Jump to content

mbam.exe launches XP Security 2012


Recommended Posts

No problems (yet) when logged on as administrator but my non-admin user account is infected by "XP Security 2012." At least mbam.exe and firefox seem to be hijacked. DDS logs below.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0

Run by DTGDaily at 20:05:46 on 2011-11-27

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1400 [GMT -8:00]

.

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\basfipm.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\program files\verizon wireless\venturi\Client\ventc.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\MFAX\MFNTCTL.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.dell.com

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [HPHUPD08] c:\program files\hewlett-packard\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bounce~1.lnk - c:\program files\cms peripherals\bounceback express\BBLauncher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mighty~1.lnk - c:\program files\mfax\MFNTCTL.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: vlsp.dll

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/53/install/gtdownls.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 68.87.69.150 68.87.85.102

TCP: Interfaces\{78EB8547-DA50-45BC-BDE9-9E5218B9B942} : DhcpNameServer = 68.87.69.150 68.87.85.102

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\dtgdaily\application data\mozilla\firefox\profiles\iouqe402.default\

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-12 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-12 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-12 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-12 74640]

R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2007-7-22 14976]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2005-7-2 80384]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 SoundManager;SoundManager;\??\c:\windows\system32\drivers\soundman.sys --> c:\windows\system32\drivers\soundman.sys [?]

S2 gupdate1c9acc163c8acf2;Google Update Service (gupdate1c9acc163c8acf2);c:\program files\google\update\GoogleUpdate.exe [2009-3-24 133104]

S3 Airgo3P;Wireless-G Notebook Adapter with SRX400 Driver;c:\windows\system32\drivers\Lssrx42.sys [2006-8-25 780288]

S3 CFcatchme;CFcatchme;\??\c:\docume~1\dtgdaily\locals~1\temp\cfcatchme.sys --> c:\docume~1\dtgdaily\locals~1\temp\CFcatchme.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-24 133104]

S3 ifcprusb;ifcprusb;c:\windows\system32\drivers\ifcprusb.sys [2010-1-6 36800]

S3 kwkxusb;Kyocera CDMA Wireless Modem Driver;c:\windows\system32\drivers\kwusb2k.sys [2006-4-10 29952]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-10-17 27064]

.

=============== Created Last 30 ================

.

2011-11-12 19:41:50 -------- d-----w- c:\documents and settings\dtgdaily\application data\Avira

2011-11-12 19:35:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-11-12 19:35:57 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-11-12 19:35:56 -------- d-----w- c:\program files\Avira

2011-11-12 19:35:56 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-11-10 21:50:02 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-10 21:50:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-10-20 15:33:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-14 00:41:17 544656 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-14 00:41:17 128000 ----a-w- c:\windows\system32\javacpl.cpl

2011-10-10 14:22:41 692736 ------w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys

2004-08-04 10:00:00 73728 --sh--w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe

.

============= FINISH: 20:07:13.95 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 7/10/2005 5:01:56 PM

System Uptime: 11/27/2011 7:17:18 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0D4571

Processor: Intel® Pentium® M processor 1.60GHz | Microprocessor | 1596/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 56 GiB total, 9.094 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Officejet 4500 G510n-z

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: HP

Name: Officejet 4500 G510n-z

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

32 Bit HP CIO Components Installer

4500_G510nz_Help

4500G510nz

4500G510nz_Software_Min

5600

5600_Help

5600Trb

Acrobat.com

Adobe Acrobat 5.0

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Illustrator 9.0.1

Adobe Photoshop 5.0.2

Adobe Reader 9.4.1

AiO_Scan

AiOSoftware

ALPS Touch Pad Driver

AnswerWorks 4.0 Runtime - English

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

AutoUpdate

Avidemux 2.5

Avira Free Antivirus

Bluetooth Stack for Windows by Toshiba

BounceBack Express

Broadcom Advanced Control Suite 2

Broadcom ASF Management Applications

BufferChm

CameraDrivers

Compatibility Pack for the 2007 Office system

Conexant D110 MDC V.9x Modem

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

Critical Update for Windows Media Player 11 (KB959772)

Destinations

DeviceDiscovery

DeviceManagementQFolder

Digital Line Detect

DivX

DivX Converter

DivX Player

DivX Web Player

DocMgr

DocProc

ESET Online Scanner v3

Fax

FileMaker Pro 4.0

Folder Size for Windows

Google Earth

Google Update Helper

GPBaseService2

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 13.0

HP Document Manager 2.0

HP Image Zone Express

HP Imaging Device Functions 13.0

HP Officejet 4500 G510n-z

HP Photosmart 330,380,420,470,7800,8000,8200 Series

HP PSC & OfficeJet 5.3.B

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Update

HPProductAssistant

HPSSupply

Intel® Graphics Media Accelerator Driver for Mobile

Intel® PROSet/Wireless Software

Internal Network Card Power Management

interneTIFF 6.2-FREE (Netscape Browser)

ItsDeductible Express

iTunes

Java 7

K-Lite Codec Pack 5.9.0 (Basic)

Macromedia Flash Player 8

Malwarebytes' Anti-Malware version 1.51.2.1300

MarketResearch

mCore

mDrWiFi

mHlpDell

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft FrontPage 2000 SR-1

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MightyFax

mIWA

mIWCA

mLogView

mMHouse

Mozilla Firefox 8.0 (x86 en-US)

Mozilla Thunderbird (1.0.6)

mPfMgr

mPfWiz

mProSafe

mSSO

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

mToolkit

mWlsSafe

mXML

mZConfig

NetWaiting

Network

NewCopy

OCR Software by I.R.I.S. 13.0

OGA Notifier 2.0.0048.0

PHOTOfunSTUDIO 5.0 HD Edition

PowerDVD 5.1

Primo

ProductContext

PS330

PSPrinters08

PSTAPlugin

QuickSet

QuickTime

Readme

RealPlayer

Revo Uninstaller Pro 2.5.5

Runtime

Scan

ScannerCopy

Security Task Manager 1.7e

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Shop for HP Supplies

SILKYPIX Developer Studio 3.1 SE

Skype™ 4.2

SmartWebPrinting

SolutionCenter

Sonic DLA

Sonic RecordNow! Plus

Sonic Update Manager

Sony Picture Utility

Status

Toolbox

TrayApp

TurboTax 2008

TurboTax 2008 wcaiper

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wrapper

TurboTax Deluxe 2007

TurboTax Deluxe Deduction Maximizer 2006

TurboTax ItsDeductible 2005

TurboTax ItsDeductible 2006

TurboTax Premier 2004

TurboTax Premier 2005

TurboTax Premier Home & Business 2003

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB976749)

Venturi Client 3.1.4

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VZAccess Manager

WebFldrs XP

WebReg

WexTech AnswerWorks

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

ZipGenius 6 (6.0.2.1030A)

.

==== Event Viewer Messages From Past Week ========

.

11/27/2011 1:24:14 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.101. The machine with the IP address 192.168.1.120 did not allow the name to be claimed by this machine.

11/27/2011 1:09:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde Lbd SoundManager

11/22/2011 8:29:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd SoundManager

11/22/2011 8:29:17 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.

11/22/2011 8:29:15 AM, error: SRService [104] - The System Restore initialization process failed.

11/22/2011 8:16:06 AM, error: Service Control Manager [7034] - The Venturi Client service terminated unexpectedly. It has done this 1 time(s).

11/21/2011 3:08:27 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

Hello malwornout! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Step 1

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Step 2

  1. Download aswMBR.exe (1870KB) to your desktop.
  2. Double click the aswMBR.exe to run it
    aswMBR1.png
  3. Click the [scan] button to start scan
    aswMBR2.png
  4. On completion of the scan click [save log], save it to your desktop and post in your next reply.

In your next reply, please post the following log files:

  • OTL log with Extras.txt
  • aswMBR log

Link to post
Share on other sites

As per your instructions (although I did leave a browser window open during scan - no apparent issue with that):

OTL logfile created on: 11/28/2011 8:46:40 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\DTGDaily\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.93% Memory free

2.58 Gb Paging File | 1.92 Gb Available in Paging File | 74.43% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.81 Gb Total Space | 9.06 Gb Free Space | 16.24% Space Free | Partition Type: NTFS

Computer Name: SPROCKET | User Name: DTGDaily | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\DTGDaily\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

PRC - C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)

PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)

PRC - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe ()

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)

PRC - C:\Program Files\Dell\QuickSet\quickset.exe ()

PRC - c:\Program Files\Verizon Wireless\venturi\Client\VentC.exe (Venturi Wireless)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()

PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)

PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\WINDOWS\system32\BAsfIpM.exe (Broadcom Corp.)

PRC - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()

MOD - C:\Program Files\Java\jre7\bin\jp2native.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()

MOD - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe ()

MOD - C:\Program Files\CMS Peripherals\BounceBack Express\DevClass.dll ()

MOD - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqUtil.dll ()

MOD - C:\Program Files\Dell\QuickSet\quickset.exe ()

MOD - c:\Program Files\Verizon Wireless\venturi\Client\libj2k.dll ()

MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()

MOD - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()

MOD - C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL ()

MOD - c:\Program Files\Verizon Wireless\venturi\Client\hs_regex.dll ()

MOD - c:\Program Files\Verizon Wireless\venturi\Client\zlib.dll ()

MOD - c:\Program Files\Verizon Wireless\venturi\Client\mpi.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)

SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)

SRV - (Venturi2) -- c:\Program Files\Verizon Wireless\venturi\Client\VentC.exe (Venturi Wireless)

SRV - (WLANKEEPER) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)

SRV - (BAsfIpM) -- C:\WINDOWS\system32\BAsfIpM.exe (Broadcom Corp.)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)

DRV - (Airgo3P) -- C:\WINDOWS\system32\drivers\Lssrx42.sys (Airgo Networks, Inc.)

DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)

DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\TosRfbd.sys (TOSHIBA CORPORATION)

DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (kwkxusb) -- C:\WINDOWS\system32\drivers\kwusb2k.sys (Kyocera Wireless Corporation)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\TosRfhid.sys (TOSHIBA Corporation.)

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

DRV - (Tosrfcom) -- C:\WINDOWS\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)

DRV - (IWCA) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation)

DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)

DRV - (portD) -- C:\WINDOWS\system32\drivers\portd2k.sys (CMS Peripherals, Inc.)

DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)

DRV - (ifcprusb) -- C:\WINDOWS\system32\drivers\ifcprusb.sys (InFocus AS)

DRV - (BASFND) -- C:\WINDOWS\system32\drivers\BASFND.sys (Broadcom Corporation)

DRV - (SMNDIS5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys (Smith Micro Software, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: {B1ADF944-DB57-4eaf-A44F-720AAAF427F9}:2.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2163: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1212: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 06:36:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/24 11:07:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 15:43:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/24 11:07:49 | 000,000,000 | ---D | M]

[2010/04/22 21:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DTGDaily\Application Data\Mozilla\Extensions

[2010/04/22 21:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DTGDaily\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/11/12 10:34:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DTGDaily\Application Data\Mozilla\Firefox\Profiles\iouqe402.default\extensions

[2010/05/08 08:57:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DTGDaily\Application Data\Mozilla\Firefox\Profiles\iouqe402.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/08 10:29:04 | 000,000,000 | ---D | M] ("ww-plugin") -- C:\Documents and Settings\DTGDaily\Application Data\Mozilla\Firefox\Profiles\iouqe402.default\extensions\{B1ADF944-DB57-4eaf-A44F-720AAAF427F9}

[2011/11/12 15:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/11/12 15:43:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/11/04 19:21:03 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/04 19:21:03 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2011/11/04 19:21:03 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2011/11/04 19:21:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2011/11/04 19:21:03 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/10/11 12:58:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()

O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)

O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)

O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk = C:\Program Files\MFAX\MFNTCTL.EXE ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0 HD Edition.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/53/install/gtdownls.cab (LinkSys Content Update)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78EB8547-DA50-45BC-BDE9-9E5218B9B942}: DhcpNameServer = 68.87.69.150 68.87.85.102

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/11 14:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 08:44:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DTGDaily\Desktop\OTL.exe

[2011/11/27 20:05:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\DTGDaily\Desktop\dds.scr

[2011/11/17 07:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2011/11/12 15:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2011/11/12 11:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DTGDaily\Application Data\Avira

[2011/11/12 11:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira

[2011/11/12 11:35:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2011/11/12 11:35:57 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2011/11/12 11:35:57 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2011/11/12 11:35:57 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys

[2011/11/12 11:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011/11/12 11:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2011/11/10 13:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/11/10 13:50:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/11/10 13:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/28 08:45:24 | 000,042,786 | ---- | M] () -- C:\Documents and Settings\DTGDaily\Desktop\intruct.text

[2011/11/28 08:44:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DTGDaily\Desktop\OTL.exe

[2011/11/28 08:40:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/11/28 08:40:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/11/27 21:46:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Privacy Protection.lnk

[2011/11/27 20:11:40 | 000,012,194 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\041730n6j756f472t653x1hmb4g0

[2011/11/27 20:05:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\DTGDaily\Desktop\dds.scr

[2011/11/27 20:03:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/27 19:18:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/11/27 19:18:04 | 2138,497,024 | -HS- | M] () -- C:\hiberfil.sys

[2011/11/27 09:14:31 | 000,002,816 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1w15mg3p30e624

[2011/11/26 20:56:19 | 000,013,946 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q54qp10egtn1b47yak1cxuws82656ekrq

[2011/11/17 07:45:02 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2011/11/13 11:04:37 | 000,446,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/11/13 11:04:37 | 000,073,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/11/12 15:43:21 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\DTGDaily\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/11/12 15:43:21 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/11/12 11:36:23 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk

[2011/11/10 13:50:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/11/10 07:26:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/28 08:45:23 | 000,042,786 | ---- | C] () -- C:\Documents and Settings\DTGDaily\Desktop\intruct.text

[2011/11/27 21:46:47 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Privacy Protection.lnk

[2011/11/27 11:43:00 | 000,012,194 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\041730n6j756f472t653x1hmb4g0

[2011/11/27 08:52:50 | 000,002,816 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1w15mg3p30e624

[2011/11/25 10:57:38 | 000,013,946 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q54qp10egtn1b47yak1cxuws82656ekrq

[2011/11/17 07:45:02 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2011/11/12 15:43:21 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\DTGDaily\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/11/12 15:43:21 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/11/12 11:36:23 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk

[2011/11/12 11:05:17 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2011/11/10 13:50:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/10/13 08:40:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/06/19 19:51:48 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2011/06/19 19:51:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2011/06/19 19:51:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2011/06/19 19:51:48 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2011/06/19 19:51:48 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2011/06/19 19:51:48 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2011/06/19 19:51:48 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2011/06/19 19:51:48 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2011/06/19 19:51:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2011/06/19 19:51:48 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2011/06/19 19:51:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2011/06/19 19:51:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2011/06/19 19:51:48 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2011/06/19 19:51:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2011/06/19 19:51:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2011/06/19 19:51:48 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2011/06/19 19:51:48 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2011/06/19 19:51:48 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2011/06/19 19:51:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2010/12/27 09:52:10 | 000,112,984 | ---- | C] () -- C:\WINDOWS\hpoins07.dat

[2010/12/27 09:52:10 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat

[2010/12/24 10:58:58 | 000,206,597 | ---- | C] () -- C:\WINDOWS\hpwins28.dat

[2010/12/24 10:58:57 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat

[2010/12/24 09:21:44 | 000,207,251 | ---- | C] () -- C:\WINDOWS\hpwins28.dat.temp

[2010/12/24 09:21:44 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat.temp

[2010/12/19 13:00:32 | 000,112,527 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp

[2010/12/19 13:00:32 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp

[2010/05/02 11:01:30 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010/05/01 10:40:22 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\DTGDaily\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/17 16:03:25 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUNEZ1.dll

[2010/03/01 14:49:47 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2007/09/12 23:09:02 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini

[2007/09/12 23:01:44 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini

[2007/07/22 15:09:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\BBUninstall.exe

[2007/06/23 15:40:57 | 000,080,827 | ---- | C] () -- C:\WINDOWS\HPHins08.dat

[2007/06/23 15:40:57 | 000,003,987 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat

[2007/02/27 09:14:53 | 000,000,351 | ---- | C] () -- C:\WINDOWS\fpexplor.INI

[2007/02/27 09:12:32 | 000,000,429 | ---- | C] () -- C:\WINDOWS\frontpg.ini

[2006/08/25 13:10:01 | 000,008,914 | R--- | C] () -- C:\WINDOWS\System32\drivers\Lssrx4.bin

[2006/08/17 13:52:20 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/06/01 14:10:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2006/06/01 14:07:44 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe

[2006/06/01 14:06:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2005/09/28 16:08:27 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini

[2005/08/29 10:14:36 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005/08/15 14:52:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll

[2005/08/15 14:31:37 | 000,000,084 | ---- | C] () -- C:\WINDOWS\MFPD.INI

[2005/08/01 20:29:28 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe

[2005/07/26 15:35:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/07/21 09:58:17 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll

[2005/07/21 09:58:16 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat

[2005/07/21 09:58:16 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2005/07/21 09:44:15 | 000,106,047 | ---- | C] () -- C:\WINDOWS\System32\NWNETAPI.DLL

[2005/07/21 09:44:15 | 000,035,308 | ---- | C] () -- C:\WINDOWS\System32\NWIPXSPX.DLL

[2005/07/11 14:38:08 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2005/07/11 14:38:00 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe

[2005/07/11 14:37:20 | 000,006,519 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2005/07/02 05:15:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/07/02 05:12:38 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/07/02 05:11:15 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

[2005/07/02 04:52:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll

[2005/07/02 04:51:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe

[2005/07/02 04:51:20 | 000,000,371 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/12/03 05:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2004/09/23 00:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2004/09/15 20:57:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/12 05:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll

[2004/08/11 14:24:19 | 000,000,883 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/11 14:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/11 14:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/11 14:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/11 14:06:43 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/11 14:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/11 14:00:28 | 000,446,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/11 14:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/11 14:00:28 | 000,073,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/11 14:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/11 14:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/11 14:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/11 14:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/11 14:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/11 14:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/11 14:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/11 14:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/07/21 07:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004/01/16 04:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

[2003/07/30 05:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll

[2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/06/28 12:20:54 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat

[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2005/07/11 13:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA1A6.tmp

[2010/04/17 16:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTIReg

[2011/06/19 20:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic

[2008/05/21 10:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2011/10/13 17:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/12/19 13:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DTGDaily\Application Data\Image Zone Express

[2010/05/16 05:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DTGDaily\Application Data\Thunderbird

[2011/10/11 14:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DTGDaily\Application Data\ZipGenius

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Documents\vid1.mpg:SummaryInformation

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 11/28/2011 8:46:40 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\DTGDaily\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.93% Memory free

2.58 Gb Paging File | 1.92 Gb Available in Paging File | 74.43% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.81 Gb Total Space | 9.06 Gb Free Space | 16.24% Space Free | Partition Type: NTFS

Computer Name: SPROCKET | User Name: DTGDaily | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft FrontPage\bin\fpeditor.exe"

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe

"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()

"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe

"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe

"C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe

"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)

"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()

"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000 SR-1

"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600

"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications

"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java 7

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation

"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload

"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express

"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes

"{59C9A627-5F4A-47c4-94FD-9A886F5AC971}" = PS330

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz

"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper

"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore

"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin

"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset

"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08

"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme

"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus

"{95632566-071E-4A02-92C1-4BD907065736}" = BounceBack Express

"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0 HD Edition

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C59FA2E-EEDA-41FA-90AC-F8FCBD032E85}" = Venturi Client 3.1.4

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper

"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport

"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp

"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks

"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.2.1030A)

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Illustrator 9.0.1" = Adobe Illustrator 9.0.1

"Adobe Photoshop 5.0.2" = Adobe Photoshop 5.0.2

"Avidemux 2.5" = Avidemux 2.5

"Avira AntiVir Desktop" = Avira Free Antivirus

"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem

"ESET Online Scanner" = ESET Online Scanner v3

"FileMaker Pro 4.0" = FileMaker Pro 4.0

"HP Document Manager" = HP Document Manager 2.0

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"ie8" = Windows Internet Explorer 8

"InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE

"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications

"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes

"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2

"interneTIFFN" = interneTIFF 6.2-FREE (Netscape Browser)

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Basic)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MightyFax" = MightyFax

"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)

"Mozilla Thunderbird (1.0.6)" = Mozilla Thunderbird (1.0.6)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"ProInst" = Intel® PROSet/Wireless Software

"RealPlayer 6.0" = RealPlayer

"Security Task Manager" = Security Task Manager 1.7e

"ShockwaveFlash" = Macromedia Flash Player 8

"Shop for HP Supplies" = Shop for HP Supplies

"TurboTax 2008" = TurboTax 2008

"TurboTax Deluxe 2007" = TurboTax Deluxe 2007

"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006

"TurboTax Premier 2004" = TurboTax Premier 2004

"TurboTax Premier 2005" = TurboTax Premier 2005

"TurboTax Premier Home & Business 2003" = TurboTax Premier Home & Business 2003

"VZAccess Manager" = VZAccess Manager

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/27/2011 8:28:50 PM | Computer Name = SPROCKET | Source = FolderSize | ID = 0

Description =

Error - 11/27/2011 8:32:16 PM | Computer Name = SPROCKET | Source = Application Hang | ID = 1002

Description = Hanging application fnq.exe, version 5.3.2600.2180, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 11/27/2011 8:34:09 PM | Computer Name = SPROCKET | Source = FolderSize | ID = 0

Description =

Error - 11/27/2011 11:20:49 PM | Computer Name = SPROCKET | Source = FolderSize | ID = 0

Description =

Error - 11/27/2011 11:22:03 PM | Computer Name = SPROCKET | Source = Application Hang | ID = 1002

Description = Hanging application fnq.exe, version 5.3.2600.2180, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 11/27/2011 11:30:34 PM | Computer Name = SPROCKET | Source = Application Hang | ID = 1002

Description = Hanging application fnq.exe, version 5.3.2600.2180, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 11/27/2011 11:31:56 PM | Computer Name = SPROCKET | Source = Application Hang | ID = 1002

Description = Hanging application fnq.exe, version 5.3.2600.2180, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 11/28/2011 12:11:28 AM | Computer Name = SPROCKET | Source = Application Hang | ID = 1002

Description = Hanging application fnq.exe, version 5.3.2600.2180, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 11/28/2011 12:12:22 AM | Computer Name = SPROCKET | Source = Application Hang | ID = 1002

Description = Hanging application fnq.exe, version 5.3.2600.2180, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 11/28/2011 12:59:39 AM | Computer Name = SPROCKET | Source = FolderSize | ID = 0

Description =

[ System Events ]

Error - 11/27/2011 8:11:31 PM | Computer Name = SPROCKET | Source = Service Control Manager | ID = 7034

Description = The Venturi Client service terminated unexpectedly. It has done this

1 time(s).

Error - 11/27/2011 8:12:45 PM | Computer Name = SPROCKET | Source = DCOM | ID = 10010

Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register

with DCOM within the required timeout.

Error - 11/27/2011 8:16:55 PM | Computer Name = SPROCKET | Source = SRService | ID = 104

Description = The System Restore initialization process failed.

Error - 11/27/2011 8:17:01 PM | Computer Name = SPROCKET | Source = Service Control Manager | ID = 7023

Description = The System Restore Service service terminated with the following error:

%%2

Error - 11/27/2011 8:17:09 PM | Computer Name = SPROCKET | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Lbd SoundManager

Error - 11/27/2011 11:16:01 PM | Computer Name = SPROCKET | Source = Service Control Manager | ID = 7034

Description = The Venturi Client service terminated unexpectedly. It has done this

1 time(s).

Error - 11/27/2011 11:20:08 PM | Computer Name = SPROCKET | Source = SRService | ID = 104

Description = The System Restore initialization process failed.

Error - 11/27/2011 11:20:13 PM | Computer Name = SPROCKET | Source = Service Control Manager | ID = 7023

Description = The System Restore Service service terminated with the following error:

%%2

Error - 11/27/2011 11:20:24 PM | Computer Name = SPROCKET | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Lbd SoundManager

Error - 11/28/2011 1:46:46 AM | Computer Name = SPROCKET | Source = Service Control Manager | ID = 7034

Description = The Print Spooler service terminated unexpectedly. It has done this

1 time(s).

