Jeff MESSAGE Starting IP protection 2012/05/19 19:29:37 -0800 STOLL Jeff MESSAGE IP Protection started successfully 2012/05/19 20:29:32 -0800 STOLL Jeff MESSAGE Executing scheduled update: Daily 2012/05/19 20:29:34 -0800 STOLL Jeff MESSAGE Database already up-to-date The Eset scan came out clean with no threats, there wasn't a log that I can copy like a list of threats. And the Malware report is also clean.
  3. 15.15641 - http://www.gmer.net Rootkit scan 2012-05-18 17:58:36 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000007b ST9100824AS rev.7.24 Running: zizmd605.exe; Driver: C:\DOCUME~1\Jeff\LOCALS~1\Temp\pxtdypob.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \FileSystem\Cdfs \Cdfs F6639400 ---- EOF - GMER 1.0.15 ----
  4. The GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-17 19:52:22 Windows 5.1.2600 Service Pack 3 Running: qx4x3rwb.exe; Driver: C:\DOCUME~1\Jeff\LOCALS~1\Temp\pxtdypod.sys ---- Modules - GMER 1.0.15 ---- Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F798D000-F798F000 (8192 bytes) Module aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) F798F000-F7991000 (8192 bytes) Module nvata.sys (NVIDIA® nForce IDE Performance Driver/NVIDIA Corporation) F7393000-F73AC000 (102400 bytes) Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F7717000-F771C000 (20480 bytes) Module \SystemRoot\system32\DRIVERS\cpqbttn.sys (HP Tablet PC Key Button HID Driver/Hewlett-Packard Development Company, L.P.) F7923000-F7926000 (12288 bytes) Module \SystemRoot\system32\DRIVERS\nvsmu.sys (NVIDIA® nForce SMU Microcontroller Driver/NVIDIA Corporation) F7933000-F7936000 (12288 bytes) Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) F71BF000-F71E7000 (163840 bytes) Module \SystemRoot\system32\DRIVERS\nvnetbus.sys (NVIDIA Networking Bus Driver./NVIDIA Corporation) F795B000-F795F000 (16384 bytes) Module \SystemRoot\system32\DRIVERS\NVNRM.SYS (NVIDIA Network Resource Manager./NVIDIA Corporation) F7174000-F71BF000 (307200 bytes) Module \SystemRoot\system32\DRIVERS\NVSNPU.SYS (NVIDIA Networking Soft-NPU Driver./NVIDIA Corporation) F713D000-F7174000 (225280 bytes) Module \SystemRoot\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) F710D000-F713D000 (196608 bytes) Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F777F000-F7784000 (20480 bytes) Module \SystemRoot\system32\DRIVERS\NVENETFD.sys (NVIDIA Networking Function Driver./NVIDIA Corporation) F75C7000-F75D0000 (36864 bytes) Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BF012000-BF059000 (290816 bytes) Module \??\C:\DOCUME~1\Jeff\LOCALS~1\Temp\catchme.sys F780F000-F7817000 (32768 bytes) Module \??\C:\DOCUME~1\Jeff\LOCALS~1\Temp\pxtdypod.sys (GMER) F6498000-F64B1000 (102400 bytes) ---- Processes - GMER 1.0.15 ---- Process C:\WINDOWS\explorer.exe (Windows Explorer/Microsoft Corporation) 248 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x10000000 Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 560 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Process C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 584 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Library C:\WINDOWS\system32\ackpbsc.dll (ackpbsc/ActivIdentity) 0x10000000 Library C:\WINDOWS\system32\aclog.dll (ActivIdentity Log API/ActivIdentity) 0x00FA0000 Library C:\WINDOWS\system32\ACLIBEAY.dll (OpenSSL Shared Library/ActivIdentity) 0x01090000 Library C:\WINDOWS\system32\acevtsub.dll (ActivIdentity Event Subscriber DLL/ActivIdentity) 0x01180000 Library C:\WINDOWS\system32\asphat32.dll (asphat32/ActivIdentity) 0x011B0000 Library C:\WINDOWS\system32\acerrmes.dll (acerrmes DLL/ActivIdentity) 0x01210000 Library C:\WINDOWS\system32\aspcom.dll (ASPCOM API/ActivIdentity) 0x01230000 Library C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll (acerrmes DLL/ActivIdentity) 0x01270000 Library C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll (asphat32/ActivIdentity) 0x013D0000 Library C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (acunlock DLL/ActivIdentity) 0x01C80000 Library C:\WINDOWS\system32\aipingui.dll (Common Application GUI resources/ActivIdentity) 0x01CE0000 Library C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll (Common Application GUI resources/ActivIdentity) 0x01D30000 Library C:\Program Files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll (acCobAPI resources DLL/ActivIdentity) 0x01DB0000 Library C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll (acunlock DLL/ActivIdentity) 0x01E10000 Process C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) 628 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 640 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 800 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 872 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1040 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1052 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Process C:\Program Files\internet explorer\iexplore.exe (Internet Explorer/Microsoft Corporation) 1092 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Process C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 1132 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1168 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Process C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity Event Service/ActivIdentity) 1252 Library C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity Event Service/ActivIdentity) 0x00400000 Library C:\WINDOWS\system32\aclog.dll (ActivIdentity Log API/ActivIdentity) 0x10000000 Library C:\WINDOWS\system32\asphat32.dll (asphat32/ActivIdentity) 0x00350000 Library C:\WINDOWS\system32\ackpbsc.dll (ackpbsc/ActivIdentity) 0x003C0000 Library C:\WINDOWS\system32\ACLIBEAY.dll (OpenSSL Shared Library/ActivIdentity) 0x00420000 Library C:\WINDOWS\system32\acerrmes.dll (acerrmes DLL/ActivIdentity) 0x004D0000 Library C:\WINDOWS\system32\acevtsub.dll (ActivIdentity Event Subscriber DLL/ActivIdentity) 0x004F0000 Library C:\WINDOWS\system32\aspcom.dll (ASPCOM API/ActivIdentity) 0x00520000 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Library C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll (acerrmes DLL/ActivIdentity) 0x008C0000 Library C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll (asphat32/ActivIdentity) 0x00920000 Process C:\Documents and Settings\Jeff\Desktop\qx4x3rwb.exe 1268 Library C:\Documents and Settings\Jeff\Desktop\qx4x3rwb.exe 0x00400000 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Process C:\Program Files\internet explorer\iexplore.exe (Internet Explorer/Microsoft Corporation) 1816 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000 Library C:\WINDOWS\system32\Macromed\Flash\Flash32_11_2_202_235.ocx (Adobe Flash Player 11.2 r202/Adobe Systems, Inc.) 0x10000000 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\TEMP\006242~1.EXE [AUTO] 0062421329956074mcinstcleanup Service C:\WINDOWS\System32\Drivers\5U870CAP.sys (Ricoh USB Camera driver/Ricoh) [MANUAL] 5U870CAP_VID_1262&PID_25FD Service C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity Cache Server/ActivIdentity) [AUTO] accoca Service C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Add Filter For Usb/Hewlett-Packard Development Company, L.P.) [MANUAL] AddFiltr Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 11.2 r202/Adobe Systems Incorporated) [MANUAL] AdobeFlashPlayerUpdateSvc Service C:\WINDOWS\system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [bOOT] AliIde Service C:\WINDOWS\system32\DRIVERS\amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) [DISABLED] amdagp Service C:\WINDOWS\system32\DRIVERS\AmdK8.sys (AMD Processor Driver/Advanced Micro Devices) [sYSTEM] AmdK8 Service C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService Service C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService Service C:\WINDOWS\system32\DRIVERS\asc.sys (AdvanSys SCSI Controller Driver/Advanced System Products, Inc.) [DISABLED] asc Service C:\WINDOWS\system32\DRIVERS\asc3550.sys (AdvanSys Ultra-Wide PCI SCSI Driver/Advanced System Products, Inc.) [DISABLED] asc3550 Service C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [sYSTEM] avgio Service C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt Service C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for Security Enhancement/Avira GmbH) [sYSTEM] avipbb Service C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom 802.11 Network Adapter wireless driver/Broadcom Corporation) [MANUAL] BCM43XX Service C:\WINDOWS\System32\Drivers\btwusb.sys (Driver for Bluetooth USB Devices/Broadcom Corporation.) [MANUAL] BTWUSB Service C:\DOCUME~1\Jeff\LOCALS~1\Temp\catchme.sys [MANUAL] catchme Service C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [DISABLED] CmdIde Service C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Disk Array Controller Driver/Mylex Corporation) [DISABLED] dac2w2k Service C:\WINDOWS\system32\DRIVERS\eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) [sYSTEM] eabfiltr Service C:\WINDOWS\system32\DRIVERS\eabusb.sys (QLB USB Keyboard filter driver/Hewlett-Packard Development Company, L.P.) [MANUAL] eabusb Service C:\WINDOWS\system32\DRIVERS\cpqbttn.sys (HP Tablet PC Key Button HID Driver/Hewlett-Packard Development Company, L.P.) [MANUAL] HBtnKey Service C:\WINDOWS\system32\drivers\CHDAud.sys (High Definition Audio Function Driver/Conexant Systems Inc.) [MANUAL] HdAudAddService Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) [MANUAL] HDAudBus Service C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (hpqwmiex Module/Hewlett-Packard Development Company, L.P.) [AUTO] hpqwmiex Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412 Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12 Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12 Service C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.) [MANUAL] HSFHWAZL Service C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DPV Service C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver/Intel Corporation) [DISABLED] iaStor Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT Service C:\Program Files\Java\jre6\bin\jqs.exe (Java Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService Service C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) [AUTO] LightScribeService Service C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMProtector Service C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation) [AUTO] MBAMService Service c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe (SiteAdvisor/McAfee, Inc.) [AUTO] McAfee SiteAdvisor Service Service C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant) [AUTO] mdmxsdk Service C:\DOCUME~1\Jeff\LOCALS~1\Temp\MOBCleanup.exe [AUTO] MOBCleanup Service C:\WINDOWS\system32\DRIVERS\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Whistler 32/American Megatrends Inc.) [DISABLED] mraid35x Service MSDTC Bridge 3.0.0.0 Service C:\WINDOWS\system32\mqtgsvc.exe (Windows NT MSMQ Trigger Service/Microsoft Corporation) [AUTO] MSMQTriggers Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 86.19 /NVIDIA Corporation) [MANUAL] nv Service C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA® nForce IDE Performance Driver/NVIDIA Corporation) [bOOT] nvata Service C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Networking Function Driver./NVIDIA Corporation) [MANUAL] NVENETFD Service C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Networking Bus Driver./NVIDIA Corporation) [MANUAL] nvnetbus Service C:\WINDOWS\system32\DRIVERS\nvsmu.sys (NVIDIA® nForce SMU Microcontroller Driver/NVIDIA Corporation) [MANUAL] nvsmu Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 86.19/NVIDIA Corporation) [AUTO] NVSvc Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [bOOT] PxHelp20 Service C:\WINDOWS\system32\DRIVERS\ql1080.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql1080 Service C:\WINDOWS\system32\DRIVERS\ql12160.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql12160 Service C:\WINDOWS\system32\DRIVERS\ql1280.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (RICOH MMC Driver/REDC) [MANUAL] rimmptsk Service C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (RICOH MS Driver/REDC) [MANUAL] rimsptsk Service C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (RICOH XD SM Driver/REDC) [MANUAL] rismxdp Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek RTL8139 NDIS 5.0 Driver/Realtek Semiconductor Corporation) [MANUAL] rtl8139 Service C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys (PC-SC CCID Driver for SCR3xx USB Smart Card Reader/SCM Microsystems Inc.) [MANUAL] SCR3XX2K Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv Service ServiceModelEndpoint 3.0.0.0 Service ServiceModelOperation 3.0.0.0 Service ServiceModelService 3.0.0.0 Service C:\WINDOWS\system32\DRIVERS\sisagp.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) [DISABLED] sisagp Service SMSvcHost 3.0.0.0 Service C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec AIC-6x60 series SCSI miniport/Adaptec, Inc.) [DISABLED] Sparrow Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [sYSTEM] ssmdrv Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip Service C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc. SCSI Miniport Driver/Symbios Logic Inc.) [DISABLED] symc810 Service C:\WINDOWS\system32\DRIVERS\symc8xx.sys (Symbios 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] symc8xx Service C:\WINDOWS\system32\DRIVERS\sym_hi.sys (Symbios Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] sym_hi Service C:\WINDOWS\system32\DRIVERS\sym_u3.sys (Symbios Ultra3 SCSI Miniport Driver/LSI Logic) [DISABLED] sym_u3 Service C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) [MANUAL] SynTP Service C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Windows Service for TomTom HOME/TomTom) [AUTO] TomTomHOMEService Service system32\DRIVERS\UIUSYS.SYS [MANUAL] UIUSys Service C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Ultra66 Miniport Driver/Promise Technology, Inc.) [DISABLED] ultra Service C:\WINDOWS\System32\Drivers\usbvm326.sys (Vc0326 Video Driver For Serome/Vimicro Corporation) [MANUAL] usbvm328 Service C:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [bOOT] ViaIde Service C:\WINDOWS\system32\drivers\vmfilter323.sys (VC326, Serome, 640* 480, all format/Vimicro Corporation) [MANUAL] vmfilter323 Service C:\Program Files\Vongo\VongoService.exe (Vongo Download Manager/Starz Entertainment Group LLC) [AUTO] Vongo Service Service C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf Service Windows Workflow Foundation 3.0.0.0 ---- EOF - GMER 1.0.15 ---- new GMER scan log
