brightjoy2
-
Posts
15 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by brightjoy2
-
-
2012/05/19 19:27:28 -0800 STOLL MESSAGE Starting protection
2012/05/19 19:27:36 -0800 STOLL MESSAGE Protection started successfully
2012/05/19 19:27:39 -0800 STOLL MESSAGE Executing scheduled update: Daily
2012/05/19 19:27:39 -0800 STOLL MESSAGE Starting IP protection
2012/05/19 19:27:56 -0800 STOLL MESSAGE Scheduled update executed successfully: database updated from version v2012.05.18.08 to version v2012.05.20.01
2012/05/19 19:29:16 -0800 STOLL Jeff MESSAGE IP Protection started successfully
2012/05/19 19:29:16 -0800 STOLL Jeff MESSAGE Starting database refresh
2012/05/19 19:29:16 -0800 STOLL Jeff MESSAGE Stopping IP protection
2012/05/19 19:29:17 -0800 STOLL Jeff MESSAGE IP Protection stopped
2012/05/19 19:29:27 -0800 STOLL Jeff MESSAGE Database refreshed successfully
2012/05/19 19:29:27 -0800 STOLL Jeff MESSAGE Starting IP protection
2012/05/19 19:29:37 -0800 STOLL Jeff MESSAGE IP Protection started successfully
2012/05/19 20:29:32 -0800 STOLL Jeff MESSAGE Executing scheduled update: Daily
2012/05/19 20:29:34 -0800 STOLL Jeff MESSAGE Database already up-to-date
The Eset scan came out clean with no threats, there wasn't a log that I can copy like a list of threats. And the Malware report is also clean.
-
15.15641 - http://www.gmer.net
Rootkit scan 2012-05-18 17:58:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000007b ST9100824AS rev.7.24
Running: zizmd605.exe; Driver: C:\DOCUME~1\Jeff\LOCALS~1\Temp\pxtdypob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \FileSystem\Cdfs \Cdfs F6639400
---- EOF - GMER 1.0.15 ----
-
The GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-17 19:52:22
Windows 5.1.2600 Service Pack 3
Running: qx4x3rwb.exe; Driver: C:\DOCUME~1\Jeff\LOCALS~1\Temp\pxtdypod.sys
---- Modules - GMER 1.0.15 ----
Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F798D000-F798F000 (8192 bytes)
Module aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) F798F000-F7991000 (8192 bytes)
Module nvata.sys (NVIDIA® nForce IDE Performance Driver/NVIDIA Corporation) F7393000-F73AC000 (102400 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F7717000-F771C000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\cpqbttn.sys (HP Tablet PC Key Button HID Driver/Hewlett-Packard Development Company, L.P.) F7923000-F7926000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\nvsmu.sys (NVIDIA® nForce SMU Microcontroller Driver/NVIDIA Corporation) F7933000-F7936000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) F71BF000-F71E7000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\nvnetbus.sys (NVIDIA Networking Bus Driver./NVIDIA Corporation) F795B000-F795F000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\NVNRM.SYS (NVIDIA Network Resource Manager./NVIDIA Corporation) F7174000-F71BF000 (307200 bytes)
Module \SystemRoot\system32\DRIVERS\NVSNPU.SYS (NVIDIA Networking Soft-NPU Driver./NVIDIA Corporation) F713D000-F7174000 (225280 bytes)
Module \SystemRoot\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) F710D000-F713D000 (196608 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F777F000-F7784000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\NVENETFD.sys (NVIDIA Networking Function Driver./NVIDIA Corporation) F75C7000-F75D0000 (36864 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BF012000-BF059000 (290816 bytes)
Module \??\C:\DOCUME~1\Jeff\LOCALS~1\Temp\catchme.sys F780F000-F7817000 (32768 bytes)
Module \??\C:\DOCUME~1\Jeff\LOCALS~1\Temp\pxtdypod.sys (GMER) F6498000-F64B1000 (102400 bytes)
---- Processes - GMER 1.0.15 ----
Process C:\WINDOWS\explorer.exe (Windows Explorer/Microsoft Corporation) 248
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x10000000
Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 560
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Process C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 584
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\ackpbsc.dll (ackpbsc/ActivIdentity) 0x10000000
Library C:\WINDOWS\system32\aclog.dll (ActivIdentity Log API/ActivIdentity) 0x00FA0000
Library C:\WINDOWS\system32\ACLIBEAY.dll (OpenSSL Shared Library/ActivIdentity) 0x01090000
Library C:\WINDOWS\system32\acevtsub.dll (ActivIdentity Event Subscriber DLL/ActivIdentity) 0x01180000
Library C:\WINDOWS\system32\asphat32.dll (asphat32/ActivIdentity) 0x011B0000
Library C:\WINDOWS\system32\acerrmes.dll (acerrmes DLL/ActivIdentity) 0x01210000
Library C:\WINDOWS\system32\aspcom.dll (ASPCOM API/ActivIdentity) 0x01230000
Library C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll (acerrmes DLL/ActivIdentity) 0x01270000
Library C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll (asphat32/ActivIdentity) 0x013D0000
Library C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (acunlock DLL/ActivIdentity) 0x01C80000
Library C:\WINDOWS\system32\aipingui.dll (Common Application GUI resources/ActivIdentity) 0x01CE0000
Library C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll (Common Application GUI resources/ActivIdentity) 0x01D30000
Library C:\Program Files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll (acCobAPI resources DLL/ActivIdentity) 0x01DB0000
Library C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll (acunlock DLL/ActivIdentity) 0x01E10000
Process C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) 628
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 640
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 800
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 872
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1040
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1052
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Process C:\Program Files\internet explorer\iexplore.exe (Internet Explorer/Microsoft Corporation) 1092
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Process C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 1132
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1168
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Process C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity Event Service/ActivIdentity) 1252
Library C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity Event Service/ActivIdentity) 0x00400000
Library C:\WINDOWS\system32\aclog.dll (ActivIdentity Log API/ActivIdentity) 0x10000000
Library C:\WINDOWS\system32\asphat32.dll (asphat32/ActivIdentity) 0x00350000
Library C:\WINDOWS\system32\ackpbsc.dll (ackpbsc/ActivIdentity) 0x003C0000
Library C:\WINDOWS\system32\ACLIBEAY.dll (OpenSSL Shared Library/ActivIdentity) 0x00420000
Library C:\WINDOWS\system32\acerrmes.dll (acerrmes DLL/ActivIdentity) 0x004D0000
Library C:\WINDOWS\system32\acevtsub.dll (ActivIdentity Event Subscriber DLL/ActivIdentity) 0x004F0000
Library C:\WINDOWS\system32\aspcom.dll (ASPCOM API/ActivIdentity) 0x00520000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll (acerrmes DLL/ActivIdentity) 0x008C0000
Library C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll (asphat32/ActivIdentity) 0x00920000
Process C:\Documents and Settings\Jeff\Desktop\qx4x3rwb.exe 1268
Library C:\Documents and Settings\Jeff\Desktop\qx4x3rwb.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Process C:\Program Files\internet explorer\iexplore.exe (Internet Explorer/Microsoft Corporation) 1816
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\Macromed\Flash\Flash32_11_2_202_235.ocx (Adobe Flash Player 11.2 r202/Adobe Systems, Inc.) 0x10000000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\TEMP\006242~1.EXE [AUTO] 0062421329956074mcinstcleanup
Service C:\WINDOWS\System32\Drivers\5U870CAP.sys (Ricoh USB Camera driver/Ricoh) [MANUAL] 5U870CAP_VID_1262&PID_25FD
Service C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity Cache Server/ActivIdentity) [AUTO] accoca
Service C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Add Filter For Usb/Hewlett-Packard Development Company, L.P.) [MANUAL] AddFiltr
Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 11.2 r202/Adobe Systems Incorporated) [MANUAL] AdobeFlashPlayerUpdateSvc
Service C:\WINDOWS\system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [bOOT] AliIde
Service C:\WINDOWS\system32\DRIVERS\amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) [DISABLED] amdagp
Service C:\WINDOWS\system32\DRIVERS\AmdK8.sys (AMD Processor Driver/Advanced Micro Devices) [sYSTEM] AmdK8
Service C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService
Service C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService
Service C:\WINDOWS\system32\DRIVERS\asc.sys (AdvanSys SCSI Controller Driver/Advanced System Products, Inc.) [DISABLED] asc
Service C:\WINDOWS\system32\DRIVERS\asc3550.sys (AdvanSys Ultra-Wide PCI SCSI Driver/Advanced System Products, Inc.) [DISABLED] asc3550
Service C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [sYSTEM] avgio
Service C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt
Service C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for Security Enhancement/Avira GmbH) [sYSTEM] avipbb
Service C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom 802.11 Network Adapter wireless driver/Broadcom Corporation) [MANUAL] BCM43XX
Service C:\WINDOWS\System32\Drivers\btwusb.sys (Driver for Bluetooth USB Devices/Broadcom Corporation.) [MANUAL] BTWUSB
Service C:\DOCUME~1\Jeff\LOCALS~1\Temp\catchme.sys [MANUAL] catchme
Service C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [DISABLED] CmdIde
Service C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Disk Array Controller Driver/Mylex Corporation) [DISABLED] dac2w2k
Service C:\WINDOWS\system32\DRIVERS\eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) [sYSTEM] eabfiltr
Service C:\WINDOWS\system32\DRIVERS\eabusb.sys (QLB USB Keyboard filter driver/Hewlett-Packard Development Company, L.P.) [MANUAL] eabusb
