Jump to content

Recommended Posts

I have run MBAM after updating several times over the last week. For some reason, this isn't solving my issue. It appeared to start as the Cloud AV 2012 virus and removed it, but now I'm getting the "Malwarebytes' Anti-Malware Successfully blocked access to a potentially malicious website... Type:outgoing" and pops up about every 2 seconds with another IP address listed.

I downloaded DDS.scr, but my computer doesn't recognize the .scr file extension. I changed the filename to DDS.exe and it appears to start running, but stalls out in process. Please help, Thanks.

I have run MBAM after updating several times over the last week. For some reason, this isn't solving my issue. It appeared to start as the Cloud AV 2012 virus and removed it, but now I'm getting the "Malwarebytes' Anti-Malware Successfully blocked access to a potentially malicious website... Type:outgoing" and pops up about every 2 seconds with another IP address listed.

I downloaded DDS.scr, but my computer doesn't recognize the .scr file extension. I changed the filename to DDS.exe and it appears to start running, but stalls out in process. Please help, Thanks.

So, I downloaded and ran OTL.exe successfully, logs are as follows:

OTL logfile created on: 12/3/2011 4:14:37 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator.FUELSYSTEMSINC\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 83.10% Memory free

5.33 Gb Paging File | 4.95 Gb Available in Paging File | 92.75% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.41 Gb Total Space | 23.54 Gb Free Space | 31.63% Space Free | Partition Type: NTFS

Computer Name: CRP104 | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/03 16:01:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\My Documents\Downloads\OTL.exe

PRC - [2008/06/18 14:29:05 | 002,479,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

PRC - [2008/06/18 14:29:05 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

PRC - [2008/06/18 14:29:05 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll

MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)

SRV - File not found [Auto | Stopped] -- -- (ASKUpgrade)

SRV - File not found [Auto | Stopped] -- -- (ASKService)

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2008/07/10 05:03:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/06/18 14:29:05 | 002,479,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

SRV - [2008/06/18 14:29:05 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)

SRV - [2008/06/18 14:29:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2008/06/18 14:29:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2008/06/18 14:29:04 | 002,240,944 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2008/04/28 15:29:09 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)

SRV - [2008/04/15 05:18:30 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2007/12/05 18:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)

SRV - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)

SRV - [2007/10/26 13:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2007/09/13 14:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)

SRV - [2007/09/07 17:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)

SRV - [2007/08/31 17:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)

SRV - [2007/08/11 19:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

SRV - [2007/05/14 14:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)

SRV - [2007/02/11 21:15:08 | 000,902,760 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)

SRV - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)

SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2005/07/26 15:02:40 | 000,287,824 | ---- | M] (Funk Software, Inc.) [Auto | Stopped] -- C:\Program Files\Funk Software\Proxy Host\ph32svc.exe -- (ProxyHostService)

SRV - [2005/06/12 04:30:00 | 000,057,344 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)

========== Driver Services (SafeList) ==========

DRV - [2011/11/25 07:53:07 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/08/18 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111015.005\NAVEX15.SYS -- (NAVEX15)

DRV - [2011/08/18 03:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2011/08/18 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111015.005\NAVENG.SYS -- (NAVENG)

DRV - [2011/08/11 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2008/07/09 09:51:43 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2008/07/09 09:51:43 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2008/06/25 23:06:22 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2008/06/18 14:29:05 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2008/06/18 14:29:05 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)

DRV - [2008/06/18 14:29:05 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2008/06/18 14:29:03 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2007/12/05 18:24:44 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2007/11/28 17:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)

DRV - [2007/10/26 13:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007/09/10 09:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)

DRV - [2007/09/07 09:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)

DRV - [2007/09/06 09:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)

DRV - [2007/08/12 19:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®

DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2007/04/26 15:29:30 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)

DRV - [2007/04/26 15:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2007/04/26 15:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2007/04/26 15:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2007/04/26 15:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)

DRV - [2007/04/26 15:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)

DRV - [2007/04/26 15:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2007/04/26 15:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)

DRV - [2007/04/15 22:49:08 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/03/18 16:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/12/19 14:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)

DRV - [2006/11/02 12:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)

DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)

DRV - [2005/07/26 15:04:18 | 000,060,944 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\phw2ksys.sys -- (ProxyHostDriver)

DRV - [2005/07/26 15:04:16 | 000,011,408 | ---- | M] (Funk Software, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\phmmini.sys -- (ProxyHostMirrorDisplay)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

IE - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

IE - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: RAWThumbnailViewer@arcsoft.com.cn:2.0.0.11

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2009/12/12 13:12:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2009/12/12 13:13:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/10 04:02:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 19:59:49 | 000,000,000 | ---D | M]

[2011/08/05 16:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Mozilla\Extensions

[2011/12/03 15:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Mozilla\Firefox\Profiles\tmjw82br.default\extensions

[2011/11/28 20:02:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Mozilla\Firefox\Profiles\tmjw82br.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/06/23 19:53:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009/12/12 13:12:05 | 000,000,000 | ---D | M] ("RAW Thumbnail Viewer") -- C:\PROGRAM FILES\ARCSOFT\RAW THUMBNAIL VIEWER\FIREFOX EXTENSION

[2009/04/06 16:39:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/11/25 07:53:57 | 000,001,392 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 217.23.4.166 www.google-analytics.com.

O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.

O1 - Hosts: 217.23.4.166 www.statcounter.com.

O1 - Hosts: 178.250.45.15 www.google-analytics.com.

O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.

O1 - Hosts: 178.250.45.15 www.statcounter.com.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)

O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)

O3 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)

O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)

O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)

O4 - HKLM..\Run: [Client Access PC5250 Sound] C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe (IBM Corporation)

O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [ProxyHostTrayIcon] C:\Program Files\Funk Software\Proxy Host\phtray.exe (Funk Software, Inc.)

O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)

O4 - HKLM..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)

O4 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fuelsystemsinc.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73AF0BD8-1B01-4B4F-B079-B57563F32980}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found

O20 - Winlogon\Notify\gemsafe: DllName - (C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll) - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 23:01:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\dds.exe

[2011/11/28 19:27:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2011/11/28 19:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\My Documents\Downloads

[2011/11/28 17:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sprint

[2011/11/27 22:35:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Recent

[2011/11/25 12:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\K3ppG5JdK8RZhXU

[2011/11/25 12:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\e00cc1iD3oG

[2011/11/25 08:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Start Menu\Programs\System Fix

[2011/11/25 08:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\GppmG5aQJdKfR

[2011/11/25 08:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\DYCwkIIrrOtx0S

[2011/11/25 08:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\XGG5sQJ7K8

[2011/11/25 08:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\oekIBrzzNyx

[2011/11/25 07:54:10 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acpi.sys

[2011/11/25 07:53:07 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys

[2011/11/25 03:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/11/25 03:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/11/25 03:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/11/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\LP