< End of report >

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-11-28 08:56:57

-----------------------------

08:56:57.812 OS Version: Windows 5.1.2600 Service Pack 3

08:56:57.812 Number of processors: 1 586 0xD08

08:56:57.812 ComputerName: SPROCKET UserName: DTGDaily

08:56:58.406 Initialize success

08:57:23.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

08:57:23.000 Disk 0 Vendor: FUJITSU_MHV2060AH 00000096 Size: 57231MB BusType: 3

08:57:25.031 Disk 0 MBR read successfully

08:57:25.031 Disk 0 MBR scan

08:57:25.031 Disk 0 Windows XP default MBR code

08:57:25.046 Disk 0 scanning sectors +117178110

08:57:25.125 Disk 0 scanning C:\WINDOWS\system32\drivers

08:57:38.796 Service scanning

08:57:40.265 Modules scanning

08:57:47.718 Disk 0 trace - called modules:

08:57:47.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

08:57:47.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a803ab8]

08:57:47.765 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a823940]

08:57:47.765 Scan finished successfully

08:58:06.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DTGDaily\Desktop\MBR.dat"

08:58:06.000 The log file has been saved successfully to "C:\Documents and Settings\DTGDaily\Desktop\aswMBR.txt"

Link to post
Share on other sites

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
[2011/11/27 21:46:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Privacy Protection.lnk
[2011/11/27 20:11:40 | 000,012,194 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\041730n6j756f472t653x1hmb4g0
[2011/11/27 09:14:31 | 000,002,816 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1w15mg3p30e624
[2011/11/26 20:56:19 | 000,013,946 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q54qp10egtn1b47yak1cxuws82656ekrq

:Commands
[emptytemp]
[clearallrestorepoints]
[createrestorepoint]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

OTL required a reboot. Then produced a log:

All processes killed

========== OTL ==========

C:\Documents and Settings\All Users\Desktop\Privacy Protection.lnk moved successfully.

C:\Documents and Settings\All Users\Application Data\041730n6j756f472t653x1hmb4g0 moved successfully.

C:\Documents and Settings\All Users\Application Data\1w15mg3p30e624 moved successfully.

C:\Documents and Settings\All Users\Application Data\q54qp10egtn1b47yak1cxuws82656ekrq moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Copy of peanut

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 41 bytes

User: DTGDaily

->Temp folder emptied: 57408546 bytes

->Temporary Internet Files folder emptied: 6980798 bytes

->Java cache emptied: 20628 bytes

->FireFox cache emptied: 84096776 bytes

->Flash cache emptied: 12947 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 202479 bytes

->Java cache emptied: 15046 bytes

->FireFox cache emptied: 93463203 bytes

->Flash cache emptied: 2786 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1992518 bytes

->Flash cache emptied: 300 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: peanut

->Temp folder emptied: 13236140 bytes

->Temporary Internet Files folder emptied: 171194951 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 37222891 bytes

->Flash cache emptied: 26761 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 17305108 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 117713001 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 42852 bytes

Total Files Cleaned = 573.00 mb

Unable to start service SRService!

Unable to start service SrService!

OTL by OldTimer - Version 3.2.31.0 log created on 11282011_123816

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Good! :)

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

I didn't see anything requiring/allowing "cure." Log pasted below:

14:40:21.0187 2456 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

14:40:21.0593 2456 ============================================================

14:40:21.0593 2456 Current date / time: 2011/11/28 14:40:21.0593

14:40:21.0593 2456 SystemInfo:

14:40:21.0593 2456

14:40:21.0593 2456 OS Version: 5.1.2600 ServicePack: 3.0

14:40:21.0593 2456 Product type: Workstation

14:40:21.0593 2456 ComputerName: SPROCKET

14:40:21.0593 2456 UserName: DTGDaily

14:40:21.0593 2456 Windows directory: C:\WINDOWS

14:40:21.0593 2456 System windows directory: C:\WINDOWS

14:40:21.0593 2456 Processor architecture: Intel x86

14:40:21.0593 2456 Number of processors: 1

14:40:21.0593 2456 Page size: 0x1000

14:40:21.0593 2456 Boot type: Normal boot

14:40:21.0593 2456 ============================================================

14:40:23.0453 2456 Initialize success

14:41:12.0218 2524 ============================================================

14:41:12.0218 2524 Scan started

14:41:12.0218 2524 Mode: Manual; SigCheck; TDLFS;

14:41:12.0218 2524 ============================================================

14:41:12.0562 2524 Abiosdsk - ok

14:41:12.0640 2524 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

14:41:15.0296 2524 abp480n5 - ok

14:41:15.0468 2524 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

14:41:15.0765 2524 ACPI - ok

14:41:15.0828 2524 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

14:41:15.0984 2524 ACPIEC - ok

14:41:16.0062 2524 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

14:41:16.0218 2524 adpu160m - ok

14:41:16.0265 2524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

14:41:16.0390 2524 aec - ok

14:41:16.0453 2524 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys

14:41:16.0468 2524 AegisP ( UnsignedFile.Multi.Generic ) - warning

14:41:16.0468 2524 AegisP - detected UnsignedFile.Multi.Generic (1)

14:41:16.0609 2524 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

14:41:16.0703 2524 AFD - ok

14:41:16.0812 2524 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

14:41:16.0984 2524 agp440 - ok

14:41:17.0031 2524 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

14:41:17.0250 2524 agpCPQ - ok

14:41:17.0296 2524 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

14:41:17.0390 2524 Aha154x - ok

14:41:17.0468 2524 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

14:41:17.0625 2524 aic78u2 - ok

14:41:17.0671 2524 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

14:41:17.0828 2524 aic78xx - ok

14:41:17.0984 2524 Airgo3P (9bde71796e82966c0d13ed5c67c1ed59) C:\WINDOWS\system32\DRIVERS\Lssrx42.sys

14:41:18.0109 2524 Airgo3P - ok

14:41:18.0218 2524 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

14:41:18.0421 2524 AliIde - ok

14:41:18.0484 2524 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

14:41:18.0703 2524 alim1541 - ok

14:41:18.0750 2524 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

14:41:18.0984 2524 amdagp - ok

14:41:19.0015 2524 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

14:41:19.0140 2524 amsint - ok

14:41:19.0265 2524 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

14:41:19.0359 2524 ApfiltrService - ok

14:41:19.0500 2524 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

14:41:19.0515 2524 APPDRV ( UnsignedFile.Multi.Generic ) - warning

14:41:19.0515 2524 APPDRV - detected UnsignedFile.Multi.Generic (1)

14:41:19.0593 2524 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

14:41:19.0812 2524 asc - ok

14:41:19.0843 2524 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

14:41:19.0953 2524 asc3350p - ok

14:41:20.0000 2524 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

14:41:20.0265 2524 asc3550 - ok

14:41:20.0421 2524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

14:41:20.0546 2524 AsyncMac - ok

14:41:20.0578 2524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

14:41:20.0718 2524 atapi - ok

14:41:20.0734 2524 Atdisk - ok

14:41:20.0765 2524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

14:41:20.0953 2524 Atmarpc - ok

14:41:21.0046 2524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

14:41:21.0203 2524 audstub - ok

14:41:21.0250 2524 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

14:41:21.0265 2524 avgntflt - ok

14:41:21.0296 2524 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys

14:41:21.0312 2524 avipbb - ok

14:41:21.0328 2524 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

14:41:21.0343 2524 avkmgr - ok

14:41:21.0375 2524 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

14:41:21.0437 2524 b57w2k - ok

14:41:21.0593 2524 BASFND (3d87b0484be1093c6614062701f375c5) C:\WINDOWS\system32\Drivers\BASFND.sys

14:41:21.0609 2524 BASFND ( UnsignedFile.Multi.Generic ) - warning

14:41:21.0609 2524 BASFND - detected UnsignedFile.Multi.Generic (1)

14:41:21.0640 2524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

14:41:21.0781 2524 Beep - ok

14:41:21.0828 2524 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

14:41:22.0062 2524 cbidf - ok

14:41:22.0156 2524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

14:41:22.0343 2524 cbidf2k - ok

14:41:22.0421 2524 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

14:41:22.0625 2524 CCDECODE - ok

14:41:22.0703 2524 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

14:41:22.0812 2524 cd20xrnt - ok

14:41:22.0875 2524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

14:41:23.0078 2524 Cdaudio - ok

14:41:23.0218 2524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

14:41:23.0453 2524 Cdfs - ok

14:41:23.0500 2524 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

14:41:23.0625 2524 Cdrom - ok

14:41:23.0796 2524 CFcatchme - ok

14:41:23.0890 2524 Changer - ok

14:41:23.0921 2524 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

14:41:24.0078 2524 CmBatt - ok

14:41:24.0109 2524 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

14:41:24.0265 2524 CmdIde - ok

14:41:24.0312 2524 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

14:41:24.0500 2524 Compbatt - ok

14:41:24.0562 2524 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

14:41:24.0796 2524 Cpqarray - ok

14:41:24.0906 2524 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

14:41:25.0140 2524 dac2w2k - ok

14:41:25.0218 2524 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

14:41:25.0453 2524 dac960nt - ok

14:41:25.0531 2524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

14:41:25.0703 2524 Disk - ok

14:41:25.0875 2524 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

14:41:26.0156 2524 dmboot - ok

14:41:26.0187 2524 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

14:41:26.0453 2524 dmio - ok

14:41:26.0500 2524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

14:41:26.0656 2524 dmload - ok

14:41:26.0750 2524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

14:41:26.0875 2524 DMusic - ok

14:41:26.0921 2524 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

14:41:27.0093 2524 dpti2o - ok

14:41:27.0156 2524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

14:41:27.0312 2524 drmkaud - ok

14:41:27.0359 2524 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys

14:41:27.0375 2524 drvmcdb ( UnsignedFile.Multi.Generic ) - warning

14:41:27.0375 2524 drvmcdb - detected UnsignedFile.Multi.Generic (1)

14:41:27.0468 2524 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys

14:41:27.0500 2524 drvnddm ( UnsignedFile.Multi.Generic ) - warning

14:41:27.0500 2524 drvnddm - detected UnsignedFile.Multi.Generic (1)

14:41:27.0578 2524 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

14:41:27.0765 2524 E100B - ok

14:41:27.0828 2524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

14:41:27.0984 2524 Fastfat - ok

14:41:28.0109 2524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

14:41:28.0296 2524 Fdc - ok

14:41:28.0359 2524 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

14:41:28.0546 2524 Fips - ok

14:41:28.0609 2524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

14:41:28.0828 2524 Flpydisk - ok

14:41:28.0906 2524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

14:41:29.0093 2524 FltMgr - ok

14:41:29.0203 2524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

14:41:29.0390 2524 Fs_Rec - ok

14:41:29.0515 2524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

14:41:29.0718 2524 Ftdisk - ok

14:41:29.0796 2524 GEARAspiWDM (6f55305289a0765bd8ae8e8d32f17117) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

14:41:29.0812 2524 GEARAspiWDM - ok

14:41:29.0937 2524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

14:41:30.0187 2524 Gpc - ok

14:41:30.0234 2524 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys

14:41:30.0281 2524 GTIPCI21 - ok

14:41:30.0343 2524 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

14:41:30.0468 2524 HidUsb - ok

14:41:30.0515 2524 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

14:41:30.0656 2524 hpn - ok

14:41:30.0718 2524 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

14:41:31.0140 2524 HPZid412 - ok

14:41:31.0281 2524 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

14:41:31.0359 2524 HPZipr12 - ok

14:41:31.0421 2524 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

14:41:31.0515 2524 HPZius12 - ok

14:41:31.0609 2524 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

14:41:31.0687 2524 HSFHWICH - ok

14:41:31.0812 2524 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

14:41:32.0000 2524 HSF_DP - ok

14:41:32.0203 2524 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

14:41:32.0265 2524 HTTP - ok

14:41:32.0375 2524 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

14:41:32.0609 2524 i2omgmt - ok

14:41:32.0656 2524 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

14:41:32.0812 2524 i2omp - ok

14:41:32.0875 2524 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

14:41:33.0000 2524 i8042prt - ok

14:41:33.0140 2524 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

14:41:33.0359 2524 ialm - ok

14:41:33.0546 2524 ifcprusb (e2ca11c27b197333192669f22dd73be4) C:\WINDOWS\system32\drivers\ifcprusb.sys

14:41:33.0578 2524 ifcprusb ( UnsignedFile.Multi.Generic ) - warning

14:41:33.0578 2524 ifcprusb - detected UnsignedFile.Multi.Generic (1)