Service C:\WINDOWS\system32\DRIVERS\cpqbttn.sys (HP Tablet PC Key Button HID Driver/Hewlett-Packard Development Company, L.P.) [MANUAL] HBtnKey
Service C:\WINDOWS\system32\drivers\CHDAud.sys (High Definition Audio Function Driver/Conexant Systems Inc.) [MANUAL] HdAudAddService
Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) [MANUAL] HDAudBus
Service C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (hpqwmiex Module/Hewlett-Packard Development Company, L.P.) [AUTO] hpqwmiex
Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412
Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12
Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12
Service C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.) [MANUAL] HSFHWAZL
Service C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DPV
Service C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver/Intel Corporation) [DISABLED] iaStor
Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\Program Files\Java\jre6\bin\jqs.exe (Java Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) [AUTO] LightScribeService
Service C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMProtector
Service C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation) [AUTO] MBAMService
Service c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe (SiteAdvisor/McAfee, Inc.) [AUTO] McAfee SiteAdvisor Service
Service C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant) [AUTO] mdmxsdk
Service C:\DOCUME~1\Jeff\LOCALS~1\Temp\MOBCleanup.exe [AUTO] MOBCleanup
Service C:\WINDOWS\system32\DRIVERS\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Whistler 32/American Megatrends Inc.) [DISABLED] mraid35x
Service MSDTC Bridge 3.0.0.0
Service C:\WINDOWS\system32\mqtgsvc.exe (Windows NT MSMQ Trigger Service/Microsoft Corporation) [AUTO] MSMQTriggers
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 86.19 /NVIDIA Corporation) [MANUAL] nv
Service C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA® nForce IDE Performance Driver/NVIDIA Corporation) [bOOT] nvata
Service C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Networking Function Driver./NVIDIA Corporation) [MANUAL] NVENETFD
Service C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Networking Bus Driver./NVIDIA Corporation) [MANUAL] nvnetbus
Service C:\WINDOWS\system32\DRIVERS\nvsmu.sys (NVIDIA® nForce SMU Microcontroller Driver/NVIDIA Corporation) [MANUAL] nvsmu
Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 86.19/NVIDIA Corporation) [AUTO] NVSvc
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [bOOT] PxHelp20
Service C:\WINDOWS\system32\DRIVERS\ql1080.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql1080
Service C:\WINDOWS\system32\DRIVERS\ql12160.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql12160
Service C:\WINDOWS\system32\DRIVERS\ql1280.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql1280
Service C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (RICOH MMC Driver/REDC) [MANUAL] rimmptsk
Service C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (RICOH MS Driver/REDC) [MANUAL] rimsptsk
Service C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (RICOH XD SM Driver/REDC) [MANUAL] rismxdp
Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek RTL8139 NDIS 5.0 Driver/Realtek Semiconductor Corporation) [MANUAL] rtl8139
Service C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys (PC-SC CCID Driver for SCR3xx USB Smart Card Reader/SCM Microsystems Inc.) [MANUAL] SCR3XX2K
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\WINDOWS\system32\DRIVERS\sisagp.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) [DISABLED] sisagp
Service SMSvcHost 3.0.0.0
Service C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec AIC-6x60 series SCSI miniport/Adaptec, Inc.) [DISABLED] Sparrow
Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [sYSTEM] ssmdrv
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc. SCSI Miniport Driver/Symbios Logic Inc.) [DISABLED] symc810
Service C:\WINDOWS\system32\DRIVERS\symc8xx.sys (Symbios 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] symc8xx
Service C:\WINDOWS\system32\DRIVERS\sym_hi.sys (Symbios Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] sym_hi
Service C:\WINDOWS\system32\DRIVERS\sym_u3.sys (Symbios Ultra3 SCSI Miniport Driver/LSI Logic) [DISABLED] sym_u3
Service C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) [MANUAL] SynTP
Service C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Windows Service for TomTom HOME/TomTom) [AUTO] TomTomHOMEService
Service system32\DRIVERS\UIUSYS.SYS [MANUAL] UIUSys
Service C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Ultra66 Miniport Driver/Promise Technology, Inc.) [DISABLED] ultra
Service C:\WINDOWS\System32\Drivers\usbvm326.sys (Vc0326 Video Driver For Serome/Vimicro Corporation) [MANUAL] usbvm328
Service C:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [bOOT] ViaIde
Service C:\WINDOWS\system32\drivers\vmfilter323.sys (VC326, Serome, 640* 480, all format/Vimicro Corporation) [MANUAL] vmfilter323
Service C:\Program Files\Vongo\VongoService.exe (Vongo Download Manager/Starz Entertainment Group LLC) [AUTO] Vongo Service
Service C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf
Service Windows Workflow Foundation 3.0.0.0
---- EOF - GMER 1.0.15 ----
new GMER scan log
-
ComboFix 12-05-17.08 - Jeff 05/17/2012 19:35:25.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1729 [GMT -8:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jeff\Desktop\Data_Recovery.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
.
.
2012-05-17 05:20 . 2012-05-17 05:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-05-14 16:44 . 2012-05-14 16:44 -------- d-----w- c:\documents and settings\Jeff\Application Data\Malwarebytes
2012-05-14 16:44 . 2012-05-14 16:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-14 16:44 . 2012-05-14 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-14 16:44 . 2012-04-04 23:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 17:33 . 2012-05-11 00:18 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-23 17:24 . 2012-04-23 17:24 -------- d-----w- c:\program files\PureEdge1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 00:10 . 2012-04-05 23:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 00:10 . 2012-04-05 23:58 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:14 . 2006-03-16 04:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-03-16 04:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2006-03-16 04:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01 . 2006-03-16 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-03-16 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-03-16 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-03-16 04:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-03-16 04:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-03-16 04:00 385024 ----a-w- c:\windows\system32\html.iec
2001-06-20 21:19 . 2001-06-19 21:34 40960 ----a-w- c:\program files\ACMonitor_X83.exe
2012-01-29 15:55 . 2012-02-08 03:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 19:28 1307928 ----a-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-27 15026056]
"Device Detection"="c:\program files\FUJIFILM\MyFinePix Studio\dd.exe" [2011-06-07 404664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-11 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"nwiz"="nwiz.exe" [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\Jeff\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 20:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 20:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
.
S2 0062421329956074mcinstcleanup;McAfee Application Installer Cleanup (0062421329956074);c:\windows\TEMP\006242~1.EXE -cleanup -nolog --> c:\windows\TEMP\006242~1.EXE -cleanup -nolog [?]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 12:08 PM 182576]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/20/2010 8:13 PM 136360]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2/10/2012 11:28 AM 193816]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/14/2012 8:44 AM 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [12/3/2009 1:37 PM 95200]
S2 MOBCleanup;MOBCleanup;"c:\docume~1\Jeff\LOCALS~1\Temp\MOBCleanup.exe" --> c:\docume~1\Jeff\LOCALS~1\Temp\MOBCleanup.exe [?]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [12/10/2010 4:29 AM 92008]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 12:39 PM 61952]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 3:58 PM 257696]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2/10/2012 11:28 AM 240408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/14/2012 8:44 AM 22344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [1/6/2010 7:19 PM 57856]
S3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [2/14/2011 1:40 PM 219648]
S3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [2/14/2011 1:40 PM 475264]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:10]
.
2012-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: ahrn.com\www
Trusted Zone: ahrn.com\www*
Trusted Zone: chase.com
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 209.165.131.12 209.165.131.13 0.0.0.0
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\wifw4z5k.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-17 19:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????Q??????Y?@?????<?@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
.
Completion time: 2012-05-17 19:45:08
ComboFix-quarantined-files.txt 2012-05-18 03:45
ComboFix2.txt 2012-05-16 01:30
.
Pre-Run: 24,524,951,552 bytes free
Post-Run: 24,508,145,664 bytes free
.
- - End Of File - - 1221430E0B002328A8FCAAFDC9C18421
-
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-16 22:48:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000007e rev.