[2011/11/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\k33ppnG5aQJ6WK

[2011/11/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\EhTTXXwjUV

[2011/11/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\18243

[2011/11/25 03:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\VCCeekIBr

[2011/11/25 03:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\ZxxxA00uv

[2011/11/25 01:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\FileOpen

[2011/11/24 23:19:00 | 000,000,000 | ---D | C] -- C:\MGtools

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/03 16:09:09 | 000,002,148 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/12/03 16:08:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/12/03 15:39:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/03 15:24:07 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk

[2011/12/03 15:23:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Local Settings\Application Data\WavXMapDrive.bat

[2011/12/03 15:23:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/03 11:30:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/12/01 21:38:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\dds.exe

[2011/11/28 20:28:35 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/11/25 12:41:42 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/11/25 08:38:45 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mRp8AvryQOJUQY

[2011/11/25 07:53:57 | 000,001,392 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/11/25 07:53:07 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys

[2011/11/13 12:33:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/11/09 08:48:51 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/28 19:58:37 | 000,002,148 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/28 19:18:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/11/28 17:37:58 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2011/11/28 17:37:58 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Use Inventor Simulation Suite 2008 License.lnk

[2011/11/28 17:37:58 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/11/28 17:37:58 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/11/28 17:37:50 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk

[2011/11/28 17:37:50 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

[2011/11/28 17:37:50 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

[2011/11/28 17:37:50 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

[2011/11/28 17:37:45 | 000,002,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk

[2011/11/28 17:37:45 | 000,002,489 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk

[2011/11/28 17:37:45 | 000,002,487 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk

[2011/11/28 17:37:45 | 000,002,475 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk

[2011/11/28 17:37:45 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Project.lnk

[2011/11/28 17:37:45 | 000,002,413 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 8 Standard.lnk

[2011/11/28 17:37:45 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visio.lnk

[2011/11/28 17:37:45 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 8.lnk

[2011/11/28 17:37:45 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk

[2011/11/28 17:37:45 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk

[2011/11/28 17:37:45 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk

[2011/11/28 17:37:45 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk

[2011/11/28 17:37:45 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk

[2011/11/28 17:37:45 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk

[2011/11/28 17:37:45 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk

[2011/11/25 12:41:42 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/11/25 08:38:01 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mRp8AvryQOJUQY

[2009/12/01 17:27:44 | 000,019,500 | ---- | C] () -- C:\WINDOWS\hpqins13.dat

[2009/09/29 21:01:17 | 000,054,356 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/06/25 12:22:17 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2009/06/25 12:22:03 | 000,000,160 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2009/06/25 12:21:47 | 000,000,687 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2009/06/25 12:19:27 | 000,110,416 | ---- | C] () -- C:\WINDOWS\hpoins11.dat

[2009/06/25 12:18:50 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat

[2009/06/23 19:55:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/04/07 15:53:18 | 001,340,394 | ---- | C] () -- C:\Program Files\MGtools.exe

[2009/03/24 10:42:26 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/03/17 10:06:02 | 000,625,357 | ---- | C] () -- C:\WINDOWS\System32\a27b525.dll

[2008/09/04 13:00:16 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys

[2008/05/20 16:07:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\00104run.ini

[2008/05/12 14:26:19 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\IGTSNMP.DLL

[2008/04/28 15:29:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI

[2008/04/14 12:36:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/04/14 11:25:19 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys

[2008/04/14 11:24:47 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe

[2008/04/14 11:24:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll

[2008/04/14 11:24:43 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll

[2008/04/14 11:24:42 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll

[2008/04/14 11:24:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll

[2008/04/14 11:24:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll

[2008/04/14 11:24:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll

[2008/04/14 11:24:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll

[2008/04/14 11:24:42 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll

[2008/04/14 06:01:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Local Settings\Application Data\WavXMapDrive.bat

[2008/04/01 11:25:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/04/01 11:24:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI

[2008/04/01 11:23:14 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2008/04/01 11:23:13 | 000,000,118 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/04/01 11:12:24 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll

[2008/04/01 11:09:49 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll

[2008/04/01 11:09:49 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll

[2008/04/01 10:43:28 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2008/04/01 10:43:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll

[2008/04/01 10:43:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2008/04/01 10:42:10 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/01/09 14:01:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe

[2008/01/09 14:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2007/10/26 13:28:18 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll

[2007/10/26 13:28:04 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

[2007/09/13 14:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll

[2007/09/13 14:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll

[2007/09/13 14:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll

[2007/09/13 14:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll

[2007/09/13 14:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll

[2007/09/13 14:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll

[2007/09/13 14:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll

[2007/09/13 14:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll

[2007/09/13 14:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll

[2007/09/13 14:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll

[2007/09/13 14:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll

[2007/09/13 14:32:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\CacheFP.exe

[2007/09/12 15:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll

[2007/09/12 15:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll

[2007/09/12 15:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll

[2007/09/12 15:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll

[2007/09/12 15:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll

[2007/09/12 15:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll

[2007/09/12 15:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll

[2007/09/12 15:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll

[2007/09/12 15:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll

[2007/09/12 15:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll

[2007/09/10 09:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll

[2007/06/15 10:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll

[2006/11/07 05:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2006/08/14 11:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll

[2006/06/12 08:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll

[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2005/07/26 15:04:18 | 000,060,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\phw2ksys.sys

[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2004/09/10 13:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll

[2004/09/10 13:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll

[2004/08/11 18:24:19 | 000,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[2000/02/24 04:03:04 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL

< End of report >

OTL Extras logfile created on: 12/3/2011 4:14:37 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator.FUELSYSTEMSINC\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 83.10% Memory free

5.33 Gb Paging File | 4.95 Gb Available in Paging File | 92.75% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.41 Gb Total Space | 23.54 Gb Free Space | 31.63% Space Free | Partition Type: NTFS

Computer Name: CRP104 | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"1505:UDP" = 1505:UDP:*:Enabled:Proxy

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)

"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)

"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)

"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

"C:\Program Files\Funk Software\Proxy Host\Phost.exe" = C:\Program Files\Funk Software\Proxy Host\Phost.exe:*:Enabled:Proxy Host Control Panel -- (Funk Software, Inc.)

"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)

"C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)

"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

"C:\Program Files\Wave Systems Corp\Security Wizards\bin\Secure 8021x.exe" = C:\Program Files\Wave Systems Corp\Security Wizards\bin\Secure 8021x.exe:LocalSubNet:Enabled:802.1x Authentication Setup Wizard -- (Wave Systems Corp.)