14:41:33.0656 2524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

14:41:33.0875 2524 Imapi - ok

14:41:33.0937 2524 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

14:41:34.0109 2524 ini910u - ok

14:41:34.0140 2524 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

14:41:34.0265 2524 IntelIde - ok

14:41:34.0296 2524 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

14:41:34.0421 2524 intelppm - ok

14:41:34.0484 2524 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

14:41:34.0640 2524 Ip6Fw - ok

14:41:34.0671 2524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

14:41:34.0812 2524 IpFilterDriver - ok

14:41:34.0968 2524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

14:41:35.0093 2524 IpInIp - ok

14:41:35.0156 2524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

14:41:35.0312 2524 IpNat - ok

14:41:35.0343 2524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

14:41:35.0515 2524 IPSec - ok

14:41:35.0562 2524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

14:41:35.0750 2524 IRENUM - ok

14:41:35.0796 2524 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

14:41:35.0968 2524 isapnp - ok

14:41:36.0046 2524 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys

14:41:36.0109 2524 IWCA - ok

14:41:36.0281 2524 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

14:41:36.0421 2524 Kbdclass - ok

14:41:36.0468 2524 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

14:41:36.0609 2524 kbdhid - ok

14:41:36.0671 2524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

14:41:36.0859 2524 kmixer - ok

14:41:36.0921 2524 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

14:41:37.0078 2524 KSecDD - ok

14:41:37.0156 2524 kwkxusb (d0f8ab4cf2b4ff70e2502ecda0c2e2bf) C:\WINDOWS\system32\DRIVERS\kwusb2k.sys

14:41:37.0250 2524 kwkxusb - ok

14:41:37.0281 2524 Lbd - ok

14:41:37.0296 2524 lbrtfdc - ok

14:41:37.0343 2524 MBAMSwissArmy - ok

14:41:37.0406 2524 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

14:41:37.0437 2524 mdmxsdk - ok

14:41:37.0609 2524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

14:41:37.0859 2524 mnmdd - ok

14:41:37.0953 2524 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

14:41:38.0093 2524 Modem - ok

14:41:38.0125 2524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:41:38.0265 2524 Mouclass - ok

14:41:38.0328 2524 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

14:41:38.0453 2524 mouhid - ok

14:41:38.0500 2524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

14:41:38.0656 2524 MountMgr - ok

14:41:38.0718 2524 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

14:41:38.0937 2524 mraid35x - ok

14:41:38.0984 2524 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:41:39.0171 2524 MRxDAV - ok

14:41:39.0312 2524 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

14:41:39.0390 2524 MRxSmb - ok

14:41:39.0484 2524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

14:41:39.0656 2524 Msfs - ok

14:41:39.0718 2524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:41:39.0953 2524 MSKSSRV - ok

14:41:40.0078 2524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:41:40.0234 2524 MSPCLOCK - ok

14:41:40.0328 2524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

14:41:40.0453 2524 MSPQM - ok

14:41:40.0531 2524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:41:40.0703 2524 mssmbios - ok

14:41:40.0828 2524 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

14:41:41.0046 2524 MSTEE - ok

14:41:41.0125 2524 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

14:41:41.0218 2524 Mup - ok

14:41:41.0328 2524 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

14:41:41.0562 2524 NABTSFEC - ok

14:41:41.0718 2524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

14:41:41.0843 2524 NDIS - ok

14:41:41.0984 2524 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

14:41:42.0156 2524 NdisIP - ok

14:41:42.0250 2524 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:41:42.0296 2524 NdisTapi - ok

14:41:42.0343 2524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:41:42.0546 2524 Ndisuio - ok

14:41:42.0593 2524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:41:42.0781 2524 NdisWan - ok

14:41:42.0906 2524 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

14:41:42.0984 2524 NDProxy - ok

14:41:43.0140 2524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

14:41:43.0328 2524 NetBIOS - ok

14:41:43.0421 2524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

14:41:43.0671 2524 NetBT - ok

14:41:43.0718 2524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

14:41:43.0859 2524 Npfs - ok

14:41:43.0921 2524 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

14:41:44.0078 2524 Ntfs - ok

14:41:44.0171 2524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

14:41:44.0296 2524 Null - ok

14:41:44.0453 2524 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

14:41:44.0765 2524 nv - ok

14:41:44.0921 2524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:41:45.0171 2524 NwlnkFlt - ok

14:41:45.0203 2524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:41:45.0359 2524 NwlnkFwd - ok

14:41:45.0437 2524 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

14:41:45.0453 2524 omci ( UnsignedFile.Multi.Generic ) - warning

14:41:45.0453 2524 omci - detected UnsignedFile.Multi.Generic (1)

14:41:45.0531 2524 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

14:41:45.0671 2524 Parport - ok

14:41:45.0734 2524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

14:41:45.0890 2524 PartMgr - ok

14:41:45.0968 2524 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

14:41:46.0140 2524 ParVdm - ok

14:41:46.0218 2524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

14:41:46.0359 2524 PCI - ok

14:41:46.0390 2524 PCIDump - ok

14:41:46.0484 2524 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

14:41:46.0656 2524 PCIIde - ok

14:41:46.0750 2524 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

14:41:46.0921 2524 Pcmcia - ok

14:41:46.0937 2524 PDCOMP - ok

14:41:46.0953 2524 PDFRAME - ok

14:41:46.0984 2524 PDRELI - ok

14:41:47.0000 2524 PDRFRAME - ok

14:41:47.0062 2524 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

14:41:47.0296 2524 perc2 - ok

14:41:47.0328 2524 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

14:41:47.0546 2524 perc2hib - ok

14:41:47.0671 2524 portD (97152b53b88c82564cae86fe16635bdc) C:\WINDOWS\system32\DRIVERS\portd2k.sys

14:41:47.0671 2524 portD ( UnsignedFile.Multi.Generic ) - warning

14:41:47.0671 2524 portD - detected UnsignedFile.Multi.Generic (1)

14:41:47.0812 2524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:41:48.0000 2524 PptpMiniport - ok

14:41:48.0046 2524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

14:41:48.0234 2524 PSched - ok

14:41:48.0281 2524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:41:48.0500 2524 Ptilink - ok

14:41:48.0593 2524 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

14:41:48.0609 2524 PxHelp20 - ok

14:41:48.0656 2524 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

14:41:48.0812 2524 ql1080 - ok

14:41:48.0875 2524 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

14:41:49.0015 2524 Ql10wnt - ok

14:41:49.0046 2524 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

14:41:49.0250 2524 ql12160 - ok

14:41:49.0281 2524 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

14:41:49.0437 2524 ql1240 - ok

14:41:49.0562 2524 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

14:41:49.0750 2524 ql1280 - ok

14:41:49.0828 2524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:41:50.0000 2524 RasAcd - ok

14:41:50.0078 2524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:41:50.0265 2524 Rasl2tp - ok

14:41:50.0359 2524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:41:50.0546 2524 RasPppoe - ok

14:41:50.0593 2524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

14:41:50.0781 2524 Raspti - ok

14:41:50.0828 2524 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:41:50.0968 2524 Rdbss - ok

14:41:51.0000 2524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:41:51.0140 2524 RDPCDD - ok

14:41:51.0250 2524 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

14:41:51.0390 2524 rdpdr - ok

14:41:51.0484 2524 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

14:41:51.0562 2524 RDPWD - ok

14:41:51.0625 2524 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

14:41:51.0812 2524 redbook - ok

14:41:51.0953 2524 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys

14:41:51.0953 2524 Revoflt - ok

14:41:52.0031 2524 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys

14:41:52.0046 2524 s24trans ( UnsignedFile.Multi.Generic ) - warning

14:41:52.0046 2524 s24trans - detected UnsignedFile.Multi.Generic (1)

14:41:52.0140 2524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:41:52.0296 2524 Secdrv - ok

14:41:52.0421 2524 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

14:41:52.0609 2524 serenum - ok

14:41:52.0625 2524 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

14:41:52.0843 2524 Serial - ok

14:41:52.0890 2524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

14:41:53.0093 2524 Sfloppy - ok

14:41:53.0109 2524 Simbad - ok

14:41:53.0171 2524 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

14:41:53.0375 2524 sisagp - ok

14:41:53.0453 2524 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

14:41:53.0640 2524 SLIP - ok

14:41:53.0796 2524 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS

14:41:53.0812 2524 SMNDIS5 ( UnsignedFile.Multi.Generic ) - warning

14:41:53.0812 2524 SMNDIS5 - detected UnsignedFile.Multi.Generic (1)

14:41:53.0906 2524 SoundManager - ok

14:41:53.0953 2524 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

14:41:54.0078 2524 Sparrow - ok

14:41:54.0140 2524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

14:41:54.0328 2524 splitter - ok

14:41:54.0453 2524 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

14:41:54.0687 2524 sr - ok

14:41:54.0796 2524 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

14:41:54.0859 2524 Srv - ok

14:41:54.0906 2524 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

14:41:54.0921 2524 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning

14:41:54.0921 2524 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)

14:41:55.0031 2524 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

14:41:55.0031 2524 ssmdrv - ok

14:41:55.0062 2524 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

14:41:55.0078 2524 ssrtln ( UnsignedFile.Multi.Generic ) - warning

14:41:55.0078 2524 ssrtln - detected UnsignedFile.Multi.Generic (1)

14:41:55.0140 2524 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys

14:41:55.0187 2524 STAC97 - ok

14:41:55.0281 2524 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

14:41:55.0515 2524 StillCam - ok

14:41:55.0625 2524 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

14:41:55.0765 2524 streamip - ok

14:41:55.0828 2524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

14:41:55.0968 2524 swenum - ok

14:41:56.0015 2524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

14:41:56.0203 2524 swmidi - ok

14:41:56.0343 2524 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

14:41:56.0468 2524 symc810 - ok

14:41:56.0500 2524 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

14:41:56.0671 2524 symc8xx - ok

14:41:56.0703 2524 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

14:41:56.0875 2524 sym_hi - ok

14:41:57.0000 2524 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

14:41:57.0156 2524 sym_u3 - ok

14:41:57.0296 2524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

14:41:57.0453 2524 sysaudio - ok

14:41:57.0609 2524 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:41:57.0781 2524 Tcpip - ok

14:41:57.0828 2524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

14:41:58.0031 2524 TDPIPE - ok

14:41:58.0062 2524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

14:41:58.0312 2524 TDTCP - ok

14:41:58.0375 2524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

14:41:58.0515 2524 TermDD - ok

14:41:58.0656 2524 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys

14:41:58.0671 2524 tfsnboio ( UnsignedFile.Multi.Generic ) - warning

14:41:58.0671 2524 tfsnboio - detected UnsignedFile.Multi.Generic (1)

14:41:58.0796 2524 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys

14:41:58.0812 2524 tfsncofs ( UnsignedFile.Multi.Generic ) - warning

14:41:58.0812 2524 tfsncofs - detected UnsignedFile.Multi.Generic (1)

14:41:58.0875 2524 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys

14:41:58.0890 2524 tfsndrct ( UnsignedFile.Multi.Generic ) - warning

14:41:58.0890 2524 tfsndrct - detected UnsignedFile.Multi.Generic (1)

14:41:58.0953 2524 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys

14:41:58.0953 2524 tfsndres ( UnsignedFile.Multi.Generic ) - warning

14:41:58.0953 2524 tfsndres - detected UnsignedFile.Multi.Generic (1)

14:41:59.0000 2524 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys

14:41:59.0015 2524 tfsnifs ( UnsignedFile.Multi.Generic ) - warning

14:41:59.0015 2524 tfsnifs - detected UnsignedFile.Multi.Generic (1)

14:41:59.0046 2524 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys

14:41:59.0062 2524 tfsnopio ( UnsignedFile.Multi.Generic ) - warning

14:41:59.0062 2524 tfsnopio - detected UnsignedFile.Multi.Generic (1)

14:41:59.0093 2524 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys

14:41:59.0109 2524 tfsnpool ( UnsignedFile.Multi.Generic ) - warning

14:41:59.0109 2524 tfsnpool - detected UnsignedFile.Multi.Generic (1)

14:41:59.0156 2524 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys

14:41:59.0171 2524 tfsnudf ( UnsignedFile.Multi.Generic ) - warning

14:41:59.0171 2524 tfsnudf - detected UnsignedFile.Multi.Generic (1)

14:41:59.0218 2524 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys

14:41:59.0250 2524 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning

14:41:59.0250 2524 tfsnudfa - detected UnsignedFile.Multi.Generic (1)

14:41:59.0359 2524 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

14:41:59.0640 2524 TosIde - ok

14:41:59.0703 2524 Tosrfbd (47bb36a3db94807bc26c280d1ce4a243) C:\WINDOWS\system32\Drivers\tosrfbd.sys