Running: qx4x3rwb.exe; Driver: C:\DOCUME~1\Jeff\LOCALS~1\Temp\pxtdypob.sys
---- System - GMER 1.0.15 ----
SSDT EE6B468C ZwClose
SSDT EE6B4646 ZwCreateKey
SSDT EE6B4696 ZwCreateSection
SSDT EE6B463C ZwCreateThread
SSDT EE6B464B ZwDeleteKey
SSDT EE6B4655 ZwDeleteValueKey
SSDT EE6B4687 ZwDuplicateObject
SSDT EE6B465A ZwLoadKey
SSDT EE6B4628 ZwOpenProcess
SSDT EE6B462D ZwOpenThread
SSDT EE6B4664 ZwReplaceKey
SSDT EE6B465F ZwRestoreKey
SSDT EE6B469B ZwSetContextThread
SSDT EE6B4650 ZwSetValueKey
SSDT EE6B4637 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6105360, 0x225D9D, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1732] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3208] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3208] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3208] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\internet explorer\iexplore.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- EOF - GMER 1.0.15 ----
-
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 140):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7358000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7347000 pci.sys
0xF7487000 isapnp.sys
0xF7497000 ohci1394.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF798D000 viaide.sys
0xF798F000 aliide.sys
0xF7329000 pcmcia.sys
0xF74B7000 MountMgr.sys
0xF730A000 ftdisk.sys
0xF7991000 dmload.sys
0xF72E4000 dmio.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF74C7000 VolSnap.sys
0xF72CC000 atapi.sys
0xF72B3000 nvata.sys
0xF74D7000 disk.sys
0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7293000 fltmgr.sys
0xF7281000 sr.sys
0xF7717000 PxHelp20.sys
0xF726A000 KSecDD.sys
0xF71DD000 Ntfs.sys
0xF71B0000 NDIS.sys
0xF74F7000 Serial.sys
0xF7196000 Mup.sys
0xF7697000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF7152000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF714E000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF780F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF6B50000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF6707000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF66F3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6B3C000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0xF7817000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF66CF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF781F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7537000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF66AC000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6684000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6B34000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF6639000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF6602000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF76D7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7827000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF65D2000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79CB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF782F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7ABD000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6B30000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF65BB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7507000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7837000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF65AA000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7517000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF783F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7847000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6552000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7527000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79CD000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF64F4000 \SystemRoot\system32\DRIVERS\update.sys
0xF793F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF794B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7557000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6B0C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF6AFC000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF2E29000 \SystemRoot\system32\drivers\CHDAud.sys
0xF2E05000 \SystemRoot\system32\drivers\portcls.sys
0xF7677000 \SystemRoot\system32\drivers\drmk.sys
0xF2DD2000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xF2CE0000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF2C2E000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF77A7000 \SystemRoot\System32\Drivers\Modem.SYS
0xF3AFE000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7A4D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEFA2D000 \SystemRoot\System32\Drivers\Null.SYS
0xF7993000 \SystemRoot\System32\Drivers\Beep.SYS
0xF11E2000 \SystemRoot\System32\drivers\vga.sys
0xF7995000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7997000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF11DA000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF11D2000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF3AFA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEC903000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEC8AA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEC882000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEC85C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF2ED6000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF0D59000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEC83A000 \SystemRoot\System32\drivers\afd.sys
0xF0D49000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF79A3000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0xF11CA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xEC80F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEC79F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF0012000 \SystemRoot\System32\Drivers\Fips.SYS
0xEC778000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7A2F000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xEC754000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEC73B000 \SystemRoot\System32\Drivers\dump_nvata.sys
0xF7A45000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF0026000 \SystemRoot\System32\drivers\Dxapi.sys
0xEF181000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B74000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3E0000 \SystemRoot\System32\ATMFD.DLL
0xBA5E9000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xEB00E000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xEE9B6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9D6C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB9D2F000 \SystemRoot\system32\drivers\wdmaud.sys
0xF00A3000 \SystemRoot\system32\drivers\sysaudio.sys
0xB9B29000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB8F48000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8E00000 \SystemRoot\system32\DRIVERS\srv.sys
0xB8DC8000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB8C09000 \??\C:\WINDOWS\system32\drivers\mqac.sys
0xB8B0F000 \??\C:\WINDOWS\system32\drivers\RMCast.sys
0xB7A8A000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB741D000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 78):
0 System Idle Process
4 System
596 C:\WINDOWS\system32\smss.exe
644 csrss.exe
672 C:\WINDOWS\system32\winlogon.exe
716 C:\WINDOWS\system32\services.exe
728 C:\WINDOWS\system32\lsass.exe
916 C:\WINDOWS\system32\svchost.exe
964 svchost.exe
1060 C:\WINDOWS\system32\svchost.exe
1184 svchost.exe
1260 svchost.exe
1392 C:\WINDOWS\system32\spoolsv.exe
1476 acevents.exe
1484 scardsvr.exe
1504 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1656 svchost.exe
1872 C:\WINDOWS\explorer.exe
2016 C:\WINDOWS\ehome\ehtray.exe
2044 C:\Program Files\Java\jre6\bin\jusched.exe
272 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
288 C:\Program Files\HP\QuickPlay\QPService.exe
328 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
348 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
360 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
548 C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
400 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
580 C:\Program Files\QuickTime\QTTask.exe
588 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
612 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
624 C:\Program Files\Skype\Phone\Skype.exe
1008 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
1024 C:\WINDOWS\system32\ctfmon.exe
1428 C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
1572 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1396 C:\Program Files\Vongo\Tray.exe
1720 msdtc.exe
1192 C:\Program Files\ActivIdentity\ActivClient\accoca.exe
1972 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1980 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
2012 C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
2080 C:\WINDOWS\ehome\ehrecvr.exe
2104 C:\WINDOWS\ehome\ehSched.exe
2152 C:\WINDOWS\system32\svchost.exe
2216 C:\Program Files\Java\jre6\bin\jqs.exe
2256 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2428 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2828 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2852 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
2928 C:\WINDOWS\system32\svchost.exe
2948 C:\WINDOWS\system32\nvsvc32.exe
2964 C:\WINDOWS\system32\svchost.exe
3096 svchost.exe
3288 C:\WINDOWS\system32\svchost.exe
3496 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
3792 C:\Program Files\Vongo\VongoService.exe
3840 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2748 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3452 mcrdsvc.exe
3716 C:\WINDOWS\system32\mqsvc.exe
416 C:\WINDOWS\system32\wuauclt.exe
3532 C:\WINDOWS\system32\mqtgsvc.exe
3556 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3832 C:\Program Files\Internet Explorer\iexplore.exe
3580 C:\WINDOWS\system32\rundll32.exe
2472 wmiprvse.exe
3592 C:\WINDOWS\system32\dllhost.exe
2940 C:\WINDOWS\system32\wbem\wmiapsrv.exe
404 alg.exe
2772 C:\WINDOWS\system32\svchost.exe
2320 C:\Program Files\Internet Explorer\iexplore.exe
1748 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
512 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
1688 C:\WINDOWS\ehome\ehmsas.exe
480 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
5400 C:\Program Files\Internet Explorer\iexplore.exe
3480 C:\WINDOWS\system32\wscntfy.exe
4420 C:\Documents and Settings\Jeff\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`26913400 (FAT32)
PhysicalDrive0 Model Number: ST9100824AS, Rev: 7.24
Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F19F100B4DC860880BDC331CC9D56B1C13F605D5
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
-
This is after running the combofix, thanks
7:37:53.0375 1776 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
17:37:53.0968 1776 ============================================================
17:37:53.0968 1776 Current date / time: 2012/05/15 17:37:53.0968
17:37:53.0968 1776 SystemInfo:
17:37:53.0968 1776
17:37:53.0968 1776 OS Version: 5.1.2600 ServicePack: 3.0
17:37:53.0968 1776 Product type: Workstation
17:37:53.0968 1776 ComputerName: STOLL
17:37:53.0968 1776 UserName: Jeff
17:37:53.0968 1776 Windows directory: C:\WINDOWS
17:37:53.0968 1776 System windows directory: C:\WINDOWS
17:37:53.0968 1776 Processor architecture: Intel x86
17:37:53.0968 1776 Number of processors: 2
17:37:53.0968 1776 Page size: 0x1000
17:37:53.0968 1776 Boot type: Normal boot
17:37:53.0968 1776 ============================================================
17:37:55.0187 1776 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:37:55.0187 1776 ============================================================
17:37:55.0187 1776 \Device\Harddisk0\DR0:
17:37:55.0187 1776 MBR partitions:
17:37:55.0187 1776 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA13099A
17:37:55.0187 1776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0xA13489A, BlocksNum 0x171A8E4
17:37:55.0187 1776 ============================================================
17:37:55.0265 1776 C: <-> \Device\Harddisk0\DR0\Partition0
17:37:55.0296 1776 D: <-> \Device\Harddisk0\DR0\Partition1
17:37:55.0296 1776 ============================================================
17:37:55.0296 1776 Initialize success
17:37:55.0296 1776 ============================================================
17:38:03.0796 3128 Deinitialize success
-
ComboFix 12-05-15.04 - Jeff 05/15/2012 17:12:37.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1715 [GMT -8:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\883o8ZUhSyoNka
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\J\GoToAssistDownloadHelper.exe
c:\documents and settings\J\WINDOWS
c:\documents and settings\Jeff\WINDOWS
c:\windows\system32\system
D:\Autorun.inf
.
Infected copy of c:\windows\system32\Version.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\version.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
2012-05-14 16:44 . 2012-05-14 16:44 -------- d-----w- c:\documents and settings\Jeff\Application Data\Malwarebytes
2012-05-14 16:44 . 2012-05-14 16:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-14 16:44 . 2012-05-14 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-14 16:44 . 2012-04-04 23:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 17:33 . 2012-05-11 00:18 -------- d--h--w- c:\program files\Microsoft Silverlight
2012-04-23 17:24 . 2012-04-23 17:24 -------- d--h--w- c:\program files\PureEdge1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 00:10 . 2012-04-05 23:58 70304 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 00:10 . 2012-04-05 23:58 419488 ---ha-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:14 . 2006-03-16 04:00 2148352 ---ha-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-03-16 04:00 1862272 ---ha-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2006-03-16 04:00 2026496 ---ha-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01 . 2006-03-16 04:00 916992 ---ha-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-03-16 04:00 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-03-16 04:00 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-03-16 04:00 177664 ---ha-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-03-16 04:00 148480 ---ha-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-03-16 04:00 385024 ---ha-w- c:\windows\system32\html.iec
2001-06-20 21:19 . 2001-06-19 21:34 40960 ---ha-w- c:\program files\ACMonitor_X83.exe
2012-01-29 15:55 . 2012-02-08 03:15 134104 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 19:28 1307928 ---ha-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-27 15026056]
"Device Detection"="c:\program files\FUJIFILM\MyFinePix Studio\dd.exe" [2011-06-07 404664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-11 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"nwiz"="nwiz.exe" [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\Jeff\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 20:08 112640 ---ha-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 20:08 281088 ---ha-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
.
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 12:08 PM 182576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/20/2010 8:13 PM 136360]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2/10/2012 11:28 AM 193816]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/14/2012 8:44 AM 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [12/3/2009 1:37 PM 95200]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [12/10/2010 4:29 AM 92008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/14/2012 8:44 AM 22344]
S2 0062421329956074mcinstcleanup;McAfee Application Installer Cleanup (0062421329956074);c:\windows\TEMP\006242~1.EXE -cleanup -nolog --> c:\windows\TEMP\006242~1.EXE -cleanup -nolog [?]
S2 MOBCleanup;MOBCleanup;"c:\docume~1\Jeff\LOCALS~1\Temp\MOBCleanup.exe" --> c:\docume~1\Jeff\LOCALS~1\Temp\MOBCleanup.exe [?]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 12:39 PM 61952]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 3:58 PM 257696]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2/10/2012 11:28 AM 240408]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [1/6/2010 7:19 PM 57856]
S3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [2/14/2011 1:40 PM 219648]
S3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [2/14/2011 1:40 PM 475264]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:10]
.
2012-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: ahrn.com\www
Trusted Zone: ahrn.com\www*
Trusted Zone: chase.com
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 209.165.131.12 209.165.131.13 0.0.0.0
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\wifw4z5k.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-hpqSRMon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-15 17:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????Q??????Y?@?????<?@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
.
- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\msdtc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2012-05-15 17:30:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-16 01:30
.