"C:\Documents and Settings\jpursell\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe" = C:\Documents and Settings\jpursell\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)

"C:\Documents and Settings\jpursell\Local Settings\Temp\hp_webrelease\setup\hponicifs01.exe" = C:\Documents and Settings\jpursell\Local Settings\Temp\hp_webrelease\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)

"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:Smc -- (Symantec Corporation)

"C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card

"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO

"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software

"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{271C6608-69FD-4D6E-933C-4C08742AA33C}" = ArcSoft Print Creations

"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications

"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView 2007

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000

"{2E2966EA-2169-4E42-8A8A-CC1749D80088}" = Symantec Endpoint Protection

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{363188E4-1A27-4DE6-BA48-823D2E205385}" = ArcSoft Scan-n-Stitch Deluxe

"{37530151-56A6-4CE4-9F9F-CE1F5A1356C6}" = ArcSoft Panorama Maker 4

"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager

"{3CDB180B-FF76-4371-9090-FCE5B9029677}" = FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader®

"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2

"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell

"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1

"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics

"{5023B3E9-6B73-471E-8BD9-DA4442AE357C}" = ArcSoft Print Creations - Quick Photo Book

"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite

"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup

"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)

"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5783F2D7-6015-0409-0002-0060B0CE6BBA}" = Autodesk Mechanical Desktop 2008

"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator

"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit

"{6F411DB4-EC41-482B-AD46-384957928F69}" = AOEMView 2008

"{7F4DD591-1200-0409-0000-7107D70F3DB4}" = Autodesk Inventor Simulation Suite 2008

"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg

"{82FAC25D-D0E1-4D60-9268-F3DD958BF052}" = ArcSoft RAW Thumbnail Viewer

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90510409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 SR-1 [English]

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse

"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch

"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints

"{9AA9C66D-CCC0-4228-98C8-DD6F295D4F52}" = Proxy Host

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems

"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari

"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook

"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{C867F57B-39C1-4341-A164-F569839BCCBF}" = Cards

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{C8B44566-839A-459C-A73D-49764CE216CC}" = ArcSoft Video Downloader

"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs

"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}" = ArcSoft Photo Book Screen Saver

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page

"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install

"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards

"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer

"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center

"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto

"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool

"{FACF203E-0F4D-489A-B80C-D185253C8FCB}" = Autodesk Design Review 2008

"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack

"ActiveTouchMeetingClient" = WebEx

"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.0 Standard

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Amazon Kindle" = Amazon Kindle

"AOEMView 2008" = AOEMView 2008

"Ask Toolbar_is1" = Vuze Toolbar

"Autodesk Mechanical Desktop 2008" = Autodesk Mechanical Desktop 2008

"AXIS Media Control Embedded" = AXIS Media Control Embedded

"ClientAccessExpress" = IBM iSeries Access for Windows

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Officejet 5600 series_Driver" = HP Officejet 5600 series

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"ieSpell" = ieSpell

"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software

"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager

"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite

"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup

"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update

"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin

"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards

"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center

"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"ProInst" = Intel® PROSet/Wireless Software

"SearchAssist" = SearchAssist

"Vuze" = Vuze

"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 12/3/2011 11:33:46 AM | Computer Name = CRP104 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0

Description =

Error - 12/3/2011 11:34:47 AM | Computer Name = CRP104 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0

Description =

Error - 12/3/2011 1:37:11 PM | Computer Name = CRP104 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 12/3/2011 1:37:12 PM | Computer Name = CRP104 | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for local system failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.

Error - 12/3/2011 1:37:22 PM | Computer Name = CRP104 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 12/3/2011 4:22:53 PM | Computer Name = CRP104 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 12/3/2011 4:22:54 PM | Computer Name = CRP104 | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for local system failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.

Error - 12/3/2011 4:23:03 PM | Computer Name = CRP104 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 12/3/2011 5:08:55 PM | Computer Name = CRP104 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 12/3/2011 5:09:03 PM | Computer Name = CRP104 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

[ System Events ]

Error - 12/3/2011 5:09:11 PM | Computer Name = CRP104 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service LiveUpdate

with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 12/3/2011 5:09:12 PM | Computer Name = CRP104 | Source = DCOM | ID = 10005

Description = DCOM got error "%1053" attempting to start the service Symantec AntiVirus

with arguments "" in order to run the server: {5CEC0E13-CF22-414C-8D67-D44B06420FC1}

Error - 12/3/2011 5:09:12 PM | Computer Name = CRP104 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service LiveUpdate

with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 12/3/2011 5:09:13 PM | Computer Name = CRP104 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service LiveUpdate

with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 12/3/2011 5:09:14 PM | Computer Name = CRP104 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service LiveUpdate

with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 12/3/2011 5:09:24 PM | Computer Name = CRP104 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/3/2011 5:10:24 PM | Computer Name = CRP104 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Symantec Endpoint Protection

service to connect.

Error - 12/3/2011 5:10:24 PM | Computer Name = CRP104 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

APPDRV eeCtrl Fips intelppm ProxyHostDriver ProxyHostMirrorDisplay SRTSP SRTSPX Tosrfcom

Error - 12/3/2011 5:10:24 PM | Computer Name = CRP104 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Symantec Endpoint Protection

service to connect.

Error - 12/3/2011 5:10:24 PM | Computer Name = CRP104 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Symantec Endpoint Protection

service to connect.

< End of report >

Link to post
Share on other sites

Welcome to the forum.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Welcome to the forum.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Combofix froze after about 1 hour, and I let it run for a total of 2 more hours and still no further progress.

Could not disable Symantec Endpoint Protection - "Enable File System Auto-Protect" appears to be locked (Grayed out).

I did a hard restart.

Before Combofix, I Symantec would not operate at all, but now it does. After Combofix, it found 6 risks, and cleaned them.

Risk/Filename

Bloodhound.MalPE/wftchmssoh.exe

Bloodhound.MalPE/dwme.exe

Bloodhound.MalPE/mrp8avryqojuqy.exe

Bloodhound.MalPE/lvvm.exe

Bloodhound.MalPE/CB626.exe

Trojan.Gen/APQ1AE.tmp

Re-ran Maywarebytes Quick Scan and nothing found.

Should I re-run Combofix?

Link to post
Share on other sites

Yes, here's how to disable it:

http://www.bleepingcomputer.com/forums/topic114351.html

SYMANTEC ENDPOINT PROTECTION

Right click on the icon in the taskbar notification area & select "Disable Symantec EndPoint Protection".

If it still freezes try it in safe mode.

-----------------------

If no luck....please do this:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Still can't disable Symantec, there seems to be some admin lock. Tried to run combo-fix again in safe mode, but no luck. Freezes after about 5 min still.

OTL logfile created on: 12/5/2011 10:49:55 PM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 74.46% Memory free

5.33 Gb Paging File | 4.65 Gb Available in Paging File | 87.35% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.41 Gb Total Space | 19.59 Gb Free Space | 26.32% Space Free | Partition Type: NTFS

Computer Name: CRP104 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/05 22:17:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\OTL.exe

PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/06/26 01:45:56 | 000,256,000 | R--- | M] () -- C:\acegi.exe\pev.3XE

PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2008/10/14 20:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

PRC - [2008/09/05 23:29:58 | 000,917,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe

PRC - [2008/06/18 14:29:05 | 002,479,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

PRC - [2008/06/18 14:29:05 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

PRC - [2008/06/18 14:29:05 | 000,349,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe

PRC - [2008/06/18 14:29:05 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2008/06/18 14:29:05 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2008/06/18 14:29:04 | 002,240,944 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/12/05 18:24:46 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe

PRC - [2007/12/05 18:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe

PRC - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

PRC - [2007/10/26 13:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2007/09/14 10:53:16 | 000,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