  5. ComboFix 12-05-17.08 - Jeff 05/17/2012 19:35:25.2.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1729 [GMT -8:00] Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Jeff\Desktop\Data_Recovery.lnk . . ((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 ))))))))))))))))))))))))))))))) . . 2012-05-17 05:20 . 2012-05-17 05:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2012-05-14 16:44 . 2012-05-14 16:44 -------- d-----w- c:\documents and settings\Jeff\Application Data\Malwarebytes 2012-05-14 16:44 . 2012-05-14 16:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-14 16:44 . 2012-05-14 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-05-14 16:44 . 2012-04-04 23:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-30 17:33 . 2012-05-11 00:18 -------- d-----w- c:\program files\Microsoft Silverlight 2012-04-23 17:24 . 2012-04-23 17:24 -------- d-----w- c:\program files\PureEdge1 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 00:10 . 2012-04-05 23:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 00:10 . 2012-04-05 23:58 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-11 13:14 . 2006-03-16 04:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12 . 2006-03-16 04:00 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 12:35 . 2006-03-16 04:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-01 11:01 . 2006-03-16 04:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01 . 2006-03-16 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01 . 2006-03-16 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2006-03-16 04:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2006-03-16 04:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2006-03-16 04:00 385024 ----a-w- c:\windows\system32\html.iec 2001-06-20 21:19 . 2001-06-19 21:34 40960 ----a-w- c:\program files\ACMonitor_X83.exe 2012-01-29 15:55 . 2012-02-08 03:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] 2012-02-10 19:28 1307928 ----a-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-27 15026056] "Device Detection"="c:\program files\FUJIFILM\MyFinePix Studio\dd.exe" [2011-06-07 404664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-11 149280] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016] "nwiz"="nwiz.exe" [2006-08-18 1617920] "MsmqIntCert"="mqrt.dll" [2009-06-25 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728] . c:\documents and settings\Jeff\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] 2007-05-15 20:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] 2007-05-15 20:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= . S2 0062421329956074mcinstcleanup;McAfee Application Installer Cleanup (0062421329956074);c:\windows\TEMP\006242~1.EXE -cleanup -nolog --> c:\windows\TEMP\006242~1.EXE -cleanup -nolog [?] S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 12:08 PM 182576] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/20/2010 8:13 PM 136360] S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2/10/2012 11:28 AM 193816] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/14/2012 8:44 AM 654408] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [12/3/2009 1:37 PM 95200] S2 MOBCleanup;MOBCleanup;"c:\docume~1\Jeff\LOCALS~1\Temp\MOBCleanup.exe" --> c:\docume~1\Jeff\LOCALS~1\Temp\MOBCleanup.exe [?] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [12/10/2010 4:29 AM 92008] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 12:39 PM 61952] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 3:58 PM 257696] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2/10/2012 11:28 AM 240408] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/14/2012 8:44 AM 22344] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000] S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [1/6/2010 7:19 PM 57856] S3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [2/14/2011 1:40 PM 219648] S3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [2/14/2011 1:40 PM 475264] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MDMXSDK . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:10] . 2012-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 Trusted Zone: ahrn.com\www Trusted Zone: ahrn.com\www* Trusted Zone: chase.com Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 209.165.131.12 209.165.131.13 0.0.0.0 FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\wifw4z5k.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-17 19:43 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????Q??????Y?@?????<?@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(584) c:\windows\system32\ackpbsc.dll c:\windows\system32\aclog.dll c:\windows\system32\ACLIBEAY.dll c:\windows\system32\acevtsub.dll c:\windows\system32\asphat32.dll c:\windows\system32\acerrmes.dll c:\windows\system32\aspcom.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll c:\program files\ActivIdentity\ActivClient\acunlock.dll c:\windows\system32\aipingui.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll . Completion time: 2012-05-17 19:45:08 ComboFix-quarantined-files.txt 2012-05-18 03:45 ComboFix2.txt 2012-05-16 01:30 . Pre-Run: 24,524,951,552 bytes free Post-Run: 24,508,145,664 bytes free . - - End Of File - - 1221430E0B002328A8FCAAFDC9C18421
  6. GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-16 22:48:46 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000007e rev. Running: qx4x3rwb.exe; Driver: C:\DOCUME~1\Jeff\LOCALS~1\Temp\pxtdypob.sys ---- System - GMER 1.0.15 ---- SSDT EE6B468C ZwClose SSDT EE6B4646 ZwCreateKey SSDT EE6B4696 ZwCreateSection SSDT EE6B463C ZwCreateThread SSDT EE6B464B ZwDeleteKey SSDT EE6B4655 ZwDeleteValueKey SSDT EE6B4687 ZwDuplicateObject SSDT EE6B465A ZwLoadKey SSDT EE6B4628 ZwOpenProcess SSDT EE6B462D ZwOpenThread SSDT EE6B4664 ZwReplaceKey SSDT EE6B465F ZwRestoreKey SSDT EE6B469B ZwSetContextThread SSDT EE6B4650 ZwSetValueKey SSDT EE6B4637 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6105360, 0x225D9D, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3208] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3208] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\internet explorer\iexplore.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- EOF - GMER 1.0.15 ----
  7. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000001c Kernel Drivers (total 140): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E5000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF7358000 ACPI.sys 0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7347000 pci.sys 0xF7487000 isapnp.sys 0xF7497000 ohci1394.sys 0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF789B000 compbatt.sys 0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF798B000 intelide.sys 0xF798D000 viaide.sys 0xF798F000 aliide.sys 0xF7329000 pcmcia.sys 0xF74B7000 MountMgr.sys 0xF730A000 ftdisk.sys 0xF7991000 dmload.sys 0xF72E4000 dmio.sys 0xF78A3000 ACPIEC.sys 0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xF770F000 PartMgr.sys 0xF74C7000 VolSnap.sys 0xF72CC000 atapi.sys 0xF72B3000 nvata.sys 0xF74D7000 disk.sys 0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7293000 fltmgr.sys 0xF7281000 sr.sys 0xF7717000 PxHelp20.sys 0xF726A000 KSecDD.sys 0xF71DD000 Ntfs.sys 0xF71B0000 NDIS.sys 0xF74F7000 Serial.sys 0xF7196000 Mup.sys 0xF7697000 \SystemRoot\system32\DRIVERS\AmdK8.sys 0xF7152000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF714E000 \SystemRoot\system32\DRIVERS\cpqbttn.sys 0xF76A7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF780F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF6B50000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0xF6707000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xF66F3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF6B3C000 \SystemRoot\system32\DRIVERS\nvsmu.sys 0xF7817000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xF66CF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF781F000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF7537000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF76B7000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF76C7000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF66AC000 \SystemRoot\system32\DRIVERS\ks.sys 0xF6684000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF6B34000 \SystemRoot\system32\DRIVERS\nvnetbus.sys 0xF6639000 \SystemRoot\system32\DRIVERS\NVNRM.SYS 0xF6602000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS 0xF76D7000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF7827000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF65D2000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xF79CB000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF782F000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7ABD000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF76E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF6B30000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF65BB000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF76F7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF7507000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7837000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF65AA000 \SystemRoot\system32\DRIVERS\psched.sys 0xF7517000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF783F000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF7847000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF6552000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF7527000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF79CD000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF64F4000 \SystemRoot\system32\DRIVERS\update.sys 0xF793F000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF794B000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF7557000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF6B0C000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF6AFC000 \SystemRoot\system32\DRIVERS\NVENETFD.sys 0xF2E29000 \SystemRoot\system32\drivers\CHDAud.sys 0xF2E05000 \SystemRoot\system32\drivers\portcls.sys 0xF7677000 \SystemRoot\system32\drivers\drmk.sys 0xF2DD2000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys 0xF2CE0000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys 0xF2C2E000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xF77A7000 \SystemRoot\System32\Drivers\Modem.SYS 0xF3AFE000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xF7A4D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xEFA2D000 \SystemRoot\System32\Drivers\Null.SYS 0xF7993000 \SystemRoot\System32\Drivers\Beep.SYS 0xF11E2000 \SystemRoot\System32\drivers\vga.sys 0xF7995000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7997000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF11DA000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF11D2000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF3AFA000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xEC903000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xEC8AA000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xEC882000 \SystemRoot\system32\DRIVERS\netbt.sys 0xEC85C000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF2ED6000 \SystemRoot\System32\drivers\ws2ifsl.sys 0xF0D59000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xEC83A000 \SystemRoot\System32\drivers\afd.sys 0xF0D49000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF79A3000 \SystemRoot\system32\DRIVERS\eabfiltr.sys 0xF11CA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xEC80F000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xEC79F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF0012000 \SystemRoot\System32\Drivers\Fips.SYS 0xEC778000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xF7A2F000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0xEC754000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xEC73B000 \SystemRoot\System32\Drivers\dump_nvata.sys 0xF7A45000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF0026000 \SystemRoot\System32\drivers\Dxapi.sys 0xEF181000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7B74000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xBF3E0000 \SystemRoot\System32\ATMFD.DLL 0xBA5E9000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xEB00E000 \??