14:41:59.0718 2524 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning

14:41:59.0718 2524 Tosrfbd - detected UnsignedFile.Multi.Generic (1)

14:41:59.0843 2524 Tosrfcom (d185be751021bcf1e5d58566d408314a) C:\WINDOWS\system32\drivers\Tosrfcom.sys

14:41:59.0859 2524 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning

14:41:59.0859 2524 Tosrfcom - detected UnsignedFile.Multi.Generic (1)

14:41:59.0921 2524 Tosrfhid (341612b9758054e5965bcd6ae111b8f9) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

14:41:59.0937 2524 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning

14:41:59.0937 2524 Tosrfhid - detected UnsignedFile.Multi.Generic (1)

14:42:00.0000 2524 Tosrfusb (ddb8a339e57d514768f45d33b11bdb50) C:\WINDOWS\system32\Drivers\tosrfusb.sys

14:42:00.0015 2524 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning

14:42:00.0015 2524 Tosrfusb - detected UnsignedFile.Multi.Generic (1)

14:42:00.0140 2524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

14:42:00.0265 2524 Udfs - ok

14:42:00.0390 2524 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

14:42:00.0531 2524 ultra - ok

14:42:00.0671 2524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

14:42:00.0906 2524 Update - ok

14:42:01.0062 2524 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

14:42:01.0218 2524 usbaudio - ok

14:42:01.0296 2524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

14:42:01.0421 2524 usbccgp - ok

14:42:01.0468 2524 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:42:01.0640 2524 usbehci - ok

14:42:01.0750 2524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:42:01.0937 2524 usbhub - ok

14:42:02.0015 2524 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

14:42:02.0234 2524 usbohci - ok

14:42:02.0421 2524 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

14:42:02.0640 2524 usbprint - ok

14:42:02.0718 2524 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

14:42:02.0906 2524 usbscan - ok

14:42:02.0968 2524 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:42:03.0109 2524 USBSTOR - ok

14:42:03.0140 2524 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

14:42:03.0296 2524 usbuhci - ok

14:42:03.0421 2524 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

14:42:03.0578 2524 usbvideo - ok

14:42:03.0625 2524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

14:42:03.0765 2524 VgaSave - ok

14:42:03.0812 2524 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

14:42:04.0015 2524 viaagp - ok

14:42:04.0156 2524 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

14:42:04.0375 2524 ViaIde - ok

14:42:04.0437 2524 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

14:42:04.0625 2524 VolSnap - ok

14:42:04.0921 2524 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys

14:42:05.0359 2524 w29n51 - ok

14:42:05.0562 2524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:42:05.0796 2524 Wanarp - ok

14:42:05.0906 2524 WDICA - ok

14:42:06.0000 2524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

14:42:06.0140 2524 wdmaud - ok

14:42:06.0296 2524 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

14:42:06.0390 2524 winachsf - ok

14:42:06.0546 2524 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

14:42:06.0750 2524 WS2IFSL - ok

14:42:06.0875 2524 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

14:42:07.0078 2524 WSTCODEC - ok

14:42:07.0203 2524 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:42:07.0265 2524 WudfPf - ok

14:42:07.0312 2524 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:42:07.0359 2524 WudfRd - ok

14:42:07.0468 2524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

14:42:07.0765 2524 \Device\Harddisk0\DR0 - ok

14:42:07.0781 2524 Boot (0x1200) (59e81e6d8834e319b88ba57edfc3e076) \Device\Harddisk0\DR0\Partition0

14:42:07.0781 2524 \Device\Harddisk0\DR0\Partition0 - ok

14:42:07.0781 2524 ============================================================

14:42:07.0781 2524 Scan finished

14:42:07.0781 2524 ============================================================

14:42:07.0906 0824 Detected object count: 25

14:42:07.0906 0824 Actual detected object count: 25

14:43:30.0250 0824 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0250 0824 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0250 0824 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0250 0824 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0250 0824 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0250 0824 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0250 0824 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0250 0824 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0265 0824 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0265 0824 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0265 0824 ifcprusb ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0265 0824 ifcprusb ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0265 0824 omci ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0265 0824 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0265 0824 portD ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0265 0824 portD ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0265 0824 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0265 0824 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0265 0824 SMNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0265 0824 SMNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0265 0824 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0265 0824 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0265 0824 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0265 0824 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0281 0824 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0281 0824 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0281 0824 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0281 0824 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0281 0824 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0281 0824 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0281 0824 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0281 0824 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0281 0824 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0281 0824 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0281 0824 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0281 0824 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0281 0824 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0281 0824 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0281 0824 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0281 0824 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0296 0824 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0296 0824 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0296 0824 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0296 0824 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0296 0824 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0296 0824 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0296 0824 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0296 0824 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:43:30.0296 0824 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user

14:43:30.0296 0824 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:44:19.0000 3920 ============================================================

14:44:19.0000 3920 Scan started

14:44:19.0000 3920 Mode: Manual; SigCheck; TDLFS;

14:44:19.0000 3920 ============================================================

14:44:19.0796 3920 Abiosdsk - ok

14:44:19.0875 3920 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

14:44:20.0125 3920 abp480n5 - ok

14:44:20.0234 3920 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

14:44:20.0453 3920 ACPI - ok

14:44:20.0500 3920 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

14:44:20.0656 3920 ACPIEC - ok

14:44:20.0687 3920 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

14:44:20.0828 3920 adpu160m - ok

14:44:20.0875 3920 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

14:44:21.0000 3920 aec - ok

14:44:21.0187 3920 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys

14:44:21.0203 3920 AegisP ( UnsignedFile.Multi.Generic ) - warning

14:44:21.0203 3920 AegisP - detected UnsignedFile.Multi.Generic (1)

14:44:21.0265 3920 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

14:44:21.0296 3920 AFD - ok

14:44:21.0343 3920 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

14:44:21.0500 3920 agp440 - ok

14:44:21.0578 3920 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

14:44:21.0796 3920 agpCPQ - ok

14:44:21.0859 3920 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

14:44:21.0953 3920 Aha154x - ok

14:44:22.0015 3920 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

14:44:22.0171 3920 aic78u2 - ok

14:44:22.0218 3920 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

14:44:22.0390 3920 aic78xx - ok

14:44:22.0593 3920 Airgo3P (9bde71796e82966c0d13ed5c67c1ed59) C:\WINDOWS\system32\DRIVERS\Lssrx42.sys

14:44:22.0656 3920 Airgo3P - ok

14:44:22.0718 3920 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

14:44:22.0875 3920 AliIde - ok

14:44:22.0921 3920 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

14:44:23.0140 3920 alim1541 - ok

14:44:23.0203 3920 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

14:44:23.0421 3920 amdagp - ok

14:44:23.0468 3920 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

14:44:23.0578 3920 amsint - ok

14:44:23.0625 3920 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

14:44:23.0671 3920 ApfiltrService - ok

14:44:23.0875 3920 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

14:44:23.0875 3920 APPDRV ( UnsignedFile.Multi.Generic ) - warning

14:44:23.0875 3920 APPDRV - detected UnsignedFile.Multi.Generic (1)

14:44:23.0937 3920 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

14:44:24.0203 3920 asc - ok

14:44:24.0250 3920 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

14:44:24.0312 3920 asc3350p - ok

14:44:24.0359 3920 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

14:44:24.0515 3920 asc3550 - ok

14:44:24.0593 3920 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

14:44:24.0734 3920 AsyncMac - ok

14:44:24.0781 3920 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

14:44:24.0906 3920 atapi - ok

14:44:24.0921 3920 Atdisk - ok

14:44:24.0984 3920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

14:44:25.0125 3920 Atmarpc - ok

14:44:25.0218 3920 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

14:44:25.0359 3920 audstub - ok

14:44:25.0531 3920 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

14:44:25.0562 3920 avgntflt - ok

14:44:25.0593 3920 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys

14:44:25.0609 3920 avipbb - ok

14:44:25.0640 3920 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

14:44:25.0656 3920 avkmgr - ok

14:44:25.0703 3920 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

14:44:25.0718 3920 b57w2k - ok

14:44:25.0812 3920 BASFND (3d87b0484be1093c6614062701f375c5) C:\WINDOWS\system32\Drivers\BASFND.sys

14:44:25.0828 3920 BASFND ( UnsignedFile.Multi.Generic ) - warning

14:44:25.0828 3920 BASFND - detected UnsignedFile.Multi.Generic (1)

14:44:25.0859 3920 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

14:44:26.0046 3920 Beep - ok

14:44:26.0125 3920 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

14:44:26.0390 3920 cbidf - ok

14:44:26.0406 3920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

14:44:26.0546 3920 cbidf2k - ok

14:44:26.0609 3920 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

14:44:26.0765 3920 CCDECODE - ok

14:44:26.0828 3920 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

14:44:26.0906 3920 cd20xrnt - ok

14:44:27.0046 3920 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

14:44:27.0187 3920 Cdaudio - ok

14:44:27.0281 3920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

14:44:27.0468 3920 Cdfs - ok

14:44:27.0515 3920 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

14:44:27.0703 3920 Cdrom - ok

14:44:27.0875 3920 CFcatchme - ok

14:44:27.0906 3920 Changer - ok

14:44:27.0937 3920 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

14:44:28.0125 3920 CmBatt - ok

14:44:28.0187 3920 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

14:44:28.0375 3920 CmdIde - ok

14:44:28.0421 3920 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

14:44:28.0640 3920 Compbatt - ok

14:44:28.0734 3920 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

14:44:28.0906 3920 Cpqarray - ok

14:44:29.0062 3920 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

14:44:29.0234 3920 dac2w2k - ok

14:44:29.0265 3920 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

14:44:29.0484 3920 dac960nt - ok

14:44:29.0578 3920 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

14:44:29.0750 3920 Disk - ok

14:44:29.0843 3920 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

14:44:30.0109 3920 dmboot - ok

14:44:30.0140 3920 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

14:44:30.0328 3920 dmio - ok

14:44:30.0359 3920 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

14:44:30.0562 3920 dmload - ok

14:44:30.0609 3920 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

14:44:30.0796 3920 DMusic - ok

14:44:30.0875 3920 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

14:44:31.0093 3920 dpti2o - ok

14:44:31.0234 3920 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

14:44:31.0421 3920 drmkaud - ok

14:44:31.0468 3920 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys

14:44:31.0500 3920 drvmcdb ( UnsignedFile.Multi.Generic ) - warning

14:44:31.0500 3920 drvmcdb - detected UnsignedFile.Multi.Generic (1)

14:44:31.0531 3920 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys

14:44:31.0562 3920 drvnddm ( UnsignedFile.Multi.Generic ) - warning

14:44:31.0562 3920 drvnddm - detected UnsignedFile.Multi.Generic (1)

14:44:31.0625 3920 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

14:44:31.0875 3920 E100B - ok

14:44:31.0953 3920 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

14:44:32.0109 3920 Fastfat - ok

14:44:32.0156 3920 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

14:44:32.0296 3920 Fdc - ok

14:44:32.0328 3920 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

14:44:32.0453 3920 Fips - ok

14:44:32.0515 3920 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

14:44:32.0671 3920 Flpydisk - ok

14:44:32.0828 3920 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

14:44:32.0968 3920 FltMgr - ok

14:44:33.0015 3920 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

14:44:33.0203 3920 Fs_Rec - ok

14:44:33.0296 3920 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

14:44:33.0515 3920 Ftdisk - ok

14:44:33.0593 3920 GEARAspiWDM (6f55305289a0765bd8ae8e8d32f17117) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

14:44:33.0609 3920 GEARAspiWDM - ok

14:44:33.0656 3920 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

14:44:33.0828 3920 Gpc - ok

14:44:33.0890 3920 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys

14:44:33.0921 3920 GTIPCI21 - ok

14:44:33.0984 3920 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

14:44:34.0218 3920 HidUsb - ok

14:44:34.0265 3920 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

14:44:34.0390 3920 hpn - ok

14:44:34.0453 3920 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

14:44:34.0484 3920 HPZid412 - ok

14:44:34.0656 3920 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

14:44:34.0703 3920 HPZipr12 - ok

14:44:34.0765 3920 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

14:44:34.0812 3920 HPZius12 - ok

14:44:34.0890 3920 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

14:44:34.0921 3920 HSFHWICH - ok

14:44:35.0031 3920 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

14:44:35.0125 3920 HSF_DP - ok

14:44:35.0218 3920 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

14:44:35.0265 3920 HTTP - ok

14:44:35.0437 3920 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

14:44:35.0671 3920 i2omgmt - ok

14:44:35.0718 3920 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

14:44:35.0875 3920 i2omp - ok

14:44:35.0921 3920 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

14:44:36.0046 3920 i8042prt - ok

14:44:36.0187 3920 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

14:44:36.0328 3920 ialm - ok

14:44:36.0390 3920 ifcprusb (e2ca11c27b197333192669f22dd73be4) C:\WINDOWS\system32\drivers\ifcprusb.sys