PRC - [2007/09/10 09:55:04 | 000,092,160 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2007/05/14 14:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

PRC - [2007/04/15 22:49:16 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe

PRC - [2007/04/15 22:49:08 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe

PRC - [2007/04/15 22:49:08 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe

PRC - [2007/04/15 22:49:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe

PRC - [2007/01/11 20:43:46 | 002,150,400 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

PRC - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

PRC - [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe

PRC - [2006/08/17 09:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

PRC - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2005/07/26 15:02:44 | 000,230,480 | ---- | M] (Funk Software, Inc.) -- C:\Program Files\Funk Software\Proxy Host\PhTray.exe

PRC - [2005/07/26 15:02:40 | 000,287,824 | ---- | M] (Funk Software, Inc.) -- C:\Program Files\Funk Software\Proxy Host\Ph32Svc.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/17 21:08:45 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2007/10/26 13:28:18 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll

MOD - [2007/09/10 09:53:26 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll

MOD - [2007/08/11 19:05:27 | 000,169,304 | ---- | M] () -- C:\Program Files\Symantec\LiveUpdate\UNRAR.DLL

MOD - [2007/07/25 16:25:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll

MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL

MOD - [2005/07/22 21:30:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll

MOD - [2004/07/20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)

SRV - File not found [Auto | Stopped] -- -- (ASKUpgrade)

SRV - File not found [Auto | Stopped] -- -- (ASKService)

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/06/26 01:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\acegi.exe\pev.3XE -- (PEVSystemStart)

SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2008/07/10 05:03:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/06/18 14:29:05 | 002,479,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

SRV - [2008/06/18 14:29:05 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)

SRV - [2008/06/18 14:29:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2008/06/18 14:29:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2008/06/18 14:29:04 | 002,240,944 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2008/04/28 15:29:09 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)

SRV - [2008/04/15 05:18:30 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2007/12/05 18:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)

SRV - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)

SRV - [2007/10/26 13:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2007/09/13 14:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)

SRV - [2007/09/07 17:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)

SRV - [2007/08/31 17:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)

SRV - [2007/08/11 19:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

SRV - [2007/05/14 14:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)

SRV - [2007/02/11 21:15:08 | 000,902,760 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)

SRV - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)

SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2005/07/26 15:02:40 | 000,287,824 | ---- | M] (Funk Software, Inc.) [Auto | Running] -- C:\Program Files\Funk Software\Proxy Host\ph32svc.exe -- (ProxyHostService)

SRV - [2005/06/12 04:30:00 | 000,057,344 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)

========== Driver Services (SafeList) ==========

DRV - [2011/11/25 07:53:07 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)

DRV - [2011/11/15 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2011/11/15 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/08/18 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111205.003\NAVEX15.SYS -- (NAVEX15)

DRV - [2011/08/18 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111205.003\NAVENG.SYS -- (NAVENG)

DRV - [2008/07/09 09:51:43 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2008/07/09 09:51:43 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2008/06/25 23:06:22 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2008/06/18 14:29:05 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2008/06/18 14:29:05 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)

DRV - [2008/06/18 14:29:05 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2008/06/18 14:29:03 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)

DRV - [2007/12/05 18:24:44 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2007/11/28 17:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)

DRV - [2007/10/26 13:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007/09/10 09:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)

DRV - [2007/09/07 09:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)

DRV - [2007/09/06 09:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)

DRV - [2007/08/12 19:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®

DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2007/04/26 15:29:30 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)

DRV - [2007/04/26 15:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2007/04/26 15:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2007/04/26 15:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2007/04/26 15:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)

DRV - [2007/04/26 15:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)

DRV - [2007/04/26 15:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2007/04/26 15:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)

DRV - [2007/04/15 22:49:08 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/03/18 16:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/12/19 14:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)

DRV - [2006/11/02 12:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)

DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)

DRV - [2005/07/26 15:04:18 | 000,060,944 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\phw2ksys.sys -- (ProxyHostDriver)

DRV - [2005/07/26 15:04:16 | 000,011,408 | ---- | M] (Funk Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\phmmini.sys -- (ProxyHostMirrorDisplay)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

IE - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

IE - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: RAWThumbnailViewer@arcsoft.com.cn:2.0.0.11

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2009/12/12 13:12:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2009/12/12 13:13:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/04 18:16:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/04 18:16:11 | 000,000,000 | ---D | M]

[2011/08/05 16:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Mozilla\Extensions

[2011/12/04 16:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Mozilla\Firefox\Profiles\tmjw82br.default\extensions

[2011/11/28 20:02:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Mozilla\Firefox\Profiles\tmjw82br.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/12/04 18:16:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/25 07:53:57 | 000,001,392 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 217.23.4.166 www.google-analytics.com.

O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.

O1 - Hosts: 217.23.4.166 www.statcounter.com.

O1 - Hosts: 178.250.45.15 www.google-analytics.com.

O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.

O1 - Hosts: 178.250.45.15 www.statcounter.com.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)

O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)

O3 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)

O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)

O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)

O4 - HKLM..\Run: [Client Access PC5250 Sound] C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe (IBM Corporation)

O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [ProxyHostTrayIcon] C:\Program Files\Funk Software\Proxy Host\phtray.exe (Funk Software, Inc.)

O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)

O4 - HKLM..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)

O4 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O7 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fuelsystemsinc.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73AF0BD8-1B01-4B4F-B079-B57563F32980}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found

O20 - Winlogon\Notify\gemsafe: DllName - (C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll) - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/05 22:29:10 | 000,000,000 | --SD | C] -- C:\acegi.exe

[2011/12/05 22:16:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\OTL.exe

[2011/12/04 23:58:12 | 004,329,111 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\acegi.exe.exe

[2011/12/04 11:57:31 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/12/04 11:51:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/12/04 11:51:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/12/04 11:51:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/12/04 11:13:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/12/04 11:07:50 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/12/01 23:01:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\dds.exe

[2011/11/28 19:27:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2011/11/28 19:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\My Documents\Downloads

[2011/11/28 17:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sprint

[2011/11/27 22:35:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Recent

[2011/11/25 12:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\K3ppG5JdK8RZhXU

[2011/11/25 12:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\e00cc1iD3oG

[2011/11/25 08:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Start Menu\Programs\System Fix

[2011/11/25 08:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\GppmG5aQJdKfR

[2011/11/25 08:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\DYCwkIIrrOtx0S

[2011/11/25 08:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\XGG5sQJ7K8

[2011/11/25 08:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\oekIBrzzNyx

[2011/11/25 07:53:07 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys

[2011/11/25 03:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/11/25 03:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/11/25 03:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/11/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\LP

[2011/11/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\k33ppnG5aQJ6WK

[2011/11/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\EhTTXXwjUV

[2011/11/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\18243

[2011/11/25 03:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\VCCeekIBr

[2011/11/25 03:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\ZxxxA00uv

[2011/11/25 01:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\FileOpen

[2011/11/24 23:19:00 | 000,000,000 | ---D | C] -- C:\MGtools

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/05 22:50:54 | 000,002,148 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/12/05 22:49:30 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk

[2011/12/05 22:49:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Local Settings\Application Data\WavXMapDrive.bat