\C:\WINDOWS\system32\drivers\mbam.sys 0xEE9B6000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB9D6C000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xB9D2F000 \SystemRoot\system32\drivers\wdmaud.sys 0xF00A3000 \SystemRoot\system32\drivers\sysaudio.sys 0xB9B29000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB8F48000 \SystemRoot\System32\Drivers\HTTP.sys 0xB8E00000 \SystemRoot\system32\DRIVERS\srv.sys 0xB8DC8000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xB8C09000 \??\C:\WINDOWS\system32\drivers\mqac.sys 0xB8B0F000 \??\C:\WINDOWS\system32\drivers\RMCast.sys 0xB7A8A000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys 0xB741D000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 78): 0 System Idle Process 4 System 596 C:\WINDOWS\system32\smss.exe 644 csrss.exe 672 C:\WINDOWS\system32\winlogon.exe 716 C:\WINDOWS\system32\services.exe 728 C:\WINDOWS\system32\lsass.exe 916 C:\WINDOWS\system32\svchost.exe 964 svchost.exe 1060 C:\WINDOWS\system32\svchost.exe 1184 svchost.exe 1260 svchost.exe 1392 C:\WINDOWS\system32\spoolsv.exe 1476 acevents.exe 1484 scardsvr.exe 1504 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1656 svchost.exe 1872 C:\WINDOWS\explorer.exe 2016 C:\WINDOWS\ehome\ehtray.exe 2044 C:\Program Files\Java\jre6\bin\jusched.exe 272 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 288 C:\Program Files\HP\QuickPlay\QPService.exe 328 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 348 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 360 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 548 C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe 400 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 580 C:\Program Files\QuickTime\QTTask.exe 588 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 612 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe 624 C:\Program Files\Skype\Phone\Skype.exe 1008 C:\Program Files\ActivIdentity\ActivClient\acevents.exe 1024 C:\WINDOWS\system32\ctfmon.exe 1428 C:\Program Files\ActivIdentity\ActivClient\acsagent.exe 1572 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 1396 C:\Program Files\Vongo\Tray.exe 1720 msdtc.exe 1192 C:\Program Files\ActivIdentity\ActivClient\accoca.exe 1972 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1980 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe 2012 C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE 2080 C:\WINDOWS\ehome\ehrecvr.exe 2104 C:\WINDOWS\ehome\ehSched.exe 2152 C:\WINDOWS\system32\svchost.exe 2216 C:\Program Files\Java\jre6\bin\jqs.exe 2256 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2428 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 2828 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 2852 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe 2928 C:\WINDOWS\system32\svchost.exe 2948 C:\WINDOWS\system32\nvsvc32.exe 2964 C:\WINDOWS\system32\svchost.exe 3096 svchost.exe 3288 C:\WINDOWS\system32\svchost.exe 3496 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 3792 C:\Program Files\Vongo\VongoService.exe 3840 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 2748 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 3452 mcrdsvc.exe 3716 C:\WINDOWS\system32\mqsvc.exe 416 C:\WINDOWS\system32\wuauclt.exe 3532 C:\WINDOWS\system32\mqtgsvc.exe 3556 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 3832 C:\Program Files\Internet Explorer\iexplore.exe 3580 C:\WINDOWS\system32\rundll32.exe 2472 wmiprvse.exe 3592 C:\WINDOWS\system32\dllhost.exe 2940 C:\WINDOWS\system32\wbem\wmiapsrv.exe 404 alg.exe 2772 C:\WINDOWS\system32\svchost.exe 2320 C:\Program Files\Internet Explorer\iexplore.exe 1748 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe 512 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 1688 C:\WINDOWS\ehome\ehmsas.exe 480 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 5400 C:\Program Files\Internet Explorer\iexplore.exe 3480 C:\WINDOWS\system32\wscntfy.exe 4420 C:\Documents and Settings\Jeff\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`26913400 (FAT32) PhysicalDrive0 Model Number: ST9100824AS, Rev: 7.24 Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: F19F100B4DC860880BDC331CC9D56B1C13F605D5 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done!
  8. This is after running the combofix, thanks 7:37:53.0375 1776 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 17:37:53.0968 1776 ============================================================ 17:37:53.0968 1776 Current date / time: 2012/05/15 17:37:53.0968 17:37:53.0968 1776 SystemInfo: 17:37:53.0968 1776 17:37:53.0968 1776 OS Version: 5.1.2600 ServicePack: 3.0 17:37:53.0968 1776 Product type: Workstation 17:37:53.0968 1776 ComputerName: STOLL 17:37:53.0968 1776 UserName: Jeff 17:37:53.0968 1776 Windows directory: C:\WINDOWS 17:37:53.0968 1776 System windows directory: C:\WINDOWS 17:37:53.0968 1776 Processor architecture: Intel x86 17:37:53.0968 1776 Number of processors: 2 17:37:53.0968 1776 Page size: 0x1000 17:37:53.0968 1776 Boot type: Normal boot 17:37:53.0968 1776 ============================================================ 17:37:55.0187 1776 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 17:37:55.0187 1776 ============================================================ 17:37:55.0187 1776 \Device\Harddisk0\DR0: 17:37:55.0187 1776 MBR partitions: 17:37:55.0187 1776 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA13099A 17:37:55.0187 1776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0xA13489A, BlocksNum 0x171A8E4 17:37:55.0187 1776 ============================================================ 17:37:55.0265 1776 C: <-> \Device\Harddisk0\DR0\Partition0 17:37:55.0296 1776 D: <-> \Device\Harddisk0\DR0\Partition1 17:37:55.0296 1776 ============================================================ 17:37:55.0296 1776 Initialize success 17:37:55.0296 1776 ============================================================ 17:38:03.0796 3128 Deinitialize success
  9. ComboFix 12-05-15.04 - Jeff 05/15/2012 17:12:37.1.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1715 [GMT -8:00] Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\883o8ZUhSyoNka c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\J\GoToAssistDownloadHelper.exe c:\documents and settings\J\WINDOWS c:\documents and settings\Jeff\WINDOWS c:\windows\system32\system D:\Autorun.inf . Infected copy of c:\windows\system32\Version.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\version.dll . . ((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 ))))))))))))))))))))))))))))))) . . 2012-05-14 16:44 . 2012-05-14 16:44 -------- d-----w- c:\documents and settings\Jeff\Application Data\Malwarebytes 2012-05-14 16:44 . 2012-05-14 16:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-14 16:44 . 2012-05-14 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-05-14 16:44 . 2012-04-04 23:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-30 17:33 . 2012-05-11 00:18 -------- d--h--w- c:\program files\Microsoft Silverlight 2012-04-23 17:24 . 2012-04-23 17:24 -------- d--h--w- c:\program files\PureEdge1 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 00:10 . 2012-04-05 23:58 70304 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 00:10 . 2012-04-05 23:58 419488 ---ha-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-11 13:14 . 2006-03-16 04:00 2148352 ---ha-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12 . 2006-03-16 04:00 1862272 ---ha-w- c:\windows\system32\win32k.sys 2012-04-11 12:35 . 2006-03-16 04:00 2026496 ---ha-w- c:\windows\system32\ntkrnlpa.exe 2012-03-01 11:01 . 2006-03-16 04:00 916992 ---ha-w- c:\windows\system32\wininet.dll 2012-03-01 11:01 . 2006-03-16 04:00 43520 ---ha-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01 . 2006-03-16 04:00 1469440 ---h--w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2006-03-16 04:00 177664 ---ha-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2006-03-16 04:00 148480 ---ha-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2006-03-16 04:00 385024 ---ha-w- c:\windows\system32\html.iec 2001-06-20 21:19 . 2001-06-19 21:34 40960 ---ha-w- c:\program files\ACMonitor_X83.exe 2012-01-29 15:55 . 2012-02-08 03:15 134104 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] 2012-02-10 19:28 1307928 ---ha-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-27 15026056] "Device Detection"="c:\program files\FUJIFILM\MyFinePix Studio\dd.exe" [2011-06-07 404664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-11 149280] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016] "nwiz"="nwiz.exe" [2006-08-18 1617920] "MsmqIntCert"="mqrt.dll" [2009-06-25 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728] . c:\documents and settings\Jeff\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] 2007-05-15 20:08 112640 ---ha-w- c:\windows\system32\ackpbsc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] 2007-05-15 20:08 281088 ---ha-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= . R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 12:08 PM 182576] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/20/2010 8:13 PM 136360] R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2/10/2012 11:28 AM 193816] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/14/2012 8:44 AM 654408] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [12/3/2009 1:37 PM 95200] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [12/10/2010 4:29 AM 92008] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/14/2012 8:44 AM 22344] S2 0062421329956074mcinstcleanup;McAfee Application Installer Cleanup (0062421329956074);c:\windows\TEMP\006242~1.EXE -cleanup -nolog --> c:\windows\TEMP\006242~1.EXE -cleanup -nolog [?] S2 MOBCleanup;MOBCleanup;"c:\docume~1\Jeff\LOCALS~1\Temp\MOBCleanup.exe" --> c:\docume~1\Jeff\LOCALS~1\Temp\MOBCleanup.exe [?] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 12:39 PM 61952] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 3:58 PM 257696] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2/10/2012 11:28 AM 240408] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000] S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [1/6/2010 7:19 PM 57856] S3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [2/14/2011 1:40 PM 219648] S3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [2/14/2011 1:40 PM 475264] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:10] . 2012-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 Trusted Zone: ahrn.com\www Trusted Zone: ahrn.com\www* Trusted Zone: chase.com Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 209.165.131.12 209.165.131.13 0.0.0.0 FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\wifw4z5k.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= . - - - - ORPHANS REMOVED - - - - . HKLM-Run-hpqSRMon - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-15 17:22 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????Q??????Y?@?????<?@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(676) c:\windows\system32\ackpbsc.dll c:\windows\system32\aclog.dll c:\windows\system32\ACLIBEAY.dll c:\windows\system32\acevtsub.dll c:\windows\system32\asphat32.dll c:\windows\system32\acerrmes.dll c:\windows\system32\aspcom.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll c:\program files\ActivIdentity\ActivClient\acunlock.dll c:\windows\system32\aipingui.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll . - - - - - - - > 'explorer.exe'(4040) c:\windows\system32\WININET.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\SCardSvr.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\windows\system32\msdtc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\mqsvc.exe c:\windows\system32\mqtgsvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\rundll32.exe c:\windows\system32\dllhost.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\eHome\ehmsas.exe . ************************************************************************** . Completion time: 2012-05-15 17:30:18 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-16 01:30 . Pre-Run: 24,360,603,648 bytes free Post-Run: 24,458,252,288 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 44EF6B2B1F37FF8E7E8DB7076DA0964D
  10. I am wondering if I had disable the Avira in the safemode. I tried to reboot in safe mode with networking to be sure if I had turn it off. Realise that I'm not so sure after all but the Avira control center said service stopped, instead of disabled. If you can tell me how to disable it again, I'll retry it one more time