Pre-Run: 24,360,603,648 bytes free
Post-Run: 24,458,252,288 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 44EF6B2B1F37FF8E7E8DB7076DA0964D
-
I am wondering if I had disable the Avira in the safemode. I tried to reboot in safe mode with networking to be sure if I had turn it off. Realise that I'm not so sure after all but the Avira control center said service stopped, instead of disabled. If you can tell me how to disable it again, I'll retry it one more time
-
15:48:21.0921 0952 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
15:48:22.0390 0952 ============================================================
15:48:22.0390 0952 Current date / time: 2012/05/15 15:48:22.0390
15:48:22.0390 0952 SystemInfo:
15:48:22.0390 0952
15:48:22.0390 0952 OS Version: 5.1.2600 ServicePack: 3.0
15:48:22.0390 0952 Product type: Workstation
15:48:22.0390 0952 ComputerName: STOLL
15:48:22.0390 0952 UserName: Jeff
15:48:22.0390 0952 Windows directory: C:\WINDOWS
15:48:22.0390 0952 System windows directory: C:\WINDOWS
15:48:22.0390 0952 Processor architecture: Intel x86
15:48:22.0390 0952 Number of processors: 2
15:48:22.0390 0952 Page size: 0x1000
15:48:22.0390 0952 Boot type: Safe boot with network
15:48:22.0390 0952 ============================================================
15:48:24.0656 0952 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:48:24.0656 0952 ============================================================
15:48:24.0656 0952 \Device\Harddisk0\DR0:
15:48:24.0656 0952 MBR partitions:
15:48:24.0656 0952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA13099A
15:48:24.0656 0952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0xA13489A, BlocksNum 0x171A8E4
15:48:24.0656 0952 ============================================================
15:48:24.0890 0952 C: <-> \Device\Harddisk0\DR0\Partition0
15:48:24.0906 0952 D: <-> \Device\Harddisk0\DR0\Partition1
15:48:24.0906 0952 ============================================================
15:48:24.0906 0952 Initialize success
15:48:24.0906 0952 ============================================================
15:48:28.0265 1020 ============================================================
15:48:28.0265 1020 Scan started
15:48:28.0265 1020 Mode: Manual;
15:48:28.0265 1020 ============================================================
15:48:28.0562 1020 0062421329956074mcinstcleanup - ok
15:48:28.0703 1020 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys
15:48:28.0703 1020 5U870CAP_VID_1262&PID_25FD - ok
15:48:28.0718 1020 Abiosdsk - ok
15:48:28.0843 1020 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:48:28.0843 1020 abp480n5 - ok
15:48:28.0937 1020 accoca (ec4a5d4e36a8e49261cd823450e0ba51) C:\Program Files\ActivIdentity\ActivClient\accoca.exe
15:48:28.0937 1020 accoca - ok
15:48:28.0984 1020 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:48:28.0984 1020 ACPI - ok
15:48:29.0000 1020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:48:29.0000 1020 ACPIEC - ok
15:48:29.0109 1020 AddFiltr (746742588c07db53731143229e2ee450) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
15:48:29.0109 1020 AddFiltr - ok
15:48:29.0218 1020 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:48:29.0218 1020 AdobeFlashPlayerUpdateSvc - ok
15:48:29.0265 1020 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:48:29.0265 1020 adpu160m - ok
15:48:29.0328 1020 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:48:29.0328 1020 aec - ok
15:48:29.0375 1020 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:48:29.0375 1020 AFD - ok
15:48:29.0437 1020 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:48:29.0437 1020 agp440 - ok
15:48:29.0453 1020 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:48:29.0453 1020 agpCPQ - ok
15:48:29.0500 1020 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:48:29.0500 1020 Aha154x - ok
15:48:29.0531 1020 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:48:29.0531 1020 aic78u2 - ok
15:48:29.0546 1020 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:48:29.0546 1020 aic78xx - ok
15:48:29.0625 1020 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:48:29.0625 1020 Alerter - ok
15:48:29.0640 1020 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:48:29.0640 1020 ALG - ok
15:48:29.0671 1020 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:48:29.0671 1020 AliIde - ok
15:48:29.0687 1020 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:48:29.0687 1020 alim1541 - ok
15:48:29.0718 1020 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:48:29.0718 1020 amdagp - ok
15:48:29.0750 1020 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:48:29.0765 1020 AmdK8 - ok
15:48:29.0796 1020 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:48:29.0796 1020 amsint - ok
15:48:29.0968 1020 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:48:29.0968 1020 AntiVirSchedulerService - ok
15:48:30.0015 1020 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:48:30.0015 1020 AntiVirService - ok
15:48:30.0046 1020 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:48:30.0062 1020 AppMgmt - ok
15:48:30.0093 1020 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:48:30.0109 1020 Arp1394 - ok
15:48:30.0140 1020 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:48:30.0140 1020 asc - ok
15:48:30.0187 1020 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:48:30.0187 1020 asc3350p - ok
15:48:30.0218 1020 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:48:30.0234 1020 asc3550 - ok
15:48:30.0406 1020 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:48:30.0453 1020 aspnet_state - ok
15:48:30.0500 1020 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:48:30.0500 1020 AsyncMac - ok
15:48:30.0531 1020 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:48:30.0546 1020 atapi - ok
15:48:30.0546 1020 Atdisk - ok
15:48:30.0593 1020 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:48:30.0593 1020 Atmarpc - ok
15:48:30.0640 1020 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:48:30.0640 1020 AudioSrv - ok
15:48:30.0687 1020 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:48:30.0687 1020 audstub - ok
15:48:30.0718 1020 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:48:30.0718 1020 avgio - ok
15:48:30.0765 1020 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:48:30.0765 1020 avgntflt - ok
15:48:30.0812 1020 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:48:30.0828 1020 avipbb - ok
15:48:30.0937 1020 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
15:48:30.0953 1020 BBSvc - ok
15:48:31.0062 1020 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
15:48:31.0062 1020 BBUpdate - ok
15:48:31.0125 1020 BCM43XX (114234fafec7060392195170e1c4d45e) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:48:31.0140 1020 BCM43XX - ok
15:48:31.0171 1020 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:48:31.0171 1020 Beep - ok
15:48:31.0234 1020 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:48:31.0359 1020 BITS - ok
15:48:31.0406 1020 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:48:31.0406 1020 Browser - ok
15:48:31.0421 1020 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
15:48:31.0421 1020 BTWUSB - ok
15:48:31.0484 1020 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:48:31.0484 1020 cbidf - ok
15:48:31.0500 1020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:48:31.0500 1020 cbidf2k - ok
15:48:31.0562 1020 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:48:31.0562 1020 CCDECODE - ok
15:48:31.0593 1020 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:48:31.0593 1020 cd20xrnt - ok
15:48:31.0640 1020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:48:31.0640 1020 Cdaudio - ok
15:48:31.0656 1020 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:48:31.0671 1020 Cdfs - ok
15:48:31.0718 1020 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:48:31.0718 1020 Cdrom - ok
15:48:31.0734 1020 Changer - ok
15:48:31.0812 1020 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:48:31.0812 1020 CiSvc - ok
15:48:31.0828 1020 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:48:31.0828 1020 ClipSrv - ok
15:48:31.0968 1020 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:48:32.0031 1020 clr_optimization_v2.0.50727_32 - ok
15:48:32.0078 1020 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:48:32.0078 1020 CmBatt - ok
15:48:32.0125 1020 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:48:32.0125 1020 CmdIde - ok
15:48:32.0171 1020 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:48:32.0171 1020 Compbatt - ok
15:48:32.0187 1020 COMSysApp - ok
15:48:32.0250 1020 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:48:32.0250 1020 Cpqarray - ok
15:48:32.0296 1020 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:48:32.0296 1020 CryptSvc - ok
15:48:32.0328 1020 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:48:32.0343 1020 dac2w2k - ok
15:48:32.0390 1020 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:48:32.0390 1020 dac960nt - ok
15:48:32.0453 1020 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:48:32.0453 1020 DcomLaunch - ok
15:48:32.0500 1020 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:48:32.0515 1020 Dhcp - ok
15:48:32.0546 1020 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:48:32.0546 1020 Disk - ok
15:48:32.0562 1020 dmadmin - ok
15:48:32.0640 1020 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:48:32.0718 1020 dmboot - ok
15:48:32.0734 1020 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:48:32.0734 1020 dmio - ok
15:48:32.0765 1020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:48:32.0765 1020 dmload - ok
15:48:32.0812 1020 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:48:32.0812 1020 dmserver - ok
15:48:32.0843 1020 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:48:32.0843 1020 DMusic - ok
15:48:32.0875 1020 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:48:32.0875 1020 Dnscache - ok
15:48:32.0921 1020 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:48:32.0937 1020 Dot3svc - ok
15:48:32.0968 1020 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:48:32.0968 1020 dpti2o - ok
15:48:32.0984 1020 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:48:32.0984 1020 drmkaud - ok
15:48:33.0015 1020 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
15:48:33.0015 1020 eabfiltr - ok
15:48:33.0078 1020 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
15:48:33.0078 1020 eabusb - ok
15:48:33.0125 1020 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:48:33.0125 1020 EapHost - ok
15:48:33.0218 1020 ehRecvr (d039a0c347632622934906bd59a4e1ea) C:\WINDOWS\eHome\ehRecvr.exe
15:48:33.0218 1020 ehRecvr - ok
15:48:33.0281 1020 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
15:48:33.0281 1020 ehSched - ok
15:48:33.0312 1020 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:48:33.0312 1020 ERSvc - ok
15:48:33.0343 1020 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:48:33.0359 1020 Eventlog - ok
15:48:33.0406 1020 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:48:33.0406 1020 EventSystem - ok
15:48:33.0453 1020 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:48:33.0453 1020 Fastfat - ok
15:48:33.0500 1020 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:48:33.0500 1020 FastUserSwitchingCompatibility - ok
15:48:33.0515 1020 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:48:33.0531 1020 Fdc - ok
15:48:33.0562 1020 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:48:33.0578 1020 Fips - ok
15:48:33.0578 1020 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:48:33.0578 1020 Flpydisk - ok
15:48:33.0656 1020 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:48:33.0656 1020 FltMgr - ok
15:48:33.0796 1020 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:48:33.0796 1020 FontCache3.0.0.0 - ok
15:48:33.0812 1020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:48:33.0812 1020 Fs_Rec - ok
15:48:33.0859 1020 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:48:33.0875 1020 Ftdisk - ok
15:48:33.0890 1020 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:48:33.0890 1020 Gpc - ok
15:48:33.0921 1020 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
15:48:33.0921 1020 HBtnKey - ok
15:48:33.0953 1020 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys
15:48:33.0968 1020 HdAudAddService - ok
15:48:34.0015 1020 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:48:34.0015 1020 HDAudBus - ok