[2011/12/05 22:48:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/05 22:47:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/12/05 22:47:46 | 3747,577,856 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/05 22:17:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\OTL.exe

[2011/12/05 18:10:16 | 004,329,111 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\acegi.exe.exe

[2011/12/05 17:39:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/04 23:18:43 | 000,070,480 | ---- | M] () -- C:\MGlogs.zip

[2011/12/04 18:16:18 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/12/04 18:16:18 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/12/04 11:57:49 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/12/04 10:57:37 | 000,981,658 | ---- | M] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\A guide and tutorial on usi...pdf

[2011/12/03 11:30:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/12/01 21:38:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\dds.exe

[2011/11/28 20:28:35 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/11/25 12:41:42 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/11/25 08:38:45 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mRp8AvryQOJUQY

[2011/11/25 07:53:57 | 000,001,392 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/11/25 07:53:07 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys

[2011/11/09 08:48:51 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/05 22:47:46 | 3747,577,856 | -HS- | C] () -- C:\hiberfil.sys

[2011/12/04 23:02:08 | 000,070,480 | ---- | C] () -- C:\MGlogs.zip

[2011/12/04 18:16:18 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/12/04 18:16:18 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2011/12/04 11:57:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/12/04 11:57:35 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/12/04 11:51:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/12/04 11:51:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/12/04 11:51:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/12/04 11:51:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/12/04 11:51:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/12/04 11:23:43 | 000,981,658 | ---- | C] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\A guide and tutorial on usi...pdf

[2011/11/28 19:58:37 | 000,002,148 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/28 19:18:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/11/28 17:37:58 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2011/11/28 17:37:58 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Use Inventor Simulation Suite 2008 License.lnk

[2011/11/28 17:37:58 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/11/28 17:37:58 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/11/28 17:37:50 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk

[2011/11/28 17:37:50 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

[2011/11/28 17:37:50 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

[2011/11/28 17:37:50 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

[2011/11/28 17:37:45 | 000,002,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk

[2011/11/28 17:37:45 | 000,002,489 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk

[2011/11/28 17:37:45 | 000,002,487 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk

[2011/11/28 17:37:45 | 000,002,475 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk

[2011/11/28 17:37:45 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Project.lnk

[2011/11/28 17:37:45 | 000,002,413 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 8 Standard.lnk

[2011/11/28 17:37:45 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visio.lnk

[2011/11/28 17:37:45 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 8.lnk

[2011/11/28 17:37:45 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk

[2011/11/28 17:37:45 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk

[2011/11/28 17:37:45 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk

[2011/11/28 17:37:45 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk

[2011/11/28 17:37:45 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk

[2011/11/28 17:37:45 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk

[2011/11/28 17:37:45 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk

[2011/11/25 12:41:42 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/11/25 08:38:01 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mRp8AvryQOJUQY

[2009/12/01 17:27:44 | 000,019,500 | ---- | C] () -- C:\WINDOWS\hpqins13.dat

[2009/09/29 21:01:17 | 000,054,356 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/06/25 12:22:17 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2009/06/25 12:22:03 | 000,000,160 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2009/06/25 12:21:47 | 000,000,687 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2009/06/25 12:19:27 | 000,110,416 | ---- | C] () -- C:\WINDOWS\hpoins11.dat

[2009/06/25 12:18:50 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat

[2009/06/23 19:55:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/04/07 15:53:18 | 001,340,394 | ---- | C] () -- C:\Program Files\MGtools.exe

[2009/03/24 10:42:26 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/03/17 10:06:02 | 000,625,357 | ---- | C] () -- C:\WINDOWS\System32\a27b525.dll

[2008/09/04 13:00:16 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys

[2008/05/20 16:07:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\00104run.ini

[2008/05/12 14:26:19 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\IGTSNMP.DLL

[2008/04/28 15:29:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI

[2008/04/14 12:36:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/04/14 11:25:19 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys

[2008/04/14 11:24:47 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe

[2008/04/14 11:24:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll

[2008/04/14 11:24:43 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll

[2008/04/14 11:24:42 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll

[2008/04/14 11:24:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll

[2008/04/14 11:24:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll

[2008/04/14 11:24:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll

[2008/04/14 11:24:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll

[2008/04/14 11:24:42 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll

[2008/04/14 06:01:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Local Settings\Application Data\WavXMapDrive.bat

[2008/04/01 11:25:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/04/01 11:24:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI

[2008/04/01 11:23:14 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2008/04/01 11:23:13 | 000,000,118 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/04/01 11:12:24 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll

[2008/04/01 11:09:49 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll

[2008/04/01 11:09:49 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll

[2008/04/01 10:43:28 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2008/04/01 10:43:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll

[2008/04/01 10:43:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2008/04/01 10:42:10 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/01/09 14:01:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe

[2008/01/09 14:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2007/10/26 13:28:18 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll

[2007/10/26 13:28:04 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

[2007/09/13 14:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll

[2007/09/13 14:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll

[2007/09/13 14:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll

[2007/09/13 14:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll

[2007/09/13 14:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll

[2007/09/13 14:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll

[2007/09/13 14:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll

[2007/09/13 14:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll

[2007/09/13 14:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll

[2007/09/13 14:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll

[2007/09/13 14:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll

[2007/09/13 14:32:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\CacheFP.exe

[2007/09/12 15:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll

[2007/09/12 15:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll

[2007/09/12 15:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll

[2007/09/12 15:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll

[2007/09/12 15:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll

[2007/09/12 15:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll

[2007/09/12 15:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll

[2007/09/12 15:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll

[2007/09/12 15:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll

[2007/09/12 15:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll

[2007/09/10 09:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll

[2007/06/15 10:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll

[2006/11/07 05:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2006/08/14 11:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll

[2006/06/12 08:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll

[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2005/07/26 15:04:18 | 000,060,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\phw2ksys.sys

[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2004/09/10 13:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll

[2004/09/10 13:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll

[2004/08/11 18:24:19 | 000,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/11 18:00:23 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys

[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[2000/02/24 04:03:04 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL

========== LOP Check ==========

[2008/04/01 11:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp

[2011/11/28 07:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\18243

[2008/04/15 05:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Ansys

[2008/04/15 05:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Autodesk

[2011/11/25 08:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\DYCwkIIrrOtx0S

[2011/11/25 12:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\e00cc1iD3oG

[2011/11/25 03:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\EhTTXXwjUV

[2011/11/25 01:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\FileOpen

[2011/11/25 08:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\GppmG5aQJdKfR

[2011/11/25 03:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\k33ppnG5aQJ6WK

[2011/11/25 12:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\K3ppG5JdK8RZhXU

[2011/11/25 08:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\oekIBrzzNyx

[2011/11/25 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\VCCeekIBr

[2008/04/01 11:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Wave Systems Corp

[2011/11/25 08:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\XGG5sQJ7K8

[2011/11/25 03:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\ZxxxA00uv

[2008/06/25 08:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2009/06/25 16:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2008/04/28 15:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes

[2008/10/10 14:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen

[2008/04/01 11:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems

[2008/04/01 11:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp

[2011/03/11 09:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/29 12:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/05/05 20:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2008/04/01 11:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp

[2008/05/19 12:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\Ansys

[2011/05/20 19:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\Autodesk

[2009/07/06 12:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\Azureus

[2008/04/28 15:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\DassaultSystemes

[2008/10/10 14:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\FileOpen

[2008/06/23 15:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\Transcend

[2008/04/01 11:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\Wave Systems Corp

[2008/09/04 13:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\webex

[2008/04/01 11:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnesbitt\Application Data\Wave Systems Corp

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL logfile created on: 12/5/2011 10:49:55 PM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 74.46% Memory free

5.33 Gb Paging File | 4.65 Gb Available in Paging File | 87.35% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.41 Gb Total Space | 19.59 Gb Free Space | 26.32% Space Free | Partition Type: NTFS

Computer Name: CRP104 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/05 22:17:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\OTL.exe

PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/06/26 01:45:56 | 000,256,000 | R--- | M] () -- C:\acegi.exe\pev.3XE

PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2008/10/14 20:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

PRC - [2008/09/05 23:29:58 | 000,917,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe

PRC - [2008/06/18 14:29:05 | 002,479,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

PRC - [2008/06/18 14:29:05 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

PRC - [2008/06/18 14:29:05 | 000,349,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe

PRC - [2008/06/18 14:29:05 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2008/06/18 14:29:05 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2008/06/18 14:29:04 | 002,240,944 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/12/05 18:24:46 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe

PRC - [2007/12/05 18:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe

PRC - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

PRC - [2007/10/26 13:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2007/09/14 10:53:16 | 000,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

PRC - [2007/09/10 09:55:04 | 000,092,160 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2007/05/14 14:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

PRC - [2007/04/15 22:49:16 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe

PRC - [2007/04/15 22:49:08 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe

PRC - [2007/04/15 22:49:08 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe

PRC - [2007/04/15 22:49:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe

PRC - [2007/01/11 20:43:46 | 002,150,400 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

PRC - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

PRC - [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe

PRC - [2006/08/17 09:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

PRC - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2005/07/26 15:02:44 | 000,230,480 | ---- | M] (Funk Software, Inc.) -- C:\Program Files\Funk Software\Proxy Host\PhTray.exe

PRC - [2005/07/26 15:02:40 | 000,287,824 | ---- | M] (Funk Software, Inc.) -- C:\Program Files\Funk Software\Proxy Host\Ph32Svc.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/17 21:08:45 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2007/10/26 13:28:18 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll

MOD - [2007/09/10 09:53:26 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll

MOD - [2007/08/11 19:05:27 | 000,169,304 | ---- | M] () -- C:\Program Files\Symantec\LiveUpdate\UNRAR.DLL

MOD - [2007/07/25 16:25:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll

MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL

MOD - [2005/07/22 21:30:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll

MOD - [2004/07/20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)

SRV - File not found [Auto | Stopped] -- -- (ASKUpgrade)

SRV - File not found [Auto | Stopped] -- -- (ASKService)

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/06/26 01:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\acegi.exe\pev.3XE -- (PEVSystemStart)

SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2008/07/10 05:03:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/06/18 14:29:05 | 002,479,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

SRV - [2008/06/18 14:29:05 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)

SRV - [2008/06/18 14:29:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2008/06/18 14:29:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2008/06/18 14:29:04 | 002,240,944 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2008/04/28 15:29:09 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)

SRV - [2008/04/15 05:18:30 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2007/12/05 18:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)

SRV - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)

SRV - [2007/10/26 13:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2007/09/13 14:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)

SRV - [2007/09/07 17:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)

SRV - [2007/08/31 17:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)

SRV - [2007/08/11 19:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

SRV - [2007/05/14 14:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)

SRV - [2007/02/11 21:15:08 | 000,902,760 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)

SRV - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)

SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2005/07/26 15:02:40 | 000,287,824 | ---- | M] (Funk Software, Inc.) [Auto | Running] -- C:\Program Files\Funk Software\Proxy Host\ph32svc.exe -- (ProxyHostService)

SRV - [2005/06/12 04:30:00 | 000,057,344 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)

========== Driver Services (SafeList) ==========

DRV - [2011/11/25 07:53:07 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)

DRV - [2011/11/15 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2011/11/15 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/08/18 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111205.003\NAVEX15.SYS -- (NAVEX15)

DRV - [2011/08/18 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111205.003\NAVENG.SYS -- (NAVENG)

DRV - [2008/07/09 09:51:43 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2008/07/09 09:51:43 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2008/06/25 23:06:22 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2008/06/18 14:29:05 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2008/06/18 14:29:05 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)

DRV - [2008/06/18 14:29:05 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2008/06/18 14:29:03 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)

DRV - [2007/12/05 18:24:44 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2007/11/28 17:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)

DRV - [2007/10/26 13:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007/09/10 09:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)

DRV - [2007/09/07 09:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)

DRV - [2007/09/06 09:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)

DRV - [2007/08/12 19:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®

DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2007/04/26 15:29:30 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)

DRV - [2007/04/26 15:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2007/04/26 15:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2007/04/26 15:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2007/04/26 15:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)

DRV - [2007/04/26 15:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)

DRV - [2007/04/26 15:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2007/04/26 15:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)

DRV - [2007/04/15 22:49:08 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/03/18 16:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/12/19 14:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)

DRV - [2006/11/02 12:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)

DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)

DRV - [2005/07/26 15:04:18 | 000,060,944 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\phw2ksys.sys -- (ProxyHostDriver)

DRV - [2005/07/26 15:04:16 | 000,011,408 | ---- | M] (Funk Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\phmmini.sys -- (ProxyHostMirrorDisplay)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

IE - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

IE - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080401

IE - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: RAWThumbnailViewer@arcsoft.com.cn:2.0.0.11

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2009/12/12 13:12:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2009/12/12 13:13:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/04 18:16:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/04 18:16:11 | 000,000,000 | ---D | M]

[2011/08/05 16:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Mozilla\Extensions

[2011/12/04 16:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Mozilla\Firefox\Profiles\tmjw82br.default\extensions

[2011/11/28 20:02:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Mozilla\Firefox\Profiles\tmjw82br.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/12/04 18:16:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/25 07:53:57 | 000,001,392 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 217.23.4.166 www.google-analytics.com.

O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.

O1 - Hosts: 217.23.4.166 www.statcounter.com.

O1 - Hosts: 178.250.45.15 www.google-analytics.com.

O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.

O1 - Hosts: 178.250.45.15 www.statcounter.com.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)

O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)

O3 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)

O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)

O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)

O4 - HKLM..\Run: [Client Access PC5250 Sound] C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe (IBM Corporation)

O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [ProxyHostTrayIcon] C:\Program Files\Funk Software\Proxy Host\phtray.exe (Funk Software, Inc.)