14:44:36.0421 3920 ifcprusb ( UnsignedFile.Multi.Generic ) - warning

14:44:36.0421 3920 ifcprusb - detected UnsignedFile.Multi.Generic (1)

14:44:36.0500 3920 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

14:44:36.0640 3920 Imapi - ok

14:44:36.0765 3920 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

14:44:37.0046 3920 ini910u - ok

14:44:37.0109 3920 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

14:44:37.0250 3920 IntelIde - ok

14:44:37.0296 3920 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

14:44:37.0421 3920 intelppm - ok

14:44:37.0468 3920 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

14:44:37.0625 3920 Ip6Fw - ok

14:44:37.0656 3920 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

14:44:37.0828 3920 IpFilterDriver - ok

14:44:37.0875 3920 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

14:44:38.0015 3920 IpInIp - ok

14:44:38.0062 3920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

14:44:38.0234 3920 IpNat - ok

14:44:38.0359 3920 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

14:44:38.0531 3920 IPSec - ok

14:44:38.0593 3920 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

14:44:38.0781 3920 IRENUM - ok

14:44:38.0843 3920 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

14:44:39.0015 3920 isapnp - ok

14:44:39.0093 3920 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys

14:44:39.0125 3920 IWCA - ok

14:44:39.0156 3920 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

14:44:39.0296 3920 Kbdclass - ok

14:44:39.0359 3920 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

14:44:39.0500 3920 kbdhid - ok

14:44:39.0546 3920 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

14:44:39.0718 3920 kmixer - ok

14:44:39.0796 3920 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

14:44:39.0828 3920 KSecDD - ok

14:44:40.0015 3920 kwkxusb (d0f8ab4cf2b4ff70e2502ecda0c2e2bf) C:\WINDOWS\system32\DRIVERS\kwusb2k.sys

14:44:40.0062 3920 kwkxusb - ok

14:44:40.0093 3920 Lbd - ok

14:44:40.0109 3920 lbrtfdc - ok

14:44:40.0140 3920 MBAMSwissArmy - ok

14:44:40.0218 3920 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

14:44:40.0234 3920 mdmxsdk - ok

14:44:40.0265 3920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

14:44:40.0484 3920 mnmdd - ok

14:44:40.0562 3920 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

14:44:40.0687 3920 Modem - ok

14:44:40.0718 3920 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:44:40.0859 3920 Mouclass - ok

14:44:40.0906 3920 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

14:44:41.0062 3920 mouhid - ok

14:44:41.0078 3920 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

14:44:41.0250 3920 MountMgr - ok

14:44:41.0406 3920 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

14:44:41.0578 3920 mraid35x - ok

14:44:41.0593 3920 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:44:41.0734 3920 MRxDAV - ok

14:44:41.0828 3920 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

14:44:41.0859 3920 MRxSmb - ok

14:44:41.0937 3920 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

14:44:42.0109 3920 Msfs - ok

14:44:42.0171 3920 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:44:42.0437 3920 MSKSSRV - ok

14:44:42.0515 3920 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:44:42.0703 3920 MSPCLOCK - ok

14:44:42.0734 3920 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

14:44:42.0921 3920 MSPQM - ok

14:44:43.0062 3920 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:44:43.0250 3920 mssmbios - ok

14:44:43.0328 3920 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

14:44:43.0546 3920 MSTEE - ok

14:44:43.0625 3920 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

14:44:43.0671 3920 Mup - ok

14:44:43.0734 3920 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

14:44:43.0921 3920 NABTSFEC - ok

14:44:44.0000 3920 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

14:44:44.0187 3920 NDIS - ok

14:44:44.0234 3920 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

14:44:44.0453 3920 NdisIP - ok

14:44:44.0593 3920 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:44:44.0625 3920 NdisTapi - ok

14:44:44.0671 3920 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:44:44.0875 3920 Ndisuio - ok

14:44:44.0937 3920 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:44:45.0125 3920 NdisWan - ok

14:44:45.0187 3920 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

14:44:45.0218 3920 NDProxy - ok

14:44:45.0250 3920 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

14:44:45.0421 3920 NetBIOS - ok

14:44:45.0500 3920 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

14:44:45.0734 3920 NetBT - ok

14:44:45.0812 3920 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

14:44:45.0937 3920 Npfs - ok

14:44:46.0109 3920 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

14:44:46.0265 3920 Ntfs - ok

14:44:46.0359 3920 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

14:44:46.0484 3920 Null - ok

14:44:46.0906 3920 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

14:44:47.0203 3920 nv - ok

14:44:47.0250 3920 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:44:47.0406 3920 NwlnkFlt - ok

14:44:47.0500 3920 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:44:47.0640 3920 NwlnkFwd - ok

14:44:47.0781 3920 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

14:44:47.0796 3920 omci ( UnsignedFile.Multi.Generic ) - warning

14:44:47.0796 3920 omci - detected UnsignedFile.Multi.Generic (1)

14:44:47.0890 3920 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

14:44:48.0031 3920 Parport - ok

14:44:48.0093 3920 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

14:44:48.0281 3920 PartMgr - ok

14:44:48.0328 3920 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

14:44:48.0500 3920 ParVdm - ok

14:44:48.0546 3920 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

14:44:48.0687 3920 PCI - ok

14:44:48.0703 3920 PCIDump - ok

14:44:48.0781 3920 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

14:44:48.0953 3920 PCIIde - ok

14:44:49.0062 3920 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

14:44:49.0218 3920 Pcmcia - ok

14:44:49.0234 3920 PDCOMP - ok

14:44:49.0265 3920 PDFRAME - ok

14:44:49.0281 3920 PDRELI - ok

14:44:49.0296 3920 PDRFRAME - ok

14:44:49.0343 3920 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

14:44:49.0531 3920 perc2 - ok

14:44:49.0625 3920 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

14:44:49.0812 3920 perc2hib - ok

14:44:49.0906 3920 portD (97152b53b88c82564cae86fe16635bdc) C:\WINDOWS\system32\DRIVERS\portd2k.sys

14:44:49.0921 3920 portD ( UnsignedFile.Multi.Generic ) - warning

14:44:49.0921 3920 portD - detected UnsignedFile.Multi.Generic (1)

14:44:49.0984 3920 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:44:50.0171 3920 PptpMiniport - ok

14:44:50.0218 3920 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

14:44:50.0343 3920 PSched - ok

14:44:50.0359 3920 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:44:50.0515 3920 Ptilink - ok

14:44:50.0578 3920 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

14:44:50.0593 3920 PxHelp20 - ok

14:44:50.0734 3920 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

14:44:50.0906 3920 ql1080 - ok

14:44:51.0000 3920 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

14:44:51.0218 3920 Ql10wnt - ok

14:44:51.0265 3920 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

14:44:51.0421 3920 ql12160 - ok

14:44:51.0468 3920 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

14:44:51.0609 3920 ql1240 - ok

14:44:51.0640 3920 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

14:44:51.0796 3920 ql1280 - ok

14:44:51.0828 3920 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:44:52.0000 3920 RasAcd - ok

14:44:52.0046 3920 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:44:52.0234 3920 Rasl2tp - ok

14:44:52.0265 3920 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:44:52.0453 3920 RasPppoe - ok

14:44:52.0484 3920 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

14:44:52.0640 3920 Raspti - ok

14:44:52.0765 3920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:44:52.0921 3920 Rdbss - ok

14:44:52.0984 3920 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:44:53.0515 3920 RDPCDD - ok

14:44:53.0562 3920 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

14:44:53.0765 3920 rdpdr - ok

14:44:53.0890 3920 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

14:44:53.0921 3920 RDPWD - ok

14:44:54.0015 3920 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

14:44:54.0265 3920 redbook - ok

14:44:54.0312 3920 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys

14:44:54.0328 3920 Revoflt - ok

14:44:54.0421 3920 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys

14:44:54.0437 3920 s24trans ( UnsignedFile.Multi.Generic ) - warning

14:44:54.0437 3920 s24trans - detected UnsignedFile.Multi.Generic (1)

14:44:54.0531 3920 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:44:54.0671 3920 Secdrv - ok

14:44:54.0843 3920 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

14:44:55.0031 3920 serenum - ok

14:44:55.0093 3920 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

14:44:55.0281 3920 Serial - ok

14:44:55.0343 3920 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

14:44:55.0562 3920 Sfloppy - ok

14:44:55.0640 3920 Simbad - ok

14:44:55.0703 3920 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

14:44:55.0843 3920 sisagp - ok

14:44:55.0921 3920 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

14:44:56.0046 3920 SLIP - ok

14:44:56.0203 3920 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS

14:44:56.0218 3920 SMNDIS5 ( UnsignedFile.Multi.Generic ) - warning

14:44:56.0218 3920 SMNDIS5 - detected UnsignedFile.Multi.Generic (1)

14:44:56.0234 3920 SoundManager - ok

14:44:56.0281 3920 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

14:44:56.0390 3920 Sparrow - ok

14:44:56.0578 3920 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

14:44:56.0703 3920 splitter - ok

14:44:56.0828 3920 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

14:44:56.0968 3920 sr - ok

14:44:57.0062 3920 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

14:44:57.0093 3920 Srv - ok

14:44:57.0156 3920 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

14:44:57.0171 3920 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning

14:44:57.0171 3920 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)

14:44:57.0265 3920 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

14:44:57.0281 3920 ssmdrv - ok

14:44:57.0312 3920 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

14:44:57.0328 3920 ssrtln ( UnsignedFile.Multi.Generic ) - warning

14:44:57.0328 3920 ssrtln - detected UnsignedFile.Multi.Generic (1)

14:44:57.0515 3920 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys

14:44:57.0546 3920 STAC97 - ok

14:44:57.0656 3920 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

14:44:57.0875 3920 StillCam - ok

14:44:58.0000 3920 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

14:44:58.0156 3920 streamip - ok

14:44:58.0281 3920 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

14:44:58.0437 3920 swenum - ok

14:44:58.0593 3920 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

14:44:58.0765 3920 swmidi - ok

14:44:58.0875 3920 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

14:44:59.0015 3920 symc810 - ok

14:44:59.0125 3920 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

14:44:59.0312 3920 symc8xx - ok

14:44:59.0406 3920 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

14:44:59.0593 3920 sym_hi - ok

14:44:59.0750 3920 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

14:44:59.0968 3920 sym_u3 - ok

14:45:00.0078 3920 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

14:45:00.0265 3920 sysaudio - ok

14:45:00.0437 3920 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:45:00.0531 3920 Tcpip - ok

14:45:00.0625 3920 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

14:45:00.0859 3920 TDPIPE - ok

14:45:00.0890 3920 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

14:45:01.0046 3920 TDTCP - ok

14:45:01.0078 3920 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

14:45:01.0218 3920 TermDD - ok

14:45:01.0328 3920 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys

14:45:01.0343 3920 tfsnboio ( UnsignedFile.Multi.Generic ) - warning

14:45:01.0343 3920 tfsnboio - detected UnsignedFile.Multi.Generic (1)

14:45:01.0421 3920 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys

14:45:01.0437 3920 tfsncofs ( UnsignedFile.Multi.Generic ) - warning

14:45:01.0437 3920 tfsncofs - detected UnsignedFile.Multi.Generic (1)

14:45:01.0500 3920 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys

14:45:01.0515 3920 tfsndrct ( UnsignedFile.Multi.Generic ) - warning

14:45:01.0515 3920 tfsndrct - detected UnsignedFile.Multi.Generic (1)

14:45:01.0578 3920 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys

14:45:01.0593 3920 tfsndres ( UnsignedFile.Multi.Generic ) - warning

14:45:01.0593 3920 tfsndres - detected UnsignedFile.Multi.Generic (1)

14:45:01.0625 3920 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys

14:45:01.0640 3920 tfsnifs ( UnsignedFile.Multi.Generic ) - warning

14:45:01.0640 3920 tfsnifs - detected UnsignedFile.Multi.Generic (1)