15:48:34.0093 1020 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:48:34.0093 1020 helpsvc - ok
15:48:34.0109 1020 HidServ - ok
15:48:34.0171 1020 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:48:34.0171 1020 hkmsvc - ok
15:48:34.0234 1020 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:48:34.0234 1020 hpn - ok
15:48:34.0359 1020 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:48:34.0421 1020 hpqcxs08 - ok
15:48:34.0484 1020 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:48:34.0484 1020 hpqddsvc - ok
15:48:34.0531 1020 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:48:34.0546 1020 hpqwmiex - ok
15:48:34.0578 1020 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:48:34.0593 1020 HPZid412 - ok
15:48:34.0609 1020 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:48:34.0609 1020 HPZipr12 - ok
15:48:34.0656 1020 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:48:34.0656 1020 HPZius12 - ok
15:48:34.0703 1020 HSFHWAZL (8e60293c44e3f6f7f09defb60023a37d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
15:48:34.0734 1020 HSFHWAZL - ok
15:48:34.0796 1020 HSF_DPV (4c2aab15ad6229134f70e5c950e6185c) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:48:34.0875 1020 HSF_DPV - ok
15:48:34.0921 1020 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:48:34.0921 1020 HTTP - ok
15:48:34.0984 1020 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:48:35.0000 1020 HTTPFilter - ok
15:48:35.0046 1020 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:48:35.0046 1020 i2omgmt - ok
15:48:35.0078 1020 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:48:35.0078 1020 i2omp - ok
15:48:35.0109 1020 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:48:35.0109 1020 i8042prt - ok
15:48:35.0187 1020 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
15:48:35.0203 1020 iaStor - ok
15:48:35.0343 1020 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:48:35.0343 1020 IDriverT - ok
15:48:35.0578 1020 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:48:35.0593 1020 idsvc - ok
15:48:35.0703 1020 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:48:35.0703 1020 Imapi - ok
15:48:35.0750 1020 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:48:35.0750 1020 ImapiService - ok
15:48:35.0796 1020 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:48:35.0796 1020 ini910u - ok
15:48:35.0843 1020 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:48:35.0843 1020 IntelIde - ok
15:48:35.0890 1020 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:48:35.0890 1020 Ip6Fw - ok
15:48:35.0906 1020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:48:35.0921 1020 IpFilterDriver - ok
15:48:35.0968 1020 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:48:35.0968 1020 IpInIp - ok
15:48:36.0000 1020 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:48:36.0000 1020 IpNat - ok
15:48:36.0031 1020 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:48:36.0031 1020 IPSec - ok
15:48:36.0062 1020 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:48:36.0062 1020 IRENUM - ok
15:48:36.0078 1020 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:48:36.0078 1020 isapnp - ok
15:48:36.0234 1020 JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
15:48:36.0234 1020 JavaQuickStarterService - ok
15:48:36.0250 1020 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:48:36.0265 1020 Kbdclass - ok
15:48:36.0281 1020 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:48:36.0281 1020 kbdhid - ok
15:48:36.0312 1020 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:48:36.0312 1020 kmixer - ok
15:48:36.0359 1020 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:48:36.0359 1020 KSecDD - ok
15:48:36.0406 1020 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:48:36.0406 1020 lanmanserver - ok
15:48:36.0437 1020 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:48:36.0453 1020 lanmanworkstation - ok
15:48:36.0468 1020 lbrtfdc - ok
15:48:36.0578 1020 LightScribeService (86e8bcaa91fc2acfacd99cf2bf9f1f47) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:48:36.0578 1020 LightScribeService - ok
15:48:36.0625 1020 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:48:36.0625 1020 LmHosts - ok
15:48:36.0671 1020 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
15:48:36.0671 1020 MBAMProtector - ok
15:48:36.0734 1020 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:48:36.0750 1020 MBAMService - ok
15:48:36.0843 1020 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe
15:48:36.0843 1020 McAfee SiteAdvisor Service - ok
15:48:36.0906 1020 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
15:48:36.0921 1020 McrdSvc - ok
15:48:36.0953 1020 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:48:36.0953 1020 mdmxsdk - ok
15:48:36.0984 1020 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:48:36.0984 1020 Messenger - ok
15:48:37.0015 1020 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
15:48:37.0015 1020 MHN - ok
15:48:37.0046 1020 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:48:37.0046 1020 MHNDRV - ok
15:48:37.0093 1020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:48:37.0093 1020 mnmdd - ok
15:48:37.0140 1020 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:48:37.0140 1020 mnmsrvc - ok
15:48:37.0328 1020 MOBCleanup - ok
15:48:37.0375 1020 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:48:37.0375 1020 Modem - ok
15:48:37.0390 1020 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:48:37.0390 1020 Mouclass - ok
15:48:37.0421 1020 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:48:37.0421 1020 MountMgr - ok
15:48:37.0453 1020 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys
15:48:37.0453 1020 MQAC - ok
15:48:37.0500 1020 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:48:37.0500 1020 mraid35x - ok
15:48:37.0531 1020 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:48:37.0531 1020 MRxDAV - ok
15:48:37.0593 1020 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:48:37.0593 1020 MRxSmb - ok
15:48:37.0640 1020 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:48:37.0640 1020 MSDTC - ok
15:48:37.0671 1020 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:48:37.0671 1020 Msfs - ok
15:48:37.0687 1020 MSIServer - ok
15:48:37.0734 1020 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:48:37.0734 1020 MSKSSRV - ok
15:48:37.0796 1020 MSMQ (e9b5f354ae80325283fd5c1c05217b01) C:\WINDOWS\system32\mqsvc.exe
15:48:37.0796 1020 MSMQ - ok
15:48:37.0828 1020 MSMQTriggers (10e6b9022b0a5c9c41e2da6aeae5d404) C:\WINDOWS\system32\mqtgsvc.exe
15:48:37.0843 1020 MSMQTriggers - ok
15:48:37.0859 1020 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:48:37.0859 1020 MSPCLOCK - ok
15:48:37.0890 1020 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:48:37.0890 1020 MSPQM - ok
15:48:37.0937 1020 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:48:37.0937 1020 mssmbios - ok
15:48:37.0968 1020 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:48:37.0968 1020 MSTEE - ok
15:48:38.0015 1020 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:48:38.0015 1020 Mup - ok
15:48:38.0062 1020 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:48:38.0062 1020 NABTSFEC - ok
15:48:38.0125 1020 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:48:38.0125 1020 napagent - ok
15:48:38.0171 1020 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:48:38.0171 1020 NDIS - ok
15:48:38.0218 1020 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:48:38.0218 1020 NdisIP - ok
15:48:38.0265 1020 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:48:38.0265 1020 NdisTapi - ok
15:48:38.0296 1020 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:48:38.0296 1020 Ndisuio - ok
15:48:38.0312 1020 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:48:38.0312 1020 NdisWan - ok
15:48:38.0375 1020 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:48:38.0375 1020 NDProxy - ok
15:48:38.0406 1020 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
15:48:38.0421 1020 Net Driver HPZ12 - ok
15:48:38.0437 1020 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:48:38.0437 1020 NetBIOS - ok
15:48:38.0468 1020 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:48:38.0468 1020 NetBT - ok
15:48:38.0515 1020 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:48:38.0515 1020 NetDDE - ok
15:48:38.0531 1020 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:48:38.0531 1020 NetDDEdsdm - ok
15:48:38.0578 1020 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:48:38.0593 1020 Netlogon - ok
15:48:38.0625 1020 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:48:38.0625 1020 Netman - ok
15:48:38.0765 1020 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:48:38.0765 1020 NetTcpPortSharing - ok
15:48:38.0828 1020 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:48:38.0828 1020 NIC1394 - ok
15:48:38.0875 1020 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:48:38.0875 1020 Nla - ok
15:48:38.0921 1020 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:48:38.0921 1020 Npfs - ok
15:48:38.0937 1020 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:48:38.0953 1020 Ntfs - ok
15:48:39.0000 1020 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:48:39.0000 1020 NtLmSsp - ok
15:48:39.0046 1020 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:48:39.0062 1020 NtmsSvc - ok
15:48:39.0109 1020 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:48:39.0109 1020 Null - ok
15:48:39.0265 1020 nv (bbb8ab2ffd7a79cd9d7751008e3de579) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:48:39.0421 1020 nv - ok
15:48:39.0546 1020 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
15:48:39.0546 1020 nvata - ok
15:48:39.0578 1020 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:48:39.0578 1020 NVENETFD - ok
15:48:39.0593 1020 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:48:39.0593 1020 nvnetbus - ok
15:48:39.0640 1020 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
15:48:39.0640 1020 nvsmu - ok
15:48:39.0687 1020 NVSvc (a323e7dd1a00898b1c40b9b5b340c0db) C:\WINDOWS\system32\nvsvc32.exe
15:48:39.0687 1020 NVSvc - ok
15:48:39.0734 1020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:48:39.0734 1020 NwlnkFlt - ok
15:48:39.0796 1020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:48:39.0796 1020 NwlnkFwd - ok
15:48:39.0843 1020 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:48:39.0843 1020 ohci1394 - ok
15:48:39.0937 1020 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:48:39.0937 1020 ose - ok
15:48:40.0218 1020 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:48:40.0453 1020 osppsvc - ok
15:48:40.0687 1020 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:48:40.0687 1020 Parport - ok
15:48:40.0750 1020 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:48:40.0750 1020 PartMgr - ok
15:48:40.0781 1020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:48:40.0796 1020 ParVdm - ok
15:48:40.0796 1020 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:48:40.0812 1020 PCI - ok
15:48:40.0828 1020 PCIDump - ok
15:48:40.0843 1020 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:48:40.0843 1020 PCIIde - ok
15:48:40.0890 1020 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:48:40.0906 1020 Pcmcia - ok
15:48:40.0906 1020 PDCOMP - ok
15:48:40.0937 1020 PDFRAME - ok
15:48:40.0953 1020 PDRELI - ok
15:48:40.0984 1020 PDRFRAME - ok
15:48:41.0015 1020 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:48:41.0015 1020 perc2 - ok
15:48:41.0062 1020 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:48:41.0062 1020 perc2hib - ok
15:48:41.0140 1020 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:48:41.0140 1020 PlugPlay - ok
15:48:41.0187 1020 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
15:48:41.0187 1020 Pml Driver HPZ12 - ok
15:48:41.0203 1020 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:48:41.0203 1020 PolicyAgent - ok
15:48:41.0250 1020 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:48:41.0250 1020 PptpMiniport - ok
15:48:41.0265 1020 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:48:41.0265 1020 ProtectedStorage - ok
15:48:41.0296 1020 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:48:41.0296 1020 PSched - ok
15:48:41.0328 1020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:48:41.0328 1020 Ptilink - ok
15:48:41.0359 1020 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:48:41.0359 1020 PxHelp20 - ok