  11. 15:48:21.0921 0952 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 15:48:22.0390 0952 ============================================================ 15:48:22.0390 0952 Current date / time: 2012/05/15 15:48:22.0390 15:48:22.0390 0952 SystemInfo: 15:48:22.0390 0952 15:48:22.0390 0952 OS Version: 5.1.2600 ServicePack: 3.0 15:48:22.0390 0952 Product type: Workstation 15:48:22.0390 0952 ComputerName: STOLL 15:48:22.0390 0952 UserName: Jeff 15:48:22.0390 0952 Windows directory: C:\WINDOWS 15:48:22.0390 0952 System windows directory: C:\WINDOWS 15:48:22.0390 0952 Processor architecture: Intel x86 15:48:22.0390 0952 Number of processors: 2 15:48:22.0390 0952 Page size: 0x1000 15:48:22.0390 0952 Boot type: Safe boot with network 15:48:22.0390 0952 ============================================================ 15:48:24.0656 0952 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:48:24.0656 0952 ============================================================ 15:48:24.0656 0952 \Device\Harddisk0\DR0: 15:48:24.0656 0952 MBR partitions: 15:48:24.0656 0952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA13099A 15:48:24.0656 0952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0xA13489A, BlocksNum 0x171A8E4 15:48:24.0656 0952 ============================================================ 15:48:24.0890 0952 C: <-> \Device\Harddisk0\DR0\Partition0 15:48:24.0906 0952 D: <-> \Device\Harddisk0\DR0\Partition1 15:48:24.0906 0952 ============================================================ 15:48:24.0906 0952 Initialize success 15:48:24.0906 0952 ============================================================ 15:48:28.0265 1020 ============================================================ 15:48:28.0265 1020 Scan started 15:48:28.0265 1020 Mode: Manual; 15:48:28.0265 1020 ============================================================ 15:48:28.0562 1020 0062421329956074mcinstcleanup - ok 15:48:28.0703 1020 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys 15:48:28.0703 1020 5U870CAP_VID_1262&PID_25FD - ok 15:48:28.0718 1020 Abiosdsk - ok 15:48:28.0843 1020 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 15:48:28.0843 1020 abp480n5 - ok 15:48:28.0937 1020 accoca (ec4a5d4e36a8e49261cd823450e0ba51) C:\Program Files\ActivIdentity\ActivClient\accoca.exe 15:48:28.0937 1020 accoca - ok 15:48:28.0984 1020 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:48:28.0984 1020 ACPI - ok 15:48:29.0000 1020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 15:48:29.0000 1020 ACPIEC - ok 15:48:29.0109 1020 AddFiltr (746742588c07db53731143229e2ee450) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe 15:48:29.0109 1020 AddFiltr - ok 15:48:29.0218 1020 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:48:29.0218 1020 AdobeFlashPlayerUpdateSvc - ok 15:48:29.0265 1020 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 15:48:29.0265 1020 adpu160m - ok 15:48:29.0328 1020 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 15:48:29.0328 1020 aec - ok 15:48:29.0375 1020 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 15:48:29.0375 1020 AFD - ok 15:48:29.0437 1020 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 15:48:29.0437 1020 agp440 - ok 15:48:29.0453 1020 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 15:48:29.0453 1020 agpCPQ - ok 15:48:29.0500 1020 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 15:48:29.0500 1020 Aha154x - ok 15:48:29.0531 1020 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 15:48:29.0531 1020 aic78u2 - ok 15:48:29.0546 1020 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 15:48:29.0546 1020 aic78xx - ok 15:48:29.0625 1020 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 15:48:29.0625 1020 Alerter - ok 15:48:29.0640 1020 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 15:48:29.0640 1020 ALG - ok 15:48:29.0671 1020 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 15:48:29.0671 1020 AliIde - ok 15:48:29.0687 1020 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 15:48:29.0687 1020 alim1541 - ok 15:48:29.0718 1020 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 15:48:29.0718 1020 amdagp - ok 15:48:29.0750 1020 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 15:48:29.0765 1020 AmdK8 - ok 15:48:29.0796 1020 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 15:48:29.0796 1020 amsint - ok 15:48:29.0968 1020 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe 15:48:29.0968 1020 AntiVirSchedulerService - ok 15:48:30.0015 1020 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 15:48:30.0015 1020 AntiVirService - ok 15:48:30.0046 1020 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 15:48:30.0062 1020 AppMgmt - ok 15:48:30.0093 1020 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 15:48:30.0109 1020 Arp1394 - ok 15:48:30.0140 1020 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 15:48:30.0140 1020 asc - ok 15:48:30.0187 1020 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 15:48:30.0187 1020 asc3350p - ok 15:48:30.0218 1020 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 15:48:30.0234 1020 asc3550 - ok 15:48:30.0406 1020 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 15:48:30.0453 1020 aspnet_state - ok 15:48:30.0500 1020 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:48:30.0500 1020 AsyncMac - ok 15:48:30.0531 1020 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 15:48:30.0546 1020 atapi - ok 15:48:30.0546 1020 Atdisk - ok 15:48:30.0593 1020 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:48:30.0593 1020 Atmarpc - ok 15:48:30.0640 1020 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 15:48:30.0640 1020 AudioSrv - ok 15:48:30.0687 1020 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 15:48:30.0687 1020 audstub - ok 15:48:30.0718 1020 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 15:48:30.0718 1020 avgio - ok 15:48:30.0765 1020 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 15:48:30.0765 1020 avgntflt - ok 15:48:30.0812 1020 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 15:48:30.0828 1020 avipbb - ok 15:48:30.0937 1020 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe 15:48:30.0953 1020 BBSvc - ok 15:48:31.0062 1020 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe 15:48:31.0062 1020 BBUpdate - ok 15:48:31.0125 1020 BCM43XX (114234fafec7060392195170e1c4d45e) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 15:48:31.0140 1020 BCM43XX - ok 15:48:31.0171 1020 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 15:48:31.0171 1020 Beep - ok 15:48:31.0234 1020 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 15:48:31.0359 1020 BITS - ok 15:48:31.0406 1020 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 15:48:31.0406 1020 Browser - ok 15:48:31.0421 1020 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys 15:48:31.0421 1020 BTWUSB - ok 15:48:31.0484 1020 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 15:48:31.0484 1020 cbidf - ok 15:48:31.0500 1020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 15:48:31.0500 1020 cbidf2k - ok 15:48:31.0562 1020 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 15:48:31.0562 1020 CCDECODE - ok 15:48:31.0593 1020 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 15:48:31.0593 1020 cd20xrnt - ok 15:48:31.0640 1020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 15:48:31.0640 1020 Cdaudio - ok 15:48:31.0656 1020 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 15:48:31.0671 1020 Cdfs - ok 15:48:31.0718 1020 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:48:31.0718 1020 Cdrom - ok 15:48:31.0734 1020 Changer - ok 15:48:31.0812 1020 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 15:48:31.0812 1020 CiSvc - ok 15:48:31.0828 1020 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 15:48:31.0828 1020 ClipSrv - ok 15:48:31.0968 1020 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:48:32.0031 1020 clr_optimization_v2.0.50727_32 - ok 15:48:32.0078 1020 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 15:48:32.0078 1020 CmBatt - ok 15:48:32.0125 1020 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 15:48:32.0125 1020 CmdIde - ok 15:48:32.0171 1020 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 15:48:32.0171 1020 Compbatt - ok 15:48:32.0187 1020 COMSysApp - ok 15:48:32.0250 1020 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 15:48:32.0250 1020 Cpqarray - ok 15:48:32.0296 1020 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 15:48:32.0296 1020 CryptSvc - ok 15:48:32.0328 1020 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 15:48:32.0343 1020 dac2w2k - ok 15:48:32.0390 1020 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 15:48:32.0390 1020 dac960nt - ok 15:48:32.0453 1020 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 15:48:32.0453 1020 DcomLaunch - ok 15:48:32.0500 1020 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 15:48:32.0515 1020 Dhcp - ok 15:48:32.0546 1020 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 15:48:32.0546 1020 Disk - ok 15:48:32.0562 1020 dmadmin - ok 15:48:32.0640 1020 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 15:48:32.0718 1020 dmboot - ok 15:48:32.0734 1020 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 15:48:32.0734 1020 dmio - ok 15:48:32.0765 1020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 15:48:32.0765 1020 dmload - ok 15:48:32.0812 1020 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 15:48:32.0812 1020 dmserver - ok 15:48:32.0843 1020 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 15:48:32.0843 1020 DMusic - ok 15:48:32.0875 1020 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 15:48:32.0875 1020 Dnscache - ok 15:48:32.0921 1020 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 15:48:32.0937 1020 Dot3svc - ok 15:48:32.0968 1020 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 15:48:32.0968 1020 dpti2o - ok 15:48:32.0984 1020 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 15:48:32.0984 1020 drmkaud - ok 15:48:33.0015 1020 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys 15:48:33.0015 1020 eabfiltr - ok 15:48:33.0078 1020 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys 15:48:33.0078 1020 eabusb - ok 15:48:33.0125 1020 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 15:48:33.0125 1020 EapHost - ok 15:48:33.0218 1020 ehRecvr (d039a0c347632622934906bd59a4e1ea) C:\WINDOWS\eHome\ehRecvr.exe 15:48:33.0218 1020 ehRecvr - ok 15:48:33.0281 1020 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe 15:48:33.0281 1020 ehSched - ok 15:48:33.0312 1020 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 15:48:33.0312 1020 ERSvc - ok 15:48:33.0343 1020 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 15:48:33.0359 1020 Eventlog - ok 15:48:33.0406 1020 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 15:48:33.0406 1020 EventSystem - ok 15:48:33.0453 1020 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 15:48:33.0453 1020 Fastfat - ok 15:48:33.0500 1020 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 15:48:33.0500 1020 FastUserSwitchingCompatibility - ok 15:48:33.0515 1020 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 15:48:33.0531 1020 Fdc - ok 15:48:33.0562 1020 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 15:48:33.0578 1020 Fips - ok 15:48:33.0578 1020 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 15:48:33.0578 1020 Flpydisk - ok 15:48:33.0656 1020 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 15:48:33.0656 1020 FltMgr - ok 15:48:33.0796 1020 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 15:48:33.0796 1020 FontCache3.0.0.0 - ok 15:48:33.0812 1020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:48:33.0812 1020 Fs_Rec - ok 15:48:33.0859 1020 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:48:33.0875 1020 Ftdisk - ok 15:48:33.0890 1020 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:48:33.0890 1020 Gpc - ok 15:48:33.0921 1020 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys 15:48:33.0921 1020 HBtnKey - ok 15:48:33.0953 1020 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys 15:48:33.0968 1020 HdAudAddService - ok 15:48:34.0015 1020 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 15:48:34.0015 1020 HDAudBus - ok 15:48:34.0093 1020 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 15:48:34.0093 1020 helpsvc - ok 15:48:34.0109 1020 HidServ - ok 15:48:34.0171 1020 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 15:48:34.0171 1020 hkmsvc - ok 15:48:34.0234 1020 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 15:48:34.0234 1020 hpn - ok 15:48:34.0359 1020 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 15:48:34.0421 1020 hpqcxs08 - ok 15:48:34.0484 1020 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 15:48:34.0484 1020 hpqddsvc - ok 15:48:34.0531 1020 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 15:48:34.0546 1020 hpqwmiex - ok 15:48:34.0578 1020 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 15:48:34.0593 1020 HPZid412 - ok 15:48:34.0609 1020 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 15:48:34.0609 1020 HPZipr12 - ok 15:48:34.0656 1020 