O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)

O4 - HKLM..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)

O4 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O7 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fuelsystemsinc.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73AF0BD8-1B01-4B4F-B079-B57563F32980}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found

O20 - Winlogon\Notify\gemsafe: DllName - (C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll) - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/05 22:29:10 | 000,000,000 | --SD | C] -- C:\acegi.exe

[2011/12/05 22:16:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\OTL.exe

[2011/12/04 23:58:12 | 004,329,111 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\acegi.exe.exe

[2011/12/04 11:57:31 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/12/04 11:51:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/12/04 11:51:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/12/04 11:51:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/12/04 11:13:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/12/04 11:07:50 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/12/01 23:01:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\dds.exe

[2011/11/28 19:27:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2011/11/28 19:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\My Documents\Downloads

[2011/11/28 17:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sprint

[2011/11/27 22:35:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Recent

[2011/11/25 12:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\K3ppG5JdK8RZhXU

[2011/11/25 12:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\e00cc1iD3oG

[2011/11/25 08:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Start Menu\Programs\System Fix

[2011/11/25 08:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\GppmG5aQJdKfR

[2011/11/25 08:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\DYCwkIIrrOtx0S

[2011/11/25 08:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\XGG5sQJ7K8

[2011/11/25 08:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\oekIBrzzNyx

[2011/11/25 07:53:07 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys

[2011/11/25 03:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/11/25 03:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/11/25 03:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/11/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\LP

[2011/11/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\k33ppnG5aQJ6WK

[2011/11/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\EhTTXXwjUV

[2011/11/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\18243

[2011/11/25 03:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\VCCeekIBr

[2011/11/25 03:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\ZxxxA00uv

[2011/11/25 01:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\FileOpen

[2011/11/24 23:19:00 | 000,000,000 | ---D | C] -- C:\MGtools

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/05 22:50:54 | 000,002,148 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/12/05 22:49:30 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk

[2011/12/05 22:49:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Local Settings\Application Data\WavXMapDrive.bat

[2011/12/05 22:48:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/05 22:47:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/12/05 22:47:46 | 3747,577,856 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/05 22:17:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\OTL.exe

[2011/12/05 18:10:16 | 004,329,111 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\acegi.exe.exe

[2011/12/05 17:39:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/04 23:18:43 | 000,070,480 | ---- | M] () -- C:\MGlogs.zip

[2011/12/04 18:16:18 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/12/04 18:16:18 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/12/04 11:57:49 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/12/04 10:57:37 | 000,981,658 | ---- | M] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\A guide and tutorial on usi...pdf

[2011/12/03 11:30:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/12/01 21:38:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\dds.exe

[2011/11/28 20:28:35 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/11/25 12:41:42 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/11/25 08:38:45 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mRp8AvryQOJUQY

[2011/11/25 07:53:57 | 000,001,392 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/11/25 07:53:07 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys

[2011/11/09 08:48:51 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/05 22:47:46 | 3747,577,856 | -HS- | C] () -- C:\hiberfil.sys

[2011/12/04 23:02:08 | 000,070,480 | ---- | C] () -- C:\MGlogs.zip

[2011/12/04 18:16:18 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/12/04 18:16:18 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2011/12/04 11:57:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/12/04 11:57:35 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/12/04 11:51:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/12/04 11:51:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/12/04 11:51:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/12/04 11:51:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/12/04 11:51:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/12/04 11:23:43 | 000,981,658 | ---- | C] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Desktop\A guide and tutorial on usi...pdf

[2011/11/28 19:58:37 | 000,002,148 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/28 19:18:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/11/28 17:37:58 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2011/11/28 17:37:58 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Use Inventor Simulation Suite 2008 License.lnk

[2011/11/28 17:37:58 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/11/28 17:37:58 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/11/28 17:37:50 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk

[2011/11/28 17:37:50 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

[2011/11/28 17:37:50 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

[2011/11/28 17:37:50 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

[2011/11/28 17:37:45 | 000,002,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk

[2011/11/28 17:37:45 | 000,002,489 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk

[2011/11/28 17:37:45 | 000,002,487 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk

[2011/11/28 17:37:45 | 000,002,475 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk

[2011/11/28 17:37:45 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Project.lnk

[2011/11/28 17:37:45 | 000,002,413 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 8 Standard.lnk

[2011/11/28 17:37:45 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visio.lnk

[2011/11/28 17:37:45 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 8.lnk

[2011/11/28 17:37:45 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk

[2011/11/28 17:37:45 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk

[2011/11/28 17:37:45 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk

[2011/11/28 17:37:45 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk

[2011/11/28 17:37:45 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk

[2011/11/28 17:37:45 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk

[2011/11/28 17:37:45 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk

[2011/11/25 12:41:42 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/11/25 08:38:01 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mRp8AvryQOJUQY

[2009/12/01 17:27:44 | 000,019,500 | ---- | C] () -- C:\WINDOWS\hpqins13.dat

[2009/09/29 21:01:17 | 000,054,356 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/06/25 12:22:17 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2009/06/25 12:22:03 | 000,000,160 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2009/06/25 12:21:47 | 000,000,687 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2009/06/25 12:19:27 | 000,110,416 | ---- | C] () -- C:\WINDOWS\hpoins11.dat

[2009/06/25 12:18:50 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat

[2009/06/23 19:55:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/04/07 15:53:18 | 001,340,394 | ---- | C] () -- C:\Program Files\MGtools.exe

[2009/03/24 10:42:26 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/03/17 10:06:02 | 000,625,357 | ---- | C] () -- C:\WINDOWS\System32\a27b525.dll

[2008/09/04 13:00:16 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys

[2008/05/20 16:07:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\00104run.ini

[2008/05/12 14:26:19 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\IGTSNMP.DLL

[2008/04/28 15:29:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI

[2008/04/14 12:36:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/04/14 11:25:19 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys

[2008/04/14 11:24:47 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe

[2008/04/14 11:24:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll

[2008/04/14 11:24:43 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll

[2008/04/14 11:24:42 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll

[2008/04/14 11:24:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll

[2008/04/14 11:24:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll

[2008/04/14 11:24:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll

[2008/04/14 11:24:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll

[2008/04/14 11:24:42 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll

[2008/04/14 06:01:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Local Settings\Application Data\WavXMapDrive.bat

[2008/04/01 11:25:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/04/01 11:24:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI

[2008/04/01 11:23:14 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2008/04/01 11:23:13 | 000,000,118 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/04/01 11:12:24 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll

[2008/04/01 11:09:49 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll

[2008/04/01 11:09:49 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll

[2008/04/01 10:43:28 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2008/04/01 10:43:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll

[2008/04/01 10:43:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2008/04/01 10:42:10 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/01/09 14:01:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe

[2008/01/09 14:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2007/10/26 13:28:18 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll

[2007/10/26 13:28:04 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

[2007/09/13 14:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll

[2007/09/13 14:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll

[2007/09/13 14:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll

[2007/09/13 14:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll

[2007/09/13 14:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll

[2007/09/13 14:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll

[2007/09/13 14:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll

[2007/09/13 14:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll

[2007/09/13 14:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll

[2007/09/13 14:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll

[2007/09/13 14:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll

[2007/09/13 14:32:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\CacheFP.exe