14:45:01.0671 3920 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys

14:45:01.0671 3920 tfsnopio ( UnsignedFile.Multi.Generic ) - warning

14:45:01.0671 3920 tfsnopio - detected UnsignedFile.Multi.Generic (1)

14:45:01.0703 3920 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys

14:45:01.0718 3920 tfsnpool ( UnsignedFile.Multi.Generic ) - warning

14:45:01.0718 3920 tfsnpool - detected UnsignedFile.Multi.Generic (1)

14:45:01.0765 3920 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys

14:45:01.0781 3920 tfsnudf ( UnsignedFile.Multi.Generic ) - warning

14:45:01.0781 3920 tfsnudf - detected UnsignedFile.Multi.Generic (1)

14:45:01.0843 3920 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys

14:45:01.0859 3920 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning

14:45:01.0859 3920 tfsnudfa - detected UnsignedFile.Multi.Generic (1)

14:45:01.0968 3920 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

14:45:02.0250 3920 TosIde - ok

14:45:02.0328 3920 Tosrfbd (47bb36a3db94807bc26c280d1ce4a243) C:\WINDOWS\system32\Drivers\tosrfbd.sys

14:45:02.0343 3920 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning

14:45:02.0343 3920 Tosrfbd - detected UnsignedFile.Multi.Generic (1)

14:45:02.0421 3920 Tosrfcom (d185be751021bcf1e5d58566d408314a) C:\WINDOWS\system32\drivers\Tosrfcom.sys

14:45:02.0453 3920 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning

14:45:02.0453 3920 Tosrfcom - detected UnsignedFile.Multi.Generic (1)

14:45:02.0515 3920 Tosrfhid (341612b9758054e5965bcd6ae111b8f9) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

14:45:02.0515 3920 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning

14:45:02.0515 3920 Tosrfhid - detected UnsignedFile.Multi.Generic (1)

14:45:02.0578 3920 Tosrfusb (ddb8a339e57d514768f45d33b11bdb50) C:\WINDOWS\system32\Drivers\tosrfusb.sys

14:45:02.0593 3920 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning

14:45:02.0593 3920 Tosrfusb - detected UnsignedFile.Multi.Generic (1)

14:45:02.0671 3920 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

14:45:02.0812 3920 Udfs - ok

14:45:02.0937 3920 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

14:45:03.0093 3920 ultra - ok

14:45:03.0250 3920 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

14:45:03.0875 3920 Update - ok

14:45:04.0031 3920 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

14:45:04.0281 3920 usbaudio - ok

14:45:04.0390 3920 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

14:45:04.0531 3920 usbccgp - ok

14:45:04.0625 3920 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:45:04.0765 3920 usbehci - ok

14:45:04.0796 3920 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:45:04.0953 3920 usbhub - ok

14:45:05.0078 3920 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

14:45:05.0265 3920 usbohci - ok

14:45:05.0312 3920 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

14:45:05.0484 3920 usbprint - ok

14:45:05.0578 3920 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

14:45:05.0781 3920 usbscan - ok

14:45:05.0843 3920 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:45:06.0015 3920 USBSTOR - ok

14:45:06.0062 3920 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

14:45:06.0187 3920 usbuhci - ok

14:45:06.0234 3920 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

14:45:06.0359 3920 usbvideo - ok

14:45:06.0437 3920 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

14:45:06.0578 3920 VgaSave - ok

14:45:06.0671 3920 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

14:45:06.0828 3920 viaagp - ok

14:45:06.0953 3920 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

14:45:07.0171 3920 ViaIde - ok

14:45:07.0250 3920 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

14:45:07.0437 3920 VolSnap - ok

14:45:07.0718 3920 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys

14:45:07.0953 3920 w29n51 - ok

14:45:08.0093 3920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:45:08.0312 3920 Wanarp - ok

14:45:08.0328 3920 WDICA - ok

14:45:08.0375 3920 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

14:45:08.0500 3920 wdmaud - ok

14:45:08.0609 3920 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

14:45:08.0687 3920 winachsf - ok

14:45:08.0859 3920 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

14:45:09.0031 3920 WS2IFSL - ok

14:45:09.0140 3920 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

14:45:09.0343 3920 WSTCODEC - ok

14:45:09.0421 3920 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:45:09.0453 3920 WudfPf - ok

14:45:09.0562 3920 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:45:09.0625 3920 WudfRd - ok

14:45:09.0703 3920 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

14:45:10.0015 3920 \Device\Harddisk0\DR0 - ok

14:45:10.0015 3920 Boot (0x1200) (59e81e6d8834e319b88ba57edfc3e076) \Device\Harddisk0\DR0\Partition0

14:45:10.0015 3920 \Device\Harddisk0\DR0\Partition0 - ok

14:45:10.0031 3920 ============================================================

14:45:10.0031 3920 Scan finished

14:45:10.0031 3920 ============================================================

14:45:10.0046 1324 Detected object count: 25

14:45:10.0046 1324 Actual detected object count: 25

14:45:31.0203 1324 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0203 1324 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0203 1324 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0203 1324 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0218 1324 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0218 1324 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0218 1324 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0218 1324 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0218 1324 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0218 1324 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0218 1324 ifcprusb ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0218 1324 ifcprusb ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0218 1324 omci ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0218 1324 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0218 1324 portD ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0218 1324 portD ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0218 1324 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0218 1324 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0218 1324 SMNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0218 1324 SMNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0234 1324 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0234 1324 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0234 1324 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0234 1324 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0234 1324 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0234 1324 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0234 1324 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0234 1324 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0234 1324 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0234 1324 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0234 1324 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0234 1324 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0250 1324 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0250 1324 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0250 1324 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0250 1324 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0250 1324 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0250 1324 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0250 1324 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0250 1324 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0250 1324 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0250 1324 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0250 1324 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0250 1324 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0250 1324 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0250 1324 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0250 1324 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0250 1324 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:45:31.0265 1324 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user

14:45:31.0265 1324 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Thanks!

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

Malwarebytes log pasted below. Will send eset log when complete.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8261

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/28/2011 3:15:00 PM

mbam-log-2011-11-28 (15-15-00).txt

Scan type: Quick scan

Objects scanned: 213740

Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\peanut\Local Settings\Application Data\fnq.exe" -a "firefox.exe) Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\peanut\Local Settings\Application Data\fnq.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\peanut\Local Settings\Application Data\fnq.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=25154da2c6e89f469549d20857cd8cb5

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-29 12:57:44

# local_time=2011-11-28 04:57:44 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1792 16777191 100 0 1314115 1314115 0 0

# compatibility_mode=8192 67108863 100 0 4152770 4152770 0 0

# scanned=85384

# found=4

# cleaned=4

# scan_time=4794

C:\Documents and Settings\peanut\Local Settings\Application Data\fnq.exe Win32/Adware.XPAntiSpyware.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\peanut\Local Settings\Application Data\glj.exe a variant of Win32/Kryptik.WEQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\peanut\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\30\488331de-78b49b09 a variant of Win32/Kryptik.WEQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\peanut\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\49\25ceb71-766947c9 a variant of Win32/Kryptik.WDX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8271

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/29/2011 9:33:09 AM

mbam-log-2011-11-29 (09-33-09).txt

Scan type: Quick scan

Objects scanned: 213992

Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

OTL log from the originally infected non-admin user account is pasted below. OTL did not seem to generate an "extras" log.

OTL logfile created on: 11/29/2011 1:06:57 PM - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\peanut\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.44% Memory free

2.58 Gb Paging File | 1.70 Gb Available in Paging File | 65.78% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.81 Gb Total Space | 9.45 Gb Free Space | 16.93% Space Free | Partition Type: NTFS

Computer Name: SPROCKET | User Name: peanut | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\peanut\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll ()

MOD - C:\Program Files\WinRAR\RarExt.dll ()

MOD - C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL ()

========== Win32 Services (SafeList) ==========

========== Driver Services (SafeList) ==========

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2163: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1212: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 06:36:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/24 11:07:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 15:43:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2008/08/28 09:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\peanut\Application Data\Mozilla\Extensions

[2008/08/28 09:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\peanut\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/11/12 10:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\peanut\Application Data\Mozilla\Firefox\Profiles\kv89imqo.default\extensions

[2009/09/06 16:48:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\peanut\Application Data\Mozilla\Firefox\Profiles\kv89imqo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/08 10:16:19 | 000,000,000 | ---D | M] ("ww-plugin") -- C:\Documents and Settings\peanut\Application Data\Mozilla\Firefox\Profiles\kv89imqo.default\extensions\{B1ADF944-DB57-4eaf-A44F-720AAAF427F9}

[2010/08/20 06:31:38 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\peanut\Application Data\Mozilla\Firefox\Profiles\kv89imqo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2011/11/12 15:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/11/12 15:43:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/11/04 19:21:03 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/04 19:21:03 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2011/11/04 19:21:03 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2011/11/04 19:21:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2011/11/04 19:21:03 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/10/11 12:58:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()

O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)

O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)

O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKCU..\Run: [1311663257] C:\Documents and Settings\peanut\Local Settings\Application Data\fgn.exe File not found

O4 - HKCU..\Run: [1774817348] C:\Documents and Settings\peanut\Local Settings\Application Data\fnq.exe File not found

O4 - HKCU..\Run: [2691285598] C:\Documents and Settings\peanut\Local Settings\Application Data\glj.exe File not found

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DnG4amH6sKfLgXY8234A] C:\Documents and Settings\peanut\Application Data\CTZYCwkIVzNAuSi\AV Protection 2011v121.exe File not found

O4 - HKCU..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk = C:\Program Files\MFAX\MFNTCTL.EXE ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0 HD Edition.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)

O4 - Startup: C:\Documents and Settings\peanut\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/53/install/gtdownls.cab (LinkSys Content Update)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78EB8547-DA50-45BC-BDE9-9E5218B9B942}: DhcpNameServer = 68.87.69.150 68.87.85.102

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\peanut\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\peanut\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/11 14:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\peanut\Local Settings\Application Data\fnq.exe" -a "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\peanut\Local Settings\Application Data\fnq.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 12:38:16 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/11/22 10:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peanut\Start Menu\Programs\AV Protection 2011

[2011/11/17 07:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2011/11/12 15:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2011/11/12 11:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peanut\Application Data\Avira

[2011/11/12 11:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira

[2011/11/12 11:35:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2011/11/12 11:35:57 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2011/11/12 11:35:57 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2011/11/12 11:35:57 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys

[2011/11/12 11:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011/11/12 11:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2011/11/11 11:08:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\peanut\Local Settings\Application Data\864ce50c

[2011/11/10 13:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/11/10 13:50:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/11/10 13:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/11/10 13:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peanut\Start Menu\Programs\AV Security 2012

[1 C:\Documents and Settings\peanut\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\peanut\Local Settings\Application Data\*.tmp -> ]

[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/29 12:59:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\peanut\Desktop\OTL.exe

[2011/11/28 20:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/11/28 15:18:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/28 15:17:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/11/28 15:17:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/11/28 15:17:36 | 2138,497,024 | -HS- | M] () -- C:\hiberfil.sys

[2011/11/27 20:11:39 | 000,012,194 | -HS- | M] () -- C:\Documents and Settings\peanut\Local Settings\Application Data\041730n6j756f472t653x1hmb4g0

[2011/11/27 09:14:30 | 000,002,816 | -HS- | M] () -- C:\Documents and Settings\peanut\Local Settings\Application Data\1w15mg3p30e624

[2011/11/26 20:56:19 | 000,013,946 | -HS- | M] () -- C:\Documents and Settings\peanut\Local Settings\Application Data\q54qp10egtn1b47yak1cxuws82656ekrq

[2011/11/21 12:31:20 | 001,850,888 | ---- | M] () -- C:\Documents and Settings\peanut\Desktop\PDXslide2m2ts.mp4

[2011/11/17 07:45:02 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2011/11/16 15:56:26 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\peanut\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/13 11:04:37 | 000,446,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/11/13 11:04:37 | 000,073,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/11/12 15:43:21 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/11/12 11:36:23 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk

[2011/11/11 19:18:18 | 000,013,443 | ---- | M] () -- C:\Documents and Settings\peanut\Desktop\detailReceipt119364.pdf

[2011/11/10 17:20:36 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\peanut\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

[2011/11/10 13:50:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/11/10 07:26:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/11/09 15:09:05 | 000,099,390 | ---- | M] () -- C:\Documents and Settings\peanut\Desktop\girlscompete-540x786.jpg

[2011/11/03 17:57:51 | 000,654,428 | ---- | M] () -- C:\Documents and Settings\peanut\Desktop\GigiGnome.JPG