15:48:41.0390 1020 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:48:41.0390 1020 ql1080 - ok
15:48:41.0406 1020 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:48:41.0406 1020 Ql10wnt - ok
15:48:41.0437 1020 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:48:41.0437 1020 ql12160 - ok
15:48:41.0468 1020 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:48:41.0468 1020 ql1240 - ok
15:48:41.0484 1020 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:48:41.0500 1020 ql1280 - ok
15:48:41.0515 1020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:48:41.0531 1020 RasAcd - ok
15:48:41.0562 1020 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:48:41.0562 1020 RasAuto - ok
15:48:41.0593 1020 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:48:41.0593 1020 Rasl2tp - ok
15:48:41.0640 1020 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:48:41.0640 1020 RasMan - ok
15:48:41.0671 1020 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:48:41.0687 1020 RasPppoe - ok
15:48:41.0687 1020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:48:41.0687 1020 Raspti - ok
15:48:41.0734 1020 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:48:41.0734 1020 Rdbss - ok
15:48:41.0750 1020 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:48:41.0750 1020 RDPCDD - ok
15:48:41.0796 1020 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:48:41.0796 1020 rdpdr - ok
15:48:41.0843 1020 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:48:41.0843 1020 RDPWD - ok
15:48:41.0890 1020 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:48:41.0906 1020 RDSessMgr - ok
15:48:41.0953 1020 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:48:41.0953 1020 redbook - ok
15:48:42.0000 1020 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:48:42.0000 1020 RemoteAccess - ok
15:48:42.0015 1020 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:48:42.0031 1020 RemoteRegistry - ok
15:48:42.0062 1020 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
15:48:42.0062 1020 rimmptsk - ok
15:48:42.0078 1020 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
15:48:42.0078 1020 rimsptsk - ok
15:48:42.0125 1020 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
15:48:42.0140 1020 rismxdp - ok
15:48:42.0187 1020 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
15:48:42.0203 1020 RMCAST - ok
15:48:42.0234 1020 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:48:42.0250 1020 RpcLocator - ok
15:48:42.0312 1020 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:48:42.0328 1020 RpcSs - ok
15:48:42.0375 1020 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:48:42.0375 1020 RSVP - ok
15:48:42.0390 1020 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:48:42.0390 1020 rtl8139 - ok
15:48:42.0437 1020 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:48:42.0453 1020 SamSs - ok
15:48:42.0468 1020 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:48:42.0468 1020 SCardSvr - ok
15:48:42.0500 1020 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:48:42.0500 1020 Schedule - ok
15:48:42.0562 1020 SCR3XX2K (b590c6b740a85130e88d35d007691eb4) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys
15:48:42.0562 1020 SCR3XX2K - ok
15:48:42.0609 1020 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:48:42.0609 1020 sdbus - ok
15:48:42.0656 1020 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:48:42.0656 1020 Secdrv - ok
15:48:42.0687 1020 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:48:42.0687 1020 seclogon - ok
15:48:42.0718 1020 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:48:42.0718 1020 SENS - ok
15:48:42.0750 1020 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:48:42.0750 1020 Serial - ok
15:48:42.0812 1020 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:48:42.0812 1020 Sfloppy - ok
15:48:42.0875 1020 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:48:42.0875 1020 SharedAccess - ok
15:48:42.0906 1020 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:48:42.0921 1020 ShellHWDetection - ok
15:48:42.0921 1020 Simbad - ok
15:48:42.0968 1020 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:48:42.0968 1020 sisagp - ok
15:48:43.0000 1020 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:48:43.0000 1020 SLIP - ok
15:48:43.0062 1020 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:48:43.0062 1020 Sparrow - ok
15:48:43.0078 1020 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:48:43.0078 1020 splitter - ok
15:48:43.0125 1020 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:48:43.0125 1020 Spooler - ok
15:48:43.0171 1020 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:48:43.0171 1020 sr - ok
15:48:43.0218 1020 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:48:43.0218 1020 srservice - ok
15:48:43.0265 1020 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:48:43.0281 1020 Srv - ok
15:48:43.0296 1020 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:48:43.0296 1020 SSDPSRV - ok
15:48:43.0343 1020 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:48:43.0343 1020 ssmdrv - ok
15:48:43.0390 1020 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:48:43.0406 1020 stisvc - ok
15:48:43.0453 1020 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:48:43.0453 1020 streamip - ok
15:48:43.0484 1020 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:48:43.0484 1020 swenum - ok
15:48:43.0500 1020 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:48:43.0500 1020 swmidi - ok
15:48:43.0515 1020 SwPrv - ok
15:48:43.0578 1020 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:48:43.0578 1020 symc810 - ok
15:48:43.0593 1020 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:48:43.0593 1020 symc8xx - ok
15:48:43.0625 1020 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:48:43.0625 1020 sym_hi - ok
15:48:43.0640 1020 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:48:43.0640 1020 sym_u3 - ok
15:48:43.0687 1020 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:48:43.0687 1020 SynTP - ok
15:48:43.0703 1020 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:48:43.0703 1020 sysaudio - ok
15:48:43.0765 1020 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:48:43.0765 1020 SysmonLog - ok
15:48:43.0796 1020 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:48:43.0812 1020 TapiSrv - ok
15:48:43.0859 1020 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:48:43.0859 1020 Tcpip - ok
15:48:43.0906 1020 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:48:43.0921 1020 TDPIPE - ok
15:48:43.0937 1020 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:48:43.0937 1020 TDTCP - ok
15:48:43.0968 1020 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:48:43.0968 1020 TermDD - ok
15:48:44.0031 1020 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:48:44.0031 1020 TermService - ok
15:48:44.0093 1020 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:48:44.0093 1020 Themes - ok
15:48:44.0140 1020 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:48:44.0140 1020 TlntSvr - ok
15:48:44.0265 1020 TomTomHOMEService (572a16fbad52ab1ac8e3d44baaf99694) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
15:48:44.0265 1020 TomTomHOMEService - ok
15:48:44.0312 1020 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:48:44.0328 1020 TosIde - ok
15:48:44.0328 1020 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:48:44.0343 1020 TrkWks - ok
15:48:44.0390 1020 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:48:44.0390 1020 Udfs - ok
15:48:44.0406 1020 UIUSys - ok
15:48:44.0453 1020 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:48:44.0453 1020 ultra - ok
15:48:44.0500 1020 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
15:48:44.0515 1020 UMWdf - ok
15:48:44.0578 1020 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:48:44.0593 1020 Update - ok
15:48:44.0625 1020 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:48:44.0625 1020 upnphost - ok
15:48:44.0640 1020 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:48:44.0640 1020 UPS - ok
15:48:44.0703 1020 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:48:44.0703 1020 usbaudio - ok
15:48:44.0750 1020 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:48:44.0750 1020 usbccgp - ok
15:48:44.0796 1020 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:48:44.0796 1020 usbehci - ok
15:48:44.0812 1020 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:48:44.0812 1020 usbhub - ok
15:48:44.0828 1020 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:48:44.0828 1020 usbohci - ok
15:48:44.0859 1020 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:48:44.0859 1020 usbprint - ok
15:48:44.0875 1020 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:48:44.0875 1020 usbscan - ok
15:48:44.0890 1020 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:48:44.0906 1020 USBSTOR - ok
15:48:44.0937 1020 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:48:44.0937 1020 usbuhci - ok
15:48:44.0984 1020 usbvm328 (6dc94d0d4f2472056d14e987f729eccb) C:\WINDOWS\system32\Drivers\usbvm326.sys
15:48:44.0984 1020 usbvm328 - ok
15:48:45.0031 1020 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:48:45.0031 1020 VgaSave - ok
15:48:45.0062 1020 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:48:45.0062 1020 viaagp - ok
15:48:45.0093 1020 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:48:45.0093 1020 ViaIde - ok
15:48:45.0171 1020 vmfilter323 (6c21422d47ed3d8f65ed667bfd1cc759) C:\WINDOWS\system32\drivers\vmfilter323.sys
15:48:45.0171 1020 vmfilter323 - ok
15:48:45.0203 1020 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:48:45.0203 1020 VolSnap - ok
15:48:45.0343 1020 Vongo Service (322aaa3b17e1fc664915350cdde92eb8) C:\Program Files\Vongo\VongoService.exe
15:48:45.0359 1020 Vongo Service - ok
15:48:45.0406 1020 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:48:45.0421 1020 VSS - ok
15:48:45.0453 1020 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:48:45.0468 1020 W32Time - ok
15:48:45.0515 1020 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:48:45.0515 1020 Wanarp - ok
15:48:45.0531 1020 WDICA - ok
15:48:45.0562 1020 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:48:45.0562 1020 wdmaud - ok
15:48:45.0578 1020 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:48:45.0578 1020 WebClient - ok
15:48:45.0656 1020 winachsf (e17d31cd52dcb7745ac5330eea062d0b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:48:45.0671 1020 winachsf - ok
15:48:45.0750 1020 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:48:45.0750 1020 winmgmt - ok
15:48:46.0015 1020 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:48:46.0078 1020 wlidsvc - ok
15:48:46.0218 1020 WMConnectCDS (cd99c9feae87c1963273f6b150251e33) C:\Program Files\Windows Media Connect 2\wmccds.exe
15:48:46.0234 1020 WMConnectCDS - ok
15:48:46.0421 1020 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
15:48:46.0421 1020 WmdmPmSN - ok
15:48:46.0500 1020 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:48:46.0515 1020 Wmi - ok
15:48:46.0593 1020 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:48:46.0593 1020 WmiAcpi - ok
15:48:46.0671 1020 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:48:46.0671 1020 WmiApSrv - ok
15:48:46.0718 1020 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:48:46.0734 1020 wscsvc - ok
15:48:46.0765 1020 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:48:46.0765 1020 WSTCODEC - ok
15:48:46.0796 1020 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:48:46.0828 1020 wuauserv - ok
15:48:46.0875 1020 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:48:46.0890 1020 WZCSVC - ok
15:48:46.0921 1020 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:48:46.0921 1020 xmlprov - ok
15:48:47.0000 1020 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0
15:48:47.0015 1020 \Device\Harddisk0\DR0 - ok
15:48:47.0031 1020 Boot (0x1200) (0c244233af3399cf72a2036305143af3) \Device\Harddisk0\DR0\Partition0
15:48:47.0031 1020 \Device\Harddisk0\DR0\Partition0 - ok
15:48:47.0093 1020 Boot (0x1200) (5b9d4a6e33305397a5038ea01fb2397a) \Device\Harddisk0\DR0\Partition1
15:48:47.0093 1020 \Device\Harddisk0\DR0\Partition1 - ok
15:48:47.0093 1020 ============================================================
15:48:47.0093 1020 Scan finished
-
Finally the AVAST. Keep giving me a blue screen saying dump of physical memory when I ran it. Took me the 4 times to finally get this done. Thanks for helping again.