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 15:48:34.0656 1020 HPZius12 - ok 15:48:34.0703 1020 HSFHWAZL (8e60293c44e3f6f7f09defb60023a37d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 15:48:34.0734 1020 HSFHWAZL - ok 15:48:34.0796 1020 HSF_DPV (4c2aab15ad6229134f70e5c950e6185c) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 15:48:34.0875 1020 HSF_DPV - ok 15:48:34.0921 1020 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 15:48:34.0921 1020 HTTP - ok 15:48:34.0984 1020 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 15:48:35.0000 1020 HTTPFilter - ok 15:48:35.0046 1020 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 15:48:35.0046 1020 i2omgmt - ok 15:48:35.0078 1020 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 15:48:35.0078 1020 i2omp - ok 15:48:35.0109 1020 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:48:35.0109 1020 i8042prt - ok 15:48:35.0187 1020 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys 15:48:35.0203 1020 iaStor - ok 15:48:35.0343 1020 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 15:48:35.0343 1020 IDriverT - ok 15:48:35.0578 1020 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:48:35.0593 1020 idsvc - ok 15:48:35.0703 1020 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 15:48:35.0703 1020 Imapi - ok 15:48:35.0750 1020 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 15:48:35.0750 1020 ImapiService - ok 15:48:35.0796 1020 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 15:48:35.0796 1020 ini910u - ok 15:48:35.0843 1020 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 15:48:35.0843 1020 IntelIde - ok 15:48:35.0890 1020 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 15:48:35.0890 1020 Ip6Fw - ok 15:48:35.0906 1020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:48:35.0921 1020 IpFilterDriver - ok 15:48:35.0968 1020 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:48:35.0968 1020 IpInIp - ok 15:48:36.0000 1020 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:48:36.0000 1020 IpNat - ok 15:48:36.0031 1020 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:48:36.0031 1020 IPSec - ok 15:48:36.0062 1020 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 15:48:36.0062 1020 IRENUM - ok 15:48:36.0078 1020 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:48:36.0078 1020 isapnp - ok 15:48:36.0234 1020 JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe 15:48:36.0234 1020 JavaQuickStarterService - ok 15:48:36.0250 1020 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:48:36.0265 1020 Kbdclass - ok 15:48:36.0281 1020 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 15:48:36.0281 1020 kbdhid - ok 15:48:36.0312 1020 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 15:48:36.0312 1020 kmixer - ok 15:48:36.0359 1020 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 15:48:36.0359 1020 KSecDD - ok 15:48:36.0406 1020 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 15:48:36.0406 1020 lanmanserver - ok 15:48:36.0437 1020 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 15:48:36.0453 1020 lanmanworkstation - ok 15:48:36.0468 1020 lbrtfdc - ok 15:48:36.0578 1020 LightScribeService (86e8bcaa91fc2acfacd99cf2bf9f1f47) C:\Program Files\Common Files\LightScribe\LSSrvc.exe 15:48:36.0578 1020 LightScribeService - ok 15:48:36.0625 1020 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 15:48:36.0625 1020 LmHosts - ok 15:48:36.0671 1020 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 15:48:36.0671 1020 MBAMProtector - ok 15:48:36.0734 1020 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 15:48:36.0750 1020 MBAMService - ok 15:48:36.0843 1020 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe 15:48:36.0843 1020 McAfee SiteAdvisor Service - ok 15:48:36.0906 1020 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe 15:48:36.0921 1020 McrdSvc - ok 15:48:36.0953 1020 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 15:48:36.0953 1020 mdmxsdk - ok 15:48:36.0984 1020 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 15:48:36.0984 1020 Messenger - ok 15:48:37.0015 1020 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll 15:48:37.0015 1020 MHN - ok 15:48:37.0046 1020 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 15:48:37.0046 1020 MHNDRV - ok 15:48:37.0093 1020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 15:48:37.0093 1020 mnmdd - ok 15:48:37.0140 1020 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 15:48:37.0140 1020 mnmsrvc - ok 15:48:37.0328 1020 MOBCleanup - ok 15:48:37.0375 1020 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 15:48:37.0375 1020 Modem - ok 15:48:37.0390 1020 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:48:37.0390 1020 Mouclass - ok 15:48:37.0421 1020 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 15:48:37.0421 1020 MountMgr - ok 15:48:37.0453 1020 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys 15:48:37.0453 1020 MQAC - ok 15:48:37.0500 1020 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 15:48:37.0500 1020 mraid35x - ok 15:48:37.0531 1020 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:48:37.0531 1020 MRxDAV - ok 15:48:37.0593 1020 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:48:37.0593 1020 MRxSmb - ok 15:48:37.0640 1020 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 15:48:37.0640 1020 MSDTC - ok 15:48:37.0671 1020 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 15:48:37.0671 1020 Msfs - ok 15:48:37.0687 1020 MSIServer - ok 15:48:37.0734 1020 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:48:37.0734 1020 MSKSSRV - ok 15:48:37.0796 1020 MSMQ (e9b5f354ae80325283fd5c1c05217b01) C:\WINDOWS\system32\mqsvc.exe 15:48:37.0796 1020 MSMQ - ok 15:48:37.0828 1020 MSMQTriggers (10e6b9022b0a5c9c41e2da6aeae5d404) C:\WINDOWS\system32\mqtgsvc.exe 15:48:37.0843 1020 MSMQTriggers - ok 15:48:37.0859 1020 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:48:37.0859 1020 MSPCLOCK - ok 15:48:37.0890 1020 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 15:48:37.0890 1020 MSPQM - ok 15:48:37.0937 1020 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:48:37.0937 1020 mssmbios - ok 15:48:37.0968 1020 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 15:48:37.0968 1020 MSTEE - ok 15:48:38.0015 1020 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 15:48:38.0015 1020 Mup - ok 15:48:38.0062 1020 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 15:48:38.0062 1020 NABTSFEC - ok 15:48:38.0125 1020 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 15:48:38.0125 1020 napagent - ok 15:48:38.0171 1020 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 15:48:38.0171 1020 NDIS - ok 15:48:38.0218 1020 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 15:48:38.0218 1020 NdisIP - ok 15:48:38.0265 1020 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:48:38.0265 1020 NdisTapi - ok 15:48:38.0296 1020 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:48:38.0296 1020 Ndisuio - ok 15:48:38.0312 1020 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:48:38.0312 1020 NdisWan - ok 15:48:38.0375 1020 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 15:48:38.0375 1020 NDProxy - ok 15:48:38.0406 1020 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll 15:48:38.0421 1020 Net Driver HPZ12 - ok 15:48:38.0437 1020 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 15:48:38.0437 1020 NetBIOS - ok 15:48:38.0468 1020 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 15:48:38.0468 1020 NetBT - ok 15:48:38.0515 1020 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 15:48:38.0515 1020 NetDDE - ok 15:48:38.0531 1020 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 15:48:38.0531 1020 NetDDEdsdm - ok 15:48:38.0578 1020 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:48:38.0593 1020 Netlogon - ok 15:48:38.0625 1020 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 15:48:38.0625 1020 Netman - ok 15:48:38.0765 1020 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:48:38.0765 1020 NetTcpPortSharing - ok 15:48:38.0828 1020 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 15:48:38.0828 1020 NIC1394 - ok 15:48:38.0875 1020 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 15:48:38.0875 1020 Nla - ok 15:48:38.0921 1020 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 15:48:38.0921 1020 Npfs - ok 15:48:38.0937 1020 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 15:48:38.0953 1020 Ntfs - ok 15:48:39.0000 1020 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:48:39.0000 1020 NtLmSsp - ok 15:48:39.0046 1020 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 15:48:39.0062 1020 NtmsSvc - ok 15:48:39.0109 1020 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 15:48:39.0109 1020 Null - ok 15:48:39.0265 1020 nv (bbb8ab2ffd7a79cd9d7751008e3de579) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 15:48:39.0421 1020 nv - ok 15:48:39.0546 1020 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys 15:48:39.0546 1020 nvata - ok 15:48:39.0578 1020 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 15:48:39.0578 1020 NVENETFD - ok 15:48:39.0593 1020 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 15:48:39.0593 1020 nvnetbus - ok 15:48:39.0640 1020 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys 15:48:39.0640 1020 nvsmu - ok 15:48:39.0687 1020 NVSvc (a323e7dd1a00898b1c40b9b5b340c0db) C:\WINDOWS\system32\nvsvc32.exe 15:48:39.0687 1020 NVSvc - ok 15:48:39.0734 1020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:48:39.0734 1020 NwlnkFlt - ok 15:48:39.0796 1020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:48:39.0796 1020 NwlnkFwd - ok 15:48:39.0843 1020 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 15:48:39.0843 1020 ohci1394 - ok 15:48:39.0937 1020 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:48:39.0937 1020 ose - ok 15:48:40.0218 1020 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:48:40.0453 1020 osppsvc - ok 15:48:40.0687 1020 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 15:48:40.0687 1020 Parport - ok 15:48:40.0750 1020 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 15:48:40.0750 1020 PartMgr - ok 15:48:40.0781 1020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 15:48:40.0796 1020 ParVdm - ok 15:48:40.0796 1020 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 15:48:40.0812 1020 PCI - ok 15:48:40.0828 1020 PCIDump - ok 15:48:40.0843 1020 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 15:48:40.0843 1020 PCIIde - ok 15:48:40.0890 1020 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 15:48:40.0906 1020 Pcmcia - ok 15:48:40.0906 1020 PDCOMP - ok 15:48:40.0937 1020 PDFRAME - ok 15:48:40.0953 1020 PDRELI - ok 15:48:40.0984 1020 PDRFRAME - ok 15:48:41.0015 1020 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 15:48:41.0015 1020 perc2 - ok 15:48:41.0062 1020 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 15:48:41.0062 1020 perc2hib - ok 15:48:41.0140 1020 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 15:48:41.0140 1020 PlugPlay - ok 15:48:41.0187 1020 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll 15:48:41.0187 1020 Pml Driver HPZ12 - ok 15:48:41.0203 1020 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:48:41.0203 1020 PolicyAgent - ok 15:48:41.0250 1020 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:48:41.0250 1020 PptpMiniport - ok 15:48:41.0265 1020 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:48:41.0265 1020 ProtectedStorage - ok 15:48:41.0296 1020 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 15:48:41.0296 1020 PSched - ok 15:48:41.0328 1020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:48:41.0328 1020 Ptilink - ok 15:48:41.0359 1020 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 15:48:41.0359 1020 PxHelp20 - ok 15:48:41.0390 1020 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 15:48:41.0390 1020 ql1080 - ok 15:48:41.0406 1020 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 15:48:41.0406 1020 Ql10wnt - ok 15:48:41.0437 1020 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 15:48:41.0437 1020 ql12160 - ok 15:48:41.0468 1020 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 15:48:41.0468 1020 ql1240 - ok 15:48:41.0484 1020 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 15:48:41.0500 1020 ql1280 - ok 15:48:41.0515 1020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:48:41.0531 1020 RasAcd - ok 15:48:41.0562 1020 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 15:48:41.0562 1020 RasAuto - ok 15:48:41.0593 1020 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:48:41.0593 1020 Rasl2tp - ok 15:48:41.0640 1020 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 15:48:41.0640 1020 RasMan - ok 15:48:41.0671 1020 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:48:41.0687 1020 RasPppoe - ok 15:48:41.0687 1020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 15:48:41.0687 1020 Raspti - ok 15:48:41.0734 1020 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:48:41.0734 1020 Rdbss - ok 15:48:41.0750 1020 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:48:41.0750 1020 RDPCDD - ok 15:48:41.0796 1020 