[2011/11/02 08:43:34 | 000,671,211 | ---- | M] () -- C:\Documents and Settings\peanut\Desktop\SoloGnome.JPG

[2011/11/02 08:41:17 | 000,679,098 | ---- | M] () -- C:\Documents and Settings\peanut\Desktop\CuzGnome.JPG

[2011/11/02 08:40:08 | 000,719,646 | ---- | M] () -- C:\Documents and Settings\peanut\Desktop\HappyVancouverLibrarySmall.JPG

[2011/11/02 08:37:15 | 000,694,451 | ---- | M] () -- C:\Documents and Settings\peanut\Desktop\Spiders.JPG

[2011/11/02 08:36:26 | 000,764,859 | ---- | M] () -- C:\Documents and Settings\peanut\Desktop\GnomeFamily1.JPG

[2011/10/31 16:39:08 | 003,030,331 | ---- | M] () -- C:\Documents and Settings\peanut\Desktop\P1040617.JPG

[2011/10/31 16:35:30 | 003,241,885 | ---- | M] () -- C:\Documents and Settings\peanut\Desktop\P1040567.JPG

[2011/10/31 16:30:20 | 004,245,504 | ---- | M] () -- C:\Documents and Settings\peanut\Desktop\P1040528.JPG

[1 C:\Documents and Settings\peanut\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\peanut\Local Settings\Application Data\*.tmp -> ]

[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 11:43:00 | 000,012,194 | -HS- | C] () -- C:\Documents and Settings\peanut\Local Settings\Application Data\041730n6j756f472t653x1hmb4g0

[2011/11/27 08:52:50 | 000,002,816 | -HS- | C] () -- C:\Documents and Settings\peanut\Local Settings\Application Data\1w15mg3p30e624

[2011/11/25 10:57:38 | 000,013,946 | -HS- | C] () -- C:\Documents and Settings\peanut\Local Settings\Application Data\q54qp10egtn1b47yak1cxuws82656ekrq

[2011/11/21 12:31:18 | 001,850,888 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\PDXslide2m2ts.mp4

[2011/11/17 07:45:02 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2011/11/12 15:43:21 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/11/12 11:36:23 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk

[2011/11/12 11:05:17 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2011/11/11 19:18:16 | 000,013,443 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\detailReceipt119364.pdf

[2011/11/10 13:50:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/11/09 15:09:04 | 000,099,390 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\girlscompete-540x786.jpg

[2011/11/03 17:57:49 | 000,654,428 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\GigiGnome.JPG

[2011/11/02 08:43:32 | 000,671,211 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\SoloGnome.JPG

[2011/11/02 08:42:54 | 003,030,331 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\P1040617.JPG

[2011/11/02 08:41:16 | 000,679,098 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\CuzGnome.JPG

[2011/11/02 08:40:05 | 000,719,646 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\HappyVancouverLibrarySmall.JPG

[2011/11/02 08:37:13 | 000,694,451 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\Spiders.JPG

[2011/11/02 08:36:24 | 000,764,859 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\GnomeFamily1.JPG

[2011/11/02 08:35:42 | 003,241,885 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\P1040567.JPG

[2011/11/02 08:33:01 | 004,245,504 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\P1040528.JPG

[2011/11/02 08:32:45 | 004,391,424 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\P1040458.JPG

[2011/11/02 08:32:45 | 004,180,992 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\P1040457.JPG

[2011/11/02 08:32:45 | 004,085,248 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\P1040459.JPG

[2011/11/02 08:32:30 | 003,664,384 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\P1040460.JPG

[2011/11/02 08:31:59 | 004,098,560 | ---- | C] () -- C:\Documents and Settings\peanut\Desktop\HappyVancouverLibrary.JPG

[2011/10/13 08:40:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/06/19 19:51:48 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2011/06/19 19:51:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2011/06/19 19:51:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2011/06/19 19:51:48 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2011/06/19 19:51:48 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2011/06/19 19:51:48 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2011/06/19 19:51:48 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2011/06/19 19:51:48 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2011/06/19 19:51:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2011/06/19 19:51:48 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2011/06/19 19:51:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2011/06/19 19:51:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2011/06/19 19:51:48 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2011/06/19 19:51:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2011/06/19 19:51:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2011/06/19 19:51:48 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2011/06/19 19:51:48 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2011/06/19 19:51:48 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2011/06/19 19:51:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2010/12/27 09:52:10 | 000,112,984 | ---- | C] () -- C:\WINDOWS\hpoins07.dat

[2010/12/27 09:52:10 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat

[2010/12/24 10:58:58 | 000,206,597 | ---- | C] () -- C:\WINDOWS\hpwins28.dat

[2010/12/24 10:58:57 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat

[2010/12/24 09:21:44 | 000,207,251 | ---- | C] () -- C:\WINDOWS\hpwins28.dat.temp

[2010/12/24 09:21:44 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat.temp

[2010/12/19 13:00:32 | 000,112,527 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp

[2010/12/19 13:00:32 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp

[2010/11/12 11:29:57 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\peanut\Local Settings\Application Data\d3d9caps.dat

[2010/05/02 11:01:30 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010/04/17 16:03:25 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUNEZ1.dll

[2010/03/01 14:49:47 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2007/09/12 23:09:02 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini

[2007/09/12 23:01:44 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini

[2007/07/22 15:09:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\BBUninstall.exe

[2007/06/23 15:40:57 | 000,080,827 | ---- | C] () -- C:\WINDOWS\HPHins08.dat

[2007/06/23 15:40:57 | 000,003,987 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat

[2007/02/27 09:14:53 | 000,000,351 | ---- | C] () -- C:\WINDOWS\fpexplor.INI

[2007/02/27 09:12:32 | 000,000,429 | ---- | C] () -- C:\WINDOWS\frontpg.ini

[2006/08/25 13:10:01 | 000,008,914 | R--- | C] () -- C:\WINDOWS\System32\drivers\Lssrx4.bin

[2006/08/17 13:52:20 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/06/01 14:10:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2006/06/01 14:07:44 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe

[2006/06/01 14:06:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2006/05/11 09:12:19 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\peanut\Application Data\Jorge Ortega3.bmp

[2005/09/28 16:08:27 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini

[2005/09/07 08:43:01 | 000,038,464 | ---- | C] () -- C:\Documents and Settings\peanut\Application Data\Tab Separated Values (Windows).ADR

[2005/08/29 10:14:36 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005/08/15 14:52:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll

[2005/08/15 14:31:37 | 000,000,084 | ---- | C] () -- C:\WINDOWS\MFPD.INI

[2005/08/08 07:53:03 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\peanut\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/08/01 20:29:28 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe

[2005/07/26 15:35:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/07/21 09:58:17 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll

[2005/07/21 09:58:16 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat

[2005/07/21 09:58:16 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2005/07/21 09:44:15 | 000,106,047 | ---- | C] () -- C:\WINDOWS\System32\NWNETAPI.DLL

[2005/07/21 09:44:15 | 000,035,308 | ---- | C] () -- C:\WINDOWS\System32\NWIPXSPX.DLL

[2005/07/11 14:38:08 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2005/07/11 14:38:00 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe

[2005/07/11 14:37:20 | 000,006,519 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2005/07/02 05:15:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/07/02 05:12:38 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/07/02 05:11:15 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

[2005/07/02 04:52:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll

[2005/07/02 04:51:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe

[2005/07/02 04:51:20 | 000,000,371 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/12/03 05:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2004/09/23 00:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2004/09/15 20:57:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/12 05:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll

[2004/08/11 14:24:19 | 000,000,883 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/11 14:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/11 14:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/11 14:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/11 14:06:43 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/11 14:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/11 14:00:28 | 000,446,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/11 14:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/11 14:00:28 | 000,073,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/11 14:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/11 14:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/11 14:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/11 14:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/11 14:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/11 14:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/11 14:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/11 14:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/07/21 07:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004/01/16 04:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

[2003/07/30 05:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll

[2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/06/28 12:20:54 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat

[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2005/07/11 13:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA1A6.tmp

[2010/04/17 16:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTIReg

[2011/06/19 20:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic

[2008/05/21 10:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2011/10/13 17:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/04/29 09:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peanut\Application Data\avidemux

[2011/07/15 12:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peanut\Application Data\Image Zone Express

[2005/08/15 14:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peanut\Application Data\InterTrust

[2005/07/12 05:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peanut\Application Data\Leadertech

[2009/03/11 12:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peanut\Application Data\OfficeUpdate12

[2006/05/11 09:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peanut\Application Data\QPM Folder

[2006/04/10 14:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peanut\Application Data\Smith Micro

[2005/08/01 20:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peanut\Application Data\Thunderbird

[2008/05/21 12:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peanut\Application Data\TmpRecentIcons

[2009/03/11 11:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peanut\Application Data\Windows Search

[2007/11/08 16:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peanut\Application Data\ZipGenius

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Documents\vid1.mpg:SummaryInformation

< End of report >

Link to post
Share on other sites

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\peanut\Local Settings\Application Data\fnq.exe" -a "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\peanut\Local Settings\Application Data\fnq.exe" -a "%1" %*
[2011/11/22 10:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peanut\Start Menu\Programs\AV Protection 2011
[2011/11/11 11:08:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\peanut\Local Settings\Application Data\864ce50c
[2011/11/10 13:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peanut\Start Menu\Programs\AV Security 2012
[2011/11/27 20:11:39 | 000,012,194 | -HS- | M] () -- C:\Documents and Settings\peanut\Local Settings\Application Data\041730n6j756f472t653x1hmb4g0
[2011/11/27 09:14:30 | 000,002,816 | -HS- | M] () -- C:\Documents and Settings\peanut\Local Settings\Application Data\1w15mg3p30e624
[2011/11/26 20:56:19 | 000,013,946 | -HS- | M] () -- C:\Documents and Settings\peanut\Local Settings\Application Data\q54qp10egtn1b47yak1cxuws82656ekrq

:files
C:\Documents and Settings\peanut\Local Settings\Application Data\fnq.exe

:Commands
[emptytemp]
[clearallrestorepoints]
[createrestorepoint]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

OTL required a reboot and produced the log pasted below.

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.

File "C:\Documents and Settings\peanut\Local Settings\Application Data\fnq.exe" -a "%1" %* not found.

Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ deleted successfully.

Unable to set value : HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E!

C:\Documents and Settings\peanut\Start Menu\Programs\AV Protection 2011 folder moved successfully.

C:\Documents and Settings\peanut\Local Settings\Application Data\864ce50c\U folder moved successfully.

C:\Documents and Settings\peanut\Local Settings\Application Data\864ce50c folder moved successfully.

C:\Documents and Settings\peanut\Start Menu\Programs\AV Security 2012 folder moved successfully.

C:\Documents and Settings\peanut\Local Settings\Application Data\041730n6j756f472t653x1hmb4g0 moved successfully.

C:\Documents and Settings\peanut\Local Settings\Application Data\1w15mg3p30e624 moved successfully.

C:\Documents and Settings\peanut\Local Settings\Application Data\q54qp10egtn1b47yak1cxuws82656ekrq moved successfully.

========== FILES ==========

File\Folder C:\Documents and Settings\peanut\Local Settings\Application Data\fnq.exe not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Copy of peanut

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: DTGDaily

User: Guest

User: LocalService

User: NetworkService

User: peanut

->Temp folder emptied: 924682 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 23206595 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 235252 bytes

RecycleBin emptied: 771660 bytes

Total Files Cleaned = 24.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 11292011_135601

Files\Folders moved on Reboot...

File move failed. C:\WINDOWS\temp\hppldcoi.log scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\hpqddsvc.log scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\HPSLPSVC0000.log scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\HPSLPSVC0001.log scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\HPSLPSVC0025.log scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\Perflib_Perfdata_14c.dat scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\Perflib_Perfdata_c70.dat scheduled to be moved on reboot.

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_f80.dat not found!

File move failed. C:\WINDOWS\temp\WGAErrLog.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8271

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/29/2011 4:44:11 PM

mbam-log-2011-11-29 (16-44-11).txt

Scan type: Quick scan

Objects scanned: 137464

Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DnG4amH6sKfLgXY8234A (Trojan.FakeAlert.CLGen) -> Value: DnG4amH6sKfLgXY8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2691285598 (Trojan.FakeAlert) -> Value: 2691285598 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1311663257 (Trojan.FakeAlert) -> Value: 1311663257 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1774817348 (Trojan.FakeAlert) -> Value: 1774817348 -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.