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-15 10:01:38
-----------------------------
10:01:38.656 OS Version: Windows 5.1.2600 Service Pack 3
10:01:38.656 Number of processors: 2 586 0x4802
10:01:38.656 ComputerName: STOLL UserName: Jeff
10:01:39.593 Initialize success
10:01:55.734 AVAST engine defs: 12051401
10:02:00.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007c
10:02:00.421 Disk 0 Vendor: Size: 0MB BusType: 0
10:02:00.500 Disk 0 MBR read error 0
10:02:00.500 Disk 0 MBR scan
10:02:01.125 Disk 0 unknown MBR code
10:02:01.140 MBR BIOS signature not found 0
10:02:01.218 Disk 0 scanning C:\WINDOWS\system32\drivers
10:02:19.468 Service scanning
10:02:43.937 Modules scanning
10:02:50.765 Disk 0 trace - called modules:
10:02:50.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
10:02:50.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5901e8]
10:02:50.843 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\0000007d[0x8a59ef18]
10:02:50.890 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\0000007c[0x8a4b6658]
10:02:51.296 AVAST engine scan C:\WINDOWS
10:03:00.484 AVAST engine scan C:\WINDOWS\system32
10:07:51.859 AVAST engine scan C:\WINDOWS\system32\drivers
10:08:16.046 AVAST engine scan C:\Documents and Settings\Jeff
10:08:36.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jeff\Desktop\MBR.dat"
10:08:36.125 The log file has been saved successfully to "C:\Documents and Settings\Jeff\Desktop\aswMBR.txt"
-
The GMER log
---- System - GMER 1.0.15 ----
SSDT EE8A668C ZwClose
SSDT EE8A6646 ZwCreateKey
SSDT EE8A6696 ZwCreateSection
SSDT EE8A663C ZwCreateThread
SSDT EE8A664B ZwDeleteKey
SSDT EE8A6655 ZwDeleteValueKey
SSDT EE8A6687 ZwDuplicateObject
SSDT EE8A665A ZwLoadKey
SSDT EE8A6628 ZwOpenProcess
SSDT EE8A662D ZwOpenThread
SSDT EE8A6664 ZwReplaceKey
SSDT EE8A665F ZwRestoreKey
SSDT EE8A669B ZwSetContextThread
SSDT EE8A6650 ZwSetValueKey
SSDT EE8A6637 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6249360, 0x225D9D, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- EOF - GMER 1.0.15 ----
-
Thanks alot for your help. The OTL logs are as follows
OTL logfile created on: 5/14/2012 6:47:15 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.97 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 62.19% Memory free
3.82 Gb Paging File | 3.19 Gb Available in Paging File | 83.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.59 Gb Total Space | 22.81 Gb Free Space | 28.30% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 1.26 Gb Free Space | 10.93% Space Free | Partition Type: FAT32
Computer Name: STOLL | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/14 18:46:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | -H-- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2012/01/13 12:21:10 | 000,095,200 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/06/30 09:56:40 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/28 07:55:25 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 09:39:54 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/10 04:29:00 | 000,092,008 | -H-- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/12/10 04:28:56 | 000,247,144 | -H-- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/02/10 18:27:24 | 000,386,872 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/15 12:08:40 | 000,182,576 | -H-- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 12:08:38 | 000,095,024 | -H-- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/15 12:08:08 | 000,293,168 | -H-- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/03 07:28:36 | 001,292,288 | -H-- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | -H-- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/06/17 15:27:22 | 000,355,688 | -H-- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | -H-- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | -H-- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/07/11 20:55:04 | 000,172,032 | -H-- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Jeff\LOCALS~1\Temp\MOBCleanup.exe -- (MOBCleanup)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\006242~1.EXE -- (0062421329956074mcinstcleanup) McAfee Application Installer Cleanup (0062421329956074)
SRV - [2012/05/04 16:10:23 | 000,257,696 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/10 11:28:06 | 000,240,408 | -H-- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | -H-- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/13 12:21:10 | 000,095,200 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/30 09:56:40 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 07:55:25 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/10 04:29:00 | 000,092,008 | -H-- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2007/05/15 12:08:40 | 000,182,576 | -H-- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2006/06/12 12:27:28 | 000,126,976 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/09 12:11:10 | 000,176,128 | -H-- | M] (Starz Entertainment Group LLC) [Auto | Stopped] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2005/10/06 17:12:30 | 000,855,552 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/30 09:56:41 | 000,138,192 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/30 09:56:41 | 000,066,616 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/01/06 19:19:00 | 000,057,856 | -H-- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2009/06/22 03:48:44 | 000,091,776 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/05/08 06:02:52 | 000,203,136 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2007/04/13 04:56:45 | 000,475,264 | RH-- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter323.sys -- (vmfilter323)
DRV - [2007/04/13 04:56:45 | 000,219,648 | RH-- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm326.sys -- (usbvm328)
DRV - [2006/08/29 14:12:28 | 000,990,592 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/08/29 14:11:08 | 000,208,384 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/08/29 14:10:56 | 000,728,576 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/19 04:37:34 | 000,036,864 | -H-- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/06 12:39:56 | 000,061,952 | -H-- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/01 16:02:36 | 000,572,928 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 12:05:02 | 000,057,320 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/28 09:12:00 | 000,429,184 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/03/05 15:49:36 | 000,011,136 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/02 16:31:04 | 000,013,056 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/02 16:31:02 | 000,034,176 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/26 16:04:16 | 000,099,584 | -H-- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2005/11/15 20:28:32 | 000,028,928 | -H-- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/10/31 18:08:00 | 000,308,992 | -H-- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/31 17:54:50 | 000,051,584 | -H-- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/19 13:24:20 | 000,005,760 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 13:24:10 | 000,009,344 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 13:23:52 | 000,007,808 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/03 22:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\SearchScopes\{F5CB2064-D2FA-4E5D-9A55-C05764F1FB0E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/04 14:59:39 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/03/04 11:16:00 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/10 10:11:25 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/06 19:04:38 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2012/03/16 15:12:17 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2012/05/06 19:04:39 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/04 14:59:39 | 000,000,000 | -H-D | M]
[2011/03/01 14:46:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions
[2011/03/01 14:46:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/05/05 15:55:48 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\wifw4z5k.default\extensions
[2012/02/07 19:15:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/29 07:55:53 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/06/11 03:34:00 | 002,115,816 | -H-- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2012/01/29 05:36:35 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/09/20 10:31:51 | 000,002,024 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/01/29 05:36:35 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2006/03/15 20:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005..\Run: [Device Detection] C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe ()
O4 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz)
O4 - Startup: C:\Documents and Settings\Jeff\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..Trusted Domains: ahrn.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..Trusted Domains: ahrn.com ([www*] https in Trusted sites)
O15 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..Trusted Domains: army.mil ([]* in Local intranet)
O15 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..Trusted Domains: chase.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2278501756-2133485100-4214599645-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.165.131.12 209.165.131.13 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D7DC3B9-18BF-4DC8-97E5-50572F9D29C8}: DhcpNameServer = 209.165.131.12 209.165.131.13 0.0.0.0
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - (C:\WINDOWS\system32\ackpbsc.dll) - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O24 - Desktop WallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/09/26 03:18:56 | 000,000,090 | -H-- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/14 18:46:47 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2012/05/14 16:53:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jeff\Start Menu\Programs\Administrative Tools
[2012/05/14 16:52:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\dds.com
[2012/05/14 08:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Application Data\Malwarebytes
[2012/05/14 08:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/14 08:44:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/14 08:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/14 08:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/14 08:29:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jeff\Recent
[2012/05/11 16:04:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jeff\Start Menu\Programs\Data Recovery
[2012/04/30 09:33:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/04/30 09:33:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft Silverlight
[2012/04/23 09:33:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jeff\Desktop\PureEdge
[2012/04/23 09:24:12 | 000,000,000 | -H-D | C] -- C:\Program Files\PureEdge1
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/14 18:46:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2012/05/14 18:39:45 | 000,001,350 | -H-- | M] () -- C:\hpqp.ini
[2012/05/14 18:37:33 | 000,000,039 | -H-- | M] () -- C:\XP_TV.ini
[2012/05/14 18:37:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/14 17:10:15 | 000,000,830 | -H-- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/14 16:52:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\dds.com