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 15:48:41.0796 1020 rdpdr - ok 15:48:41.0843 1020 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 15:48:41.0843 1020 RDPWD - ok 15:48:41.0890 1020 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 15:48:41.0906 1020 RDSessMgr - ok 15:48:41.0953 1020 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 15:48:41.0953 1020 redbook - ok 15:48:42.0000 1020 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 15:48:42.0000 1020 RemoteAccess - ok 15:48:42.0015 1020 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 15:48:42.0031 1020 RemoteRegistry - ok 15:48:42.0062 1020 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 15:48:42.0062 1020 rimmptsk - ok 15:48:42.0078 1020 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 15:48:42.0078 1020 rimsptsk - ok 15:48:42.0125 1020 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 15:48:42.0140 1020 rismxdp - ok 15:48:42.0187 1020 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys 15:48:42.0203 1020 RMCAST - ok 15:48:42.0234 1020 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 15:48:42.0250 1020 RpcLocator - ok 15:48:42.0312 1020 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 15:48:42.0328 1020 RpcSs - ok 15:48:42.0375 1020 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 15:48:42.0375 1020 RSVP - ok 15:48:42.0390 1020 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 15:48:42.0390 1020 rtl8139 - ok 15:48:42.0437 1020 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:48:42.0453 1020 SamSs - ok 15:48:42.0468 1020 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 15:48:42.0468 1020 SCardSvr - ok 15:48:42.0500 1020 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 15:48:42.0500 1020 Schedule - ok 15:48:42.0562 1020 SCR3XX2K (b590c6b740a85130e88d35d007691eb4) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys 15:48:42.0562 1020 SCR3XX2K - ok 15:48:42.0609 1020 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 15:48:42.0609 1020 sdbus - ok 15:48:42.0656 1020 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:48:42.0656 1020 Secdrv - ok 15:48:42.0687 1020 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 15:48:42.0687 1020 seclogon - ok 15:48:42.0718 1020 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 15:48:42.0718 1020 SENS - ok 15:48:42.0750 1020 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 15:48:42.0750 1020 Serial - ok 15:48:42.0812 1020 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 15:48:42.0812 1020 Sfloppy - ok 15:48:42.0875 1020 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 15:48:42.0875 1020 SharedAccess - ok 15:48:42.0906 1020 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 15:48:42.0921 1020 ShellHWDetection - ok 15:48:42.0921 1020 Simbad - ok 15:48:42.0968 1020 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 15:48:42.0968 1020 sisagp - ok 15:48:43.0000 1020 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 15:48:43.0000 1020 SLIP - ok 15:48:43.0062 1020 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 15:48:43.0062 1020 Sparrow - ok 15:48:43.0078 1020 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 15:48:43.0078 1020 splitter - ok 15:48:43.0125 1020 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 15:48:43.0125 1020 Spooler - ok 15:48:43.0171 1020 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 15:48:43.0171 1020 sr - ok 15:48:43.0218 1020 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 15:48:43.0218 1020 srservice - ok 15:48:43.0265 1020 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 15:48:43.0281 1020 Srv - ok 15:48:43.0296 1020 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 15:48:43.0296 1020 SSDPSRV - ok 15:48:43.0343 1020 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 15:48:43.0343 1020 ssmdrv - ok 15:48:43.0390 1020 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 15:48:43.0406 1020 stisvc - ok 15:48:43.0453 1020 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 15:48:43.0453 1020 streamip - ok 15:48:43.0484 1020 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 15:48:43.0484 1020 swenum - ok 15:48:43.0500 1020 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 15:48:43.0500 1020 swmidi - ok 15:48:43.0515 1020 SwPrv - ok 15:48:43.0578 1020 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 15:48:43.0578 1020 symc810 - ok 15:48:43.0593 1020 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 15:48:43.0593 1020 symc8xx - ok 15:48:43.0625 1020 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 15:48:43.0625 1020 sym_hi - ok 15:48:43.0640 1020 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 15:48:43.0640 1020 sym_u3 - ok 15:48:43.0687 1020 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys 15:48:43.0687 1020 SynTP - ok 15:48:43.0703 1020 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 15:48:43.0703 1020 sysaudio - ok 15:48:43.0765 1020 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 15:48:43.0765 1020 SysmonLog - ok 15:48:43.0796 1020 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 15:48:43.0812 1020 TapiSrv - ok 15:48:43.0859 1020 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:48:43.0859 1020 Tcpip - ok 15:48:43.0906 1020 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 15:48:43.0921 1020 TDPIPE - ok 15:48:43.0937 1020 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 15:48:43.0937 1020 TDTCP - ok 15:48:43.0968 1020 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 15:48:43.0968 1020 TermDD - ok 15:48:44.0031 1020 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 15:48:44.0031 1020 TermService - ok 15:48:44.0093 1020 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 15:48:44.0093 1020 Themes - ok 15:48:44.0140 1020 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 15:48:44.0140 1020 TlntSvr - ok 15:48:44.0265 1020 TomTomHOMEService (572a16fbad52ab1ac8e3d44baaf99694) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 15:48:44.0265 1020 TomTomHOMEService - ok 15:48:44.0312 1020 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 15:48:44.0328 1020 TosIde - ok 15:48:44.0328 1020 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 15:48:44.0343 1020 TrkWks - ok 15:48:44.0390 1020 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 15:48:44.0390 1020 Udfs - ok 15:48:44.0406 1020 UIUSys - ok 15:48:44.0453 1020 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 15:48:44.0453 1020 ultra - ok 15:48:44.0500 1020 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe 15:48:44.0515 1020 UMWdf - ok 15:48:44.0578 1020 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 15:48:44.0593 1020 Update - ok 15:48:44.0625 1020 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 15:48:44.0625 1020 upnphost - ok 15:48:44.0640 1020 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 15:48:44.0640 1020 UPS - ok 15:48:44.0703 1020 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 15:48:44.0703 1020 usbaudio - ok 15:48:44.0750 1020 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:48:44.0750 1020 usbccgp - ok 15:48:44.0796 1020 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:48:44.0796 1020 usbehci - ok 15:48:44.0812 1020 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:48:44.0812 1020 usbhub - ok 15:48:44.0828 1020 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 15:48:44.0828 1020 usbohci - ok 15:48:44.0859 1020 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 15:48:44.0859 1020 usbprint - ok 15:48:44.0875 1020 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 15:48:44.0875 1020 usbscan - ok 15:48:44.0890 1020 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:48:44.0906 1020 USBSTOR - ok 15:48:44.0937 1020 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:48:44.0937 1020 usbuhci - ok 15:48:44.0984 1020 usbvm328 (6dc94d0d4f2472056d14e987f729eccb) C:\WINDOWS\system32\Drivers\usbvm326.sys 15:48:44.0984 1020 usbvm328 - ok 15:48:45.0031 1020 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 15:48:45.0031 1020 VgaSave - ok 15:48:45.0062 1020 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 15:48:45.0062 1020 viaagp - ok 15:48:45.0093 1020 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 15:48:45.0093 1020 ViaIde - ok 15:48:45.0171 1020 vmfilter323 (6c21422d47ed3d8f65ed667bfd1cc759) C:\WINDOWS\system32\drivers\vmfilter323.sys 15:48:45.0171 1020 vmfilter323 - ok 15:48:45.0203 1020 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 15:48:45.0203 1020 VolSnap - ok 15:48:45.0343 1020 Vongo Service (322aaa3b17e1fc664915350cdde92eb8) C:\Program Files\Vongo\VongoService.exe 15:48:45.0359 1020 Vongo Service - ok 15:48:45.0406 1020 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 15:48:45.0421 1020 VSS - ok 15:48:45.0453 1020 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 15:48:45.0468 1020 W32Time - ok 15:48:45.0515 1020 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:48:45.0515 1020 Wanarp - ok 15:48:45.0531 1020 WDICA - ok 15:48:45.0562 1020 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 15:48:45.0562 1020 wdmaud - ok 15:48:45.0578 1020 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 15:48:45.0578 1020 WebClient - ok 15:48:45.0656 1020 winachsf (e17d31cd52dcb7745ac5330eea062d0b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 15:48:45.0671 1020 winachsf - ok 15:48:45.0750 1020 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 15:48:45.0750 1020 winmgmt - ok 15:48:46.0015 1020 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:48:46.0078 1020 wlidsvc - ok 15:48:46.0218 1020 WMConnectCDS (cd99c9feae87c1963273f6b150251e33) C:\Program Files\Windows Media Connect 2\wmccds.exe 15:48:46.0234 1020 WMConnectCDS - ok 15:48:46.0421 1020 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll 15:48:46.0421 1020 WmdmPmSN - ok 15:48:46.0500 1020 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 15:48:46.0515 1020 Wmi - ok 15:48:46.0593 1020 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 15:48:46.0593 1020 WmiAcpi - ok 15:48:46.0671 1020 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 15:48:46.0671 1020 WmiApSrv - ok 15:48:46.0718 1020 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 15:48:46.0734 1020 wscsvc - ok 15:48:46.0765 1020 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 15:48:46.0765 1020 WSTCODEC - ok 15:48:46.0796 1020 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 15:48:46.0828 1020 wuauserv - ok 15:48:46.0875 1020 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 15:48:46.0890 1020 WZCSVC - ok 15:48:46.0921 1020 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 15:48:46.0921 1020 xmlprov - ok 15:48:47.0000 1020 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0 15:48:47.0015 1020 \Device\Harddisk0\DR0 - ok 15:48:47.0031 1020 Boot (0x1200) (0c244233af3399cf72a2036305143af3) \Device\Harddisk0\DR0\Partition0 15:48:47.0031 1020 \Device\Harddisk0\DR0\Partition0 - ok 15:48:47.0093 1020 Boot (0x1200) (5b9d4a6e33305397a5038ea01fb2397a) \Device\Harddisk0\DR0\Partition1 15:48:47.0093 1020 \Device\Harddisk0\DR0\Partition1 - ok 15:48:47.0093 1020 ============================================================ 15:48:47.0093 1020 Scan finished
  12. Finally the AVAST. Keep giving me a blue screen saying dump of physical memory when I ran it. Took me the 4 times to finally get this done. Thanks for helping again. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-05-15 10:01:38 ----------------------------- 10:01:38.656 OS Version: Windows 5.1.2600 Service Pack 3 10:01:38.656 Number of processors: 2 586 0x4802 10:01:38.656 ComputerName: STOLL UserName: Jeff 10:01:39.593 Initialize success 10:01:55.734 AVAST engine defs: 12051401 10:02:00.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007c 10:02:00.421 Disk 0 Vendor: Size: 0MB BusType: 0 10:02:00.500 Disk 0 MBR read error 0 10:02:00.500 Disk 0 MBR scan 10:02:01.125 Disk 0 unknown MBR code 10:02:01.140 MBR BIOS signature not found 0 10:02:01.218 Disk 0 scanning C:\WINDOWS\system32\drivers 10:02:19.468 Service scanning 10:02:43.937 Modules scanning 10:02:50.765 Disk 0 trace - called modules: 10:02:50.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys 10:02:50.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5901e8] 10:02:50.843 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\0000007d[0x8a59ef18] 10:02:50.890 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\0000007c[0x8a4b6658] 10:02:51.296 AVAST engine scan C:\WINDOWS 10:03:00.484 AVAST engine scan C:\WINDOWS\system32 10:07:51.859 AVAST engine scan C:\WINDOWS\system32\drivers 10:08:16.046 AVAST engine scan C:\Documents and Settings\Jeff 10:08:36.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jeff\Desktop\MBR.dat" 10:08:36.125 The log file has been saved successfully to "C:\Documents and Settings\Jeff\Desktop\aswMBR.txt"
  13. The GMER log ---- System - GMER 1.0.15 ---- SSDT EE8A668C ZwClose SSDT EE8A6646 ZwCreateKey SSDT EE8A6696 ZwCreateSection SSDT EE8A663C ZwCreateThread SSDT EE8A664B ZwDeleteKey SSDT EE8A6655 ZwDeleteValueKey SSDT EE8A6687 ZwDuplicateObject SSDT EE8A665A ZwLoadKey SSDT EE8A6628 ZwOpenProcess SSDT EE8A662D ZwOpenThread SSDT EE8A6664 ZwReplaceKey SSDT EE8A665F ZwRestoreKey SSDT EE8A669B ZwSetContextThread SSDT EE8A6650 ZwSetValueKey SSDT EE8A6637 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6249360, 0x225D9D, 0xE8000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- EOF - GMER 1.0.15 ----
  14. Thanks alot for your help. The OTL logs are as follows OTL logfile created on: 5/14/2012 6:47:15 PM - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Jeff\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.97 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 62.19% Memory free 3.82 Gb Paging File | 3.19 Gb Available in Paging File | 83.56% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 80.59 Gb Total Space | 22.81 Gb Free Space | 28.30% Space Free | Partition Type: NTFS Drive D: | 11.53 Gb Total Space | 1.26 Gb Free Space | 10.93% Space Free | Partition Type: FAT32 Computer Name: STOLL | User Name: Jeff | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/14 18:46:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/02/10 11:28:06 | 000,193,816 | -H-- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE PRC - [2012/01/13 12:21:10 | 000,095,200 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2011/06/30 09:56:40 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/04/28 07:55:25 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/12/13 09:39:54 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/12/10 04:29:00 | 000,092,008 | -H-- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010/12/10 04:28:56 | 000,247,144 | -H-- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2010/02/10 18:27:24 | 000,386,872 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe PRC - [2010/01/14 22:11:00 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2008/04/13 16:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/05/15 12:08:40 | 000,182,576 | -H-- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe PRC - [2007/05/15 12:08:38 | 000,095,024 | -H-- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe PRC - [2007/05/15 12:08:08 | 000,293,168 | -H-- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe ========== Modules (No Company Name) ========== MOD - [2011/11/03 07:28:36 | 001,292,288 | -H-- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2011/02/04 18:48:30 | 000,291,840 | -H-- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2010/06/17 15:27:22 | 000,355,688 | -H-- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll MOD - [2008/04/13 16:11:59 | 000,014,336 | -H-- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/04/13 16:11:51 | 000,059,904 | -H-- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2006/07/11 20:55:04 | 000,172,032 | -H-- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Jeff\LOCALS~1\Temp\MOBCleanup.exe -- (MOBCleanup) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\006242~1.EXE -- (0062421329956074mcinstcleanup) McAfee Application Installer Cleanup (0062421329956074) SRV - [2012/05/04 16:10:23 | 000,257,696 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/02/10 11:28:06 | 000,240,408 | -H-- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/02/10 11:28:06 | 000,193,816 | -H-- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2012/01/13 12:21:10 | 000,095,200 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2011/06/30 09:56:40 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/28 07:55:25 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/12/10 04:29:00 | 000,092,008 | -H-- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2007/05/15 12:08:40 | 000,182,576 | -H-- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca) SRV - [2006/06/12 12:27:28 | 000,126,976 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr) SRV - [2006/05/09 12:11:10 | 000,176,128 | -H-- | M] (Starz Entertainment Group LLC) [Auto | Stopped] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service) SRV - [2005/10/06 17:12:30 | 000,855,552 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/06/30 09:56:41 | 000,138,192 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011/06/30 09:56:41 | 000,066,616 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/06/17 15:27:22 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/06/17 15:27:12 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2010/01/06 19:19:00 | 000,057,856 | -H-- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K) DRV - [2009/06/22 03:48:44 | 000,091,776 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC) DRV - [2008/05/08 06:02:52 | 000,203,136 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2007/04/13 04:56:45 | 000,475,264 | RH-- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter323.sys -- (vmfilter323) DRV - [2007/04/13 04:56:45 | 000,219,648 | RH-- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm326.sys -- (usbvm328) DRV - [2006/08/29 14:12:28 | 000,990,592 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006/08/29 14:11:08 | 000,208,384 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2006/08/29 14:10:56 | 000,728,576 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006/06/19 04:37:34 | 000,036,864 | -H-- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006/06/06 12:39:56 | 000,061,952 | -H-- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD) DRV - [2006/06/01 16:02:36 | 000,572,928 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService) DRV - [2006/05/12 12:05:02 | 000,057,320 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2006/04/28 09:12:00 | 000,429,184 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006/03/05 15:49:36 | 000,011,136 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2006/03/02 16:31:04 | 000,013,056 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006/03/02 16:31:02 | 000,034,176 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006/01/26 16:04:16 | 000,099,584 | -H-- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata) DRV - [2005/11/15 20:28:32 | 000,028,928 | -H-- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005/10/31 18:08:00 | 000,308,992 | -H-- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005/10/31 17:54:50 | 000,051,584 | -H-- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005/09/19 13:24:20 | 000,005,760 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2005/09/19 13:24:10 | 000,009,344 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2005/09/19 13:23:52 | 000,007,808 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2004/08/03 22:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms} IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\SearchScopes\{F5CB2064-D2FA-4E5D-9A55-C05764F1FB0E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7 IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Secure Search" FF - prefs.js..browser.search.selectedEngine: "Secure Search" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/04 14:59:39 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/03/04 11:16:00 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/10 10:11:25 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/06 19:04:38 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2012/03/16 15:12:17 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2012/05/06 19:04:39 | 000,000,000 | -H-D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/04 14:59:39 | 000,000,000 | -H-D | M] [2011/03/01 14:46:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions [2011/03/01 14:46:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions\home2@tomtom.com [2012/05/05 15:55:48 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\wifw4z5k.default\extensions [2012/02/07 19:15:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/01/29 07:55:53 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2007/06/11 03:34:00 | 002,115,816 | -H-- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2012/01/29 05:36:35 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/09/20 10:31:51 | 000,002,024 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012/01/29 05:36:35 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2006/03/15 20:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider) O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks) O4 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005..\Run: [Device Detection] C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe () O4 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz) O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz) O4 - Startup: C:\Documents and Settings\Jeff\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O15 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..Trusted Domains: ahrn.com ([www] http in Trusted sites) O15 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..Trusted Domains: ahrn.com ([www*] https in Trusted sites) O15 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..Trusted Domains: army.mil ([]* in Local intranet) O15 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..Trusted Domains: chase.com ([]https in Trusted sites) O15 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.165.131.12 209.165.131.13 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D7DC3B9-18BF-4DC8-97E5-50572F9D29C8}: DhcpNameServer = 209.165.131.12 209.165.131.13 0.0.0.0 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ackpbsc: DllName - (C:\WINDOWS\system32\ackpbsc.dll) - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity) O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity) O24 - Desktop WallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2007/09/26 03:18:56 | 000,000,090 | -H-- | M] () - D:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/05/14 18:46:47 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe [2012/05/14 16:53:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jeff\Start Menu\Programs\Administrative Tools [2012/05/14 16:52:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\dds.com [2012/05/14 08:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Application Data\Malwarebytes [2012/05/14 08:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/14 08:44:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/05/14 08:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/05/14 08:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/05/14 08:29:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jeff\Recent [2012/05/11 16:04:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jeff\Start Menu\Programs\Data Recovery [2012/04/30 09:33:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight [2012/04/30 09:33:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft Silverlight [2012/04/23 09:33:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jeff\Desktop\PureEdge [2012/04/23 09:24:12 | 000,000,000 | -H-D | C] -- C:\Program Files\PureEdge1 [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/14 18:46:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe [2012/05/14 18:39:45 | 000,001,350 | -H-- | M] () -- C:\hpqp.ini [2012/05/14 18:37:33 | 000,000,039 | -H-- | M] () -- C:\XP_TV.ini [2012/05/14 18:37:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/05/14 17:10:15 | 000,000,830 | -H-- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/05/14 16:52:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\dds.com [2012/05/14 08:44:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/14 08:28:10 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/05/12 20:20:25 | 000,000,855 | -H-- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk [2012/05/12 20:20:25 | 000,000,176 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-883o8ZUhSyoNkar [2012/05/12 20:20:25 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-883o8ZUhSyoNka [2012/05/12 20:20:19 | 000,000,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\883o8ZUhSyoNka [2012/05/12 20:19:46 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/05/11 16:04:19 | 000,000,837 | -H-- | M] () -- C:\Documents and Settings\Jeff\Desktop\Data_Recovery.lnk [2012/05/11 15:57:21 | 000,051,048 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012/05/10 16:18:06 | 000,330,688 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/05/10 15:49:29 | 000,452,834 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/05/10 15:49:29 | 000,074,842 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/05/06 19:04:39 | 000,001,729 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2012/05/06 18:57:40 | 000,077,386 | -H-- | M] () -- C:\WINDOWS\hpqins05.dat [2012/05/06 18:55:56 | 000,000,059 | -H-- | M] () -- C:\WINDOWS\WININIT.INI [2012/05/06 18:53:41 | 000,001,018 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk [2012/05/04 16:10:22 | 000,419,488 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/05/04 16:10:22 | 000,070,304 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/04/30 19:15:56 | 009,080,143 | -H-- | M] () -- C:\Documents and Settings\Jeff\Desktop\TC_3-22.20.pdf [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/14 08:44:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/12 20:20:24 | 000,000,855 | -H-- | C] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk [2012/05/11 16:04:19 | 000,000,837 | -H-- | C] () -- C:\Documents and Settings\Jeff\Desktop\Data_Recovery.lnk [2012/05/11 16:04:19 | 000,000,176 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-883o8ZUhSyoNkar [2012/05/11 16:04:19 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-883o8ZUhSyoNka [2012/05/11 16:04:11 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\883o8ZUhSyoNka [2012/05/06 18:53:41 | 000,001,018 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk [2012/05/06 18:52:06 | 000,077,386 | -H-- | C] () -- C:\WINDOWS\hpqins05.dat [2012/04/30 19:15:56 | 009,080,143 | -H-- | C] () -- C:\Documents and Settings\Jeff\Desktop\TC_3-22.20.pdf [2012/02/15 17:37:00 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/02/14 13:40:57 | 000,135,168 | RH-- | C] () -- C:\WINDOWS\System32\setupfilter.exe [2011/02/14 13:25:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/08/04 14:57:49 | 000,023,097 | -H-- | C] () -- C:\WINDOWS\hpqins15.