[2012/05/14 08:44:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/14 08:28:10 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/12 20:20:25 | 000,000,855 | -H-- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/12 20:20:25 | 000,000,176 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-883o8ZUhSyoNkar
[2012/05/12 20:20:25 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-883o8ZUhSyoNka
[2012/05/12 20:20:19 | 000,000,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\883o8ZUhSyoNka
[2012/05/12 20:19:46 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/11 16:04:19 | 000,000,837 | -H-- | M] () -- C:\Documents and Settings\Jeff\Desktop\Data_Recovery.lnk
[2012/05/11 15:57:21 | 000,051,048 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/10 16:18:06 | 000,330,688 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/10 15:49:29 | 000,452,834 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/10 15:49:29 | 000,074,842 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/06 19:04:39 | 000,001,729 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/05/06 18:57:40 | 000,077,386 | -H-- | M] () -- C:\WINDOWS\hpqins05.dat
[2012/05/06 18:55:56 | 000,000,059 | -H-- | M] () -- C:\WINDOWS\WININIT.INI
[2012/05/06 18:53:41 | 000,001,018 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/05/04 16:10:22 | 000,419,488 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/04 16:10:22 | 000,070,304 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/30 19:15:56 | 009,080,143 | -H-- | M] () -- C:\Documents and Settings\Jeff\Desktop\TC_3-22.20.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/14 08:44:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/12 20:20:24 | 000,000,855 | -H-- | C] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/11 16:04:19 | 000,000,837 | -H-- | C] () -- C:\Documents and Settings\Jeff\Desktop\Data_Recovery.lnk
[2012/05/11 16:04:19 | 000,000,176 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-883o8ZUhSyoNkar
[2012/05/11 16:04:19 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-883o8ZUhSyoNka
[2012/05/11 16:04:11 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\883o8ZUhSyoNka
[2012/05/06 18:53:41 | 000,001,018 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/05/06 18:52:06 | 000,077,386 | -H-- | C] () -- C:\WINDOWS\hpqins05.dat
[2012/04/30 19:15:56 | 009,080,143 | -H-- | C] () -- C:\Documents and Settings\Jeff\Desktop\TC_3-22.20.pdf
[2012/02/15 17:37:00 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/14 13:40:57 | 000,135,168 | RH-- | C] () -- C:\WINDOWS\System32\setupfilter.exe
[2011/02/14 13:25:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/04 14:57:49 | 000,023,097 | -H-- | C] () -- C:\WINDOWS\hpqins15.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 5/14/2012 6:47:15 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.97 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 62.19% Memory free
3.82 Gb Paging File | 3.19 Gb Available in Paging File | 83.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.59 Gb Total Space | 22.81 Gb Free Space | 28.30% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 1.26 Gb Free Space | 10.93% Space Free | Partition Type: FAT32
Computer Name: STOLL | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = NetscapeHTML] -- C:\Program Files\Netscape\Netscape Browser\netscape.exe (Netscape)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE -url "%1" (Netscape)
https [open] -- C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE -url "%1" (Netscape)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"" =
"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\BearShare\BearShare.exe" = C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare -- (Free Peers, Inc.)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13BCF6CB-2F54-4962-9B11-32F07048ACF3}" = HP User Guides 0031
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient CAC 6.1 x86
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6B43401-E818-4961-AFED-118DD8E87642}" = RAF
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Rhapsody" = HP Rhapsody
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"MyFinePix Studio_is1" = FUJIFILM MyFinePix Studio 3.1
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.0.2146
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/14/2012 6:50:32 PM | Computer Name = STOLL | Source = Application Error | ID = 1000
Description = Faulting application dd.exe, version 1.12.0.0, faulting module dd.exe,
version 1.12.0.0, fault address 0x0003ae67.
Error - 5/14/2012 6:52:30 PM | Computer Name = STOLL | Source = Media Center Scheduler | ID = 0
Description =
Error - 5/14/2012 8:58:02 PM | Computer Name = STOLL | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1
Error - 5/14/2012 8:58:03 PM | Computer Name = STOLL | Source = Media Center Scheduler | ID = 0
Description =
Error - 5/14/2012 8:59:20 PM | Computer Name = STOLL | Source = Application Error | ID = 1000
Description = Faulting application dd.exe, version 1.12.0.0, faulting module dd.exe,
version 1.12.0.0, fault address 0x0003ae67.
Error - 5/14/2012 9:00:23 PM | Computer Name = STOLL | Source = Media Center Scheduler | ID = 0
Description =
Error - 5/14/2012 10:37:40 PM | Computer Name = STOLL | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1
Error - 5/14/2012 10:37:41 PM | Computer Name = STOLL | Source = Media Center Scheduler | ID = 0
Description =
Error - 5/14/2012 10:38:58 PM | Computer Name = STOLL | Source = Application Error | ID = 1000
Description = Faulting application dd.exe, version 1.12.0.0, faulting module dd.exe,
version 1.12.0.0, fault address 0x0003ae67.
Error - 5/14/2012 10:40:46 PM | Computer Name = STOLL | Source = Media Center Scheduler | ID = 0
Description =
[ System Events ]
Error - 5/14/2012 2:27:01 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde Pcmcia ViaIde
Error - 5/14/2012 2:42:28 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7000
Description = The MOBCleanup service failed to start due to the following error:
%%2
Error - 5/14/2012 2:43:58 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 5/14/2012 2:43:58 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde Pcmcia ViaIde
Error - 5/14/2012 6:49:54 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7000
Description = The MOBCleanup service failed to start due to the following error:
%%2
Error - 5/14/2012 6:51:20 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 5/14/2012 8:58:40 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7000
Description = The MOBCleanup service failed to start due to the following error:
%%2
Error - 5/14/2012 9:00:07 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 5/14/2012 10:38:16 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7000
Description = The MOBCleanup service failed to start due to the following error:
%%2
Error - 5/14/2012 10:39:43 PM | Computer Name = STOLL | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
< End of report >
-
Tried deleting the virus but Avira scans there are still 4 but access is denied. But the Malwarebyte full scan says nothing is detected. When computer is restarted, the SMART repair data recovery pop up is no longer there but there is still nothing but a blue screen with nothing listed under programs. In the background dd.exe file needs to close pop up appears instead and the error message of a corrupted file keeps running like 50 times flooding the screen. Need HELP please... I've attached the dds. files here. Thanks alot.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jeff at 16:53:09 on 2012-05-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1226 [GMT -8:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://search.live.com
uSearch Bar = hxxp://search.live.com/sphome.aspx
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Device Detection] c:\program files\fujifilm\myfinepix studio\dd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [hpqSRMon]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\jeff\startm~1\programs\startup\vongot~1.lnk - c:\program files\vongo\Tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: ahrn.com\www
Trusted Zone: ahrn.com\www*
Trusted Zone: chase.com
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.165.131.12 209.165.131.13 0.0.0.0
TCP: Interfaces\{8D7DC3B9-18BF-4DC8-97E5-50572F9D29C8} : DhcpNameServer = 209.165.131.12 209.165.131.13 0.0.0.0
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jeff\application data\mozilla\firefox\profiles\wifw4z5k.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-20 11608]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-20 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-20 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-20 66616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-14 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\McSACore.exe [2009-12-3 95200]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-12-10 92008]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-14 22344]
S2 0062421329956074mcinstcleanup;McAfee Application Installer Cleanup (0062421329956074);c:\windows\temp\006242~1.exe -cleanup -nolog --> c:\windows\temp\006242~1.EXE -cleanup -nolog [?]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 MOBCleanup;MOBCleanup;"c:\docume~1\jeff\locals~1\temp\mobcleanup.exe" --> c:\docume~1\jeff\locals~1\temp\MOBCleanup.exe [?]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 257696]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2010-1-6 57856]
S3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [2011-2-14 219648]
S3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [2011-2-14 475264]
.
=============== Created Last 30 ================
.
2012-05-14 16:44:21 -------- d-----w- c:\documents and settings\jeff\application data\Malwarebytes
2012-05-14 16:44:15 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-14 16:44:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-14 16:44:15 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-23 17:24:12 -------- d--h--w- c:\program files\PureEdge1
.
==================== Find3M ====================
.
2012-05-05 00:10:22 70304 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 00:10:22 419488 ---ha-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:14:41 2148352 ---ha-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ---ha-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ---ha-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01:32 916992 ---ha-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ---ha-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ---ha-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ---ha-w- c:\windows\system32\html.iec
2001-06-20 21:19:18 40960 ---ha-w- c:\program files\ACMonitor_X83.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8A59DAB8]
3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\0000007d[0x8A591BE0]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\0000007c[0x8A4FA658]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
user != kernel MBR !!!
.
============= FINISH: 16:54:11.25 ===============
SMART repair virus
in Resolved Malware Removal Logs
Posted
It seems like it is all good to go. Got to reset a anti-virus program back though, should I go back to the Avira Anti-virus?. Do I do anything about those hidden files that I had to uncover, or just leave them as it is? I suppose the rest of those text files can go too? I really need to clean it up, having too much junk stored in there instead of my external hard disk. Thanks alot for all the efforts and time taken. I really appreciate that you took all the time and patience. Thanks