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report > OTL Extras logfile created on: 5/14/2012 6:47:15 PM - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Jeff\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.97 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 62.19% Memory free 3.82 Gb Paging File | 3.19 Gb Available in Paging File | 83.56% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 80.59 Gb Total Space | 22.81 Gb Free Space | 28.30% Space Free | Partition Type: NTFS Drive D: | 11.53 Gb Total Space | 1.26 Gb Free Space | 10.93% Space Free | Partition Type: FAT32 Computer Name: STOLL | User Name: Jeff | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = NetscapeHTML] -- C:\Program Files\Netscape\Netscape Browser\netscape.exe (Netscape) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE -url "%1" (Netscape) https [open] -- C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE -url "%1" (Netscape) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "" = "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "" = "C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- () "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.) "C:\Program Files\BearShare\BearShare.exe" = C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare -- (Free Peers, Inc.) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{13BCF6CB-2F54-4962-9B11-32F07048ACF3}" = HP User Guides 0031 "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus "{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2 "{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17 "{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006 "{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2 "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2 "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3 "{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant "{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics "{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig "{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400 "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1 "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc "{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8 "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1 "{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min "{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1 "{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig "{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player "{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" = "{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour "{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module "{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient CAC 6.1 x86 "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module "{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3 "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E6B43401-E818-4961-AFED-118DD8E87642}" = RAF "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy "{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help "{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0 "{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices "{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter "CNXT_HDAUDIO" = Conexant HD Audio "CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP "HP Game Console" = HP Game Console and games "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Photo & Imaging" = HP Photosmart Premier Software 6.0 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Rhapsody" = HP Rhapsody "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "HPOCR" = OCR Software by I.R.I.S. 10.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Money2006b" = Microsoft Money 2006 "Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US) "MyFinePix Studio_is1" = FUJIFILM MyFinePix Studio 3.1 "Netscape Browser" = Netscape Browser (remove only) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver "TomTom HOME" = TomTom HOME 2.8.0.2146 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WMCSetup" = Windows Media Connect "Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer "Yahoo! Toolbar" = Yahoo! Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/14/2012 6:50:32 PM | Computer Name = STOLL | Source = Application Error | ID = 1000 Description = Faulting application dd.exe, version 1.12.0.0, faulting module dd.exe, version 1.12.0.0, fault address 0x0003ae67. Error - 5/14/2012 6:52:30 PM | Computer Name = STOLL | Source = Media Center Scheduler | ID = 0 Description = Error - 5/14/2012 8:58:02 PM | Computer Name = STOLL | Source = MSDTC | ID = 4404 Description = MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 5/14/2012 8:58:03 PM | Computer Name = STOLL | Source = Media Center Scheduler | ID = 0 Description = Error - 5/14/2012 8:59:20 PM | Computer Name = STOLL | Source = Application Error | ID = 1000 Description = Faulting application dd.exe, version 1.12.0.0, faulting module dd.exe, version 1.12.0.0, fault address 0x0003ae67. Error - 5/14/2012 9:00:23 PM | Computer Name = STOLL | Source = Media Center Scheduler | ID = 0 Description = Error - 5/14/2012 10:37:40 PM | Computer Name = STOLL | Source = MSDTC | ID = 4404 Description = MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 5/14/2012 10:37:41 PM | Computer Name = STOLL | Source = Media Center Scheduler | ID = 0 Description = Error - 5/14/2012 10:38:58 PM | Computer Name = STOLL | Source = Application Error | ID = 1000 Description = Faulting application dd.exe, version 1.12.0.0, faulting module dd.exe, version 1.12.0.0, fault address 0x0003ae67. Error - 5/14/2012 10:40:46 PM | Computer Name = STOLL | Source = Media Center Scheduler | ID = 0 Description = [ System Events ] Error - 5/14/2012 2:27:01 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AliIde IntelIde Pcmcia ViaIde Error - 5/14/2012 2:42:28 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7000 Description = The MOBCleanup service failed to start due to the following error: %%2 Error - 5/14/2012 2:43:58 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. Error - 5/14/2012 2:43:58 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AliIde IntelIde Pcmcia ViaIde Error - 5/14/2012 6:49:54 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7000 Description = The MOBCleanup service failed to start due to the following error: %%2 Error - 5/14/2012 6:51:20 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. Error - 5/14/2012 8:58:40 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7000 Description = The MOBCleanup service failed to start due to the following error: %%2 Error - 5/14/2012 9:00:07 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. Error - 5/14/2012 10:38:16 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7000 Description = The MOBCleanup service failed to start due to the following error: %%2 Error - 5/14/2012 10:39:43 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7022 Description = The HP CUE DeviceDiscovery Service service hung on starting. < End of report >
  15. Tried deleting the virus but Avira scans there are still 4 but access is denied. But the Malwarebyte full scan says nothing is detected. When computer is restarted, the SMART repair data recovery pop up is no longer there but there is still nothing but a blue screen with nothing listed under programs. In the background dd.exe file needs to close pop up appears instead and the error message of a corrupted file keeps running like 50 times flooding the screen. Need HELP please... I've attached the dds. files here. Thanks alot. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Jeff at 16:53:09 on 2012-05-14 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1226 [GMT -8:00] . AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uSearch Page = hxxp://search.live.com uSearch Bar = hxxp://search.live.com/sphome.aspx uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s mSearchAssistant = hxxp://search.live.com/sphome.aspx uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll" TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [Device Detection] c:\program files\fujifilm\myfinepix studio\dd.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [nwiz] nwiz.exe /installquiet /nodetect mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe mRun: [RecGuard] c:\windows\sminst\RecGuard.exe mRun: [Reminder] c:\windows\creator\Remind_XP.exe mRun: [hpqSRMon] mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\jeff\startm~1\programs\startup\vongot~1.lnk - c:\program files\vongo\Tray.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: ahrn.com\www Trusted Zone: ahrn.com\www* Trusted Zone: chase.com Trusted Zone: internet Trusted Zone: mcafee.com DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.165.131.12 209.165.131.13 0.0.0.0 TCP: Interfaces\{8D7DC3B9-18BF-4DC8-97E5-50572F9D29C8} : DhcpNameServer = 209.165.131.12 209.165.131.13 0.0.0.0 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: ackpbsc - c:\windows\system32\ackpbsc.dll Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jeff\application data\mozilla\firefox\profiles\wifw4z5k.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-20 11608] R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-20 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-20 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-20 66616] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-14 654408] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\McSACore.exe [2009-12-3 95200] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-12-10 92008] R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-14 22344] S2 0062421329956074mcinstcleanup;McAfee Application Installer Cleanup (0062421329956074);c:\windows\temp\006242~1.exe -cleanup -nolog --> c:\windows\temp\006242~1.EXE -cleanup -nolog [?] S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] S2 MOBCleanup;MOBCleanup;"c:\docume~1\jeff\locals~1\temp\mobcleanup.exe" --> c:\docume~1\jeff\locals~1\temp\MOBCleanup.exe [?] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 257696] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2010-1-6 57856] S3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [2011-2-14 219648] S3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [2011-2-14 475264] . =============== Created Last 30 ================ . 2012-05-14 16:44:21 -------- d-----w- c:\documents and settings\jeff\application data\Malwarebytes 2012-05-14 16:44:15 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-14 16:44:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-14 16:44:15 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-04-23 17:24:12 -------- d--h--w- c:\program files\PureEdge1 . ==================== Find3M ==================== . 2012-05-05 00:10:22 70304 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 00:10:22 419488 ---ha-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-11 13:14:41 2148352 ---ha-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12:06 1862272 ---ha-w- c:\windows\system32\win32k.sys 2012-04-11 12:35:51 2026496 ---ha-w- c:\windows\system32\ntkrnlpa.exe 2012-03-01 11:01:32 916992 ---ha-w- c:\windows\system32\wininet.dll 2012-03-01 11:01:32 43520 ---ha-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01:32 1469440 ---h--w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:16 177664 ---ha-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:16 148480 ---ha-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ---ha-w- c:\windows\system32\html.iec 2001-06-20 21:19:18 40960 ---ha-w- c:\program files\ACMonitor_X83.exe . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce IDE Driver 1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8A59DAB8] 3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\0000007d[0x8A591BE0] 5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\0000007c[0x8A4FA658] kernel: MBR read successfully _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; } user != kernel MBR !!! . ============= FINISH: 16:54:11.25 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.