[2007/09/12 15:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll

[2007/09/12 15:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll

[2007/09/12 15:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll

[2007/09/12 15:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll

[2007/09/12 15:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll

[2007/09/12 15:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll

[2007/09/12 15:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll

[2007/09/12 15:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll

[2007/09/12 15:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll

[2007/09/12 15:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll

[2007/09/10 09:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll

[2007/06/15 10:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll

[2006/11/07 05:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2006/08/14 11:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll

[2006/06/12 08:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll

[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2005/07/26 15:04:18 | 000,060,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\phw2ksys.sys

[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2004/09/10 13:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll

[2004/09/10 13:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll

[2004/08/11 18:24:19 | 000,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/11 18:00:23 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys

[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[2000/02/24 04:03:04 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL

========== LOP Check ==========

[2008/04/01 11:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp

[2011/11/28 07:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\18243

[2008/04/15 05:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Ansys

[2008/04/15 05:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Autodesk

[2011/11/25 08:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\DYCwkIIrrOtx0S

[2011/11/25 12:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\e00cc1iD3oG

[2011/11/25 03:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\EhTTXXwjUV

[2011/11/25 01:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\FileOpen

[2011/11/25 08:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\GppmG5aQJdKfR

[2011/11/25 03:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\k33ppnG5aQJ6WK

[2011/11/25 12:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\K3ppG5JdK8RZhXU

[2011/11/25 08:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\oekIBrzzNyx

[2011/11/25 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\VCCeekIBr

[2008/04/01 11:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Wave Systems Corp

[2011/11/25 08:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\XGG5sQJ7K8

[2011/11/25 03:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\ZxxxA00uv

[2008/06/25 08:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2009/06/25 16:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2008/04/28 15:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes

[2008/10/10 14:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen

[2008/04/01 11:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems

[2008/04/01 11:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp

[2011/03/11 09:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/29 12:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/05/05 20:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2008/04/01 11:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp

[2008/05/19 12:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\Ansys

[2011/05/20 19:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\Autodesk

[2009/07/06 12:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\Azureus

[2008/04/28 15:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\DassaultSystemes

[2008/10/10 14:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\FileOpen

[2008/06/23 15:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\Transcend

[2008/04/01 11:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\Wave Systems Corp

[2008/09/04 13:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpursell\Application Data\webex

[2008/04/01 11:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnesbitt\Application Data\Wave Systems Corp

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)
    SRV - File not found [Auto | Stopped] -- -- (ASKUpgrade)
    SRV - File not found [Auto | Stopped] -- -- (ASKService)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-3073360251-2467196400-3112576402-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
    [2011/11/25 12:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\K3ppG5JdK8RZhXU
    [2011/11/25 12:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\e00cc1iD3oG
    [2011/11/25 08:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Start Menu\Programs\System Fix
    [2011/11/25 08:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\GppmG5aQJdKfR
    [2011/11/25 08:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\DYCwkIIrrOtx0S
    [2011/11/25 08:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\XGG5sQJ7K8
    [2011/11/25 08:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\oekIBrzzNyx
    [2011/11/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\k33ppnG5aQJ6WK
    [2011/11/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\EhTTXXwjUV
    [2011/11/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\18243
    [2011/11/25 03:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\VCCeekIBr
    [2011/11/25 03:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\ZxxxA00uv
    [2011/11/25 12:41:42 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

    :Commands
    [resethosts]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

All processes killed

========== OTL ==========

Service Smcinst stopped successfully!

Service Smcinst deleted successfully!

Service ASKUpgrade stopped successfully!

Service ASKUpgrade deleted successfully!

Service ASKService stopped successfully!

Service ASKService deleted successfully!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3073360251-2467196400-3112576402-500\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully.

C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\K3ppG5JdK8RZhXU folder moved successfully.

C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\e00cc1iD3oG folder moved successfully.

C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Start Menu\Programs\System Fix folder moved successfully.

C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\GppmG5aQJdKfR folder moved successfully.

C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\DYCwkIIrrOtx0S folder moved successfully.

C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\XGG5sQJ7K8 folder moved successfully.

C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\oekIBrzzNyx folder moved successfully.

C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\k33ppnG5aQJ6WK folder moved successfully.

C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\EhTTXXwjUV folder moved successfully.

C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\18243 folder moved successfully.

C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\VCCeekIBr folder moved successfully.

C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\ZxxxA00uv folder moved successfully.

C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk moved successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 2416608 bytes

->Temporary Internet Files folder emptied: 36113619 bytes

->Java cache emptied: 17781 bytes

->FireFox cache emptied: 22521379 bytes

->Flash cache emptied: 733 bytes

User: Administrator.FUELSYSTEMSINC

->Temp folder emptied: 316025561 bytes

->Temporary Internet Files folder emptied: 220332037 bytes

->Java cache emptied: 7621719 bytes

->FireFox cache emptied: 61440012 bytes

->Flash cache emptied: 6853 bytes

User: All Users

User: Default User

->Temp folder emptied: 32768 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: jpursell

->Temp folder emptied: 1457717657 bytes

->Temporary Internet Files folder emptied: 80097026 bytes

->Java cache emptied: 61218195 bytes

->FireFox cache emptied: 54214988 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 5247009 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 426118 bytes

User: NetworkService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 66388507 bytes

->Java cache emptied: 476161 bytes

->Flash cache emptied: 31417 bytes

User: tnesbitt

->Temp folder emptied: 297176 bytes

->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 924509610 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 600728 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,164.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12062011_181923

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Local Settings\Temp\fla2A.tmp not found!

File\Folder C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Local Settings\Temporary Internet Files\Content.IE5\ZON0EVFU\B6100264[1].htm not found!

File\Folder C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Local Settings\Temporary Internet Files\Content.IE5\ZON0EVFU\B6100264[2].htm not found!

File\Folder C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Local Settings\Temporary Internet Files\Content.IE5\ZON0EVFU\ddc[1].htm not found!

File\Folder C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Local Settings\Temporary Internet Files\Content.IE5\ZON0EVFU\ddc[2].htm not found!

File\Folder C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Local Settings\Temporary Internet Files\Content.IE5\ZON0EVFU\pixel[1].htm not found!

File\Folder C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Local Settings\Temporary Internet Files\Content.IE5\CRYO0KYA\50;ord=2636940490045374923;AD_ID=28079952;BEHAVIOR_SIGNAL_ID=-1;CHANNEL_ID=5766966;LINE_ITEM_ID=871267681;PUBLISHER_ID=5757418;SITE_ID=7154249 not found!

File\Folder C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Local Settings\Temporary Internet Files\Content.IE5\CRYO0KYA\B6100264[1].htm not found!

File\Folder C:\Documents and Settings\Administrator.FUELSYSTEMSINC\Local Settings\Temporary Internet Files\Content.IE5\CRYO0KYA\ddc[1].htm not found!

File\Folder C:\Documents and Settings\jpursell\Local Settings\Temp\DWHBB5D.tmp not found!

File\Folder C:\Documents and Settings\jpursell\Local Settings\Temp\DWHD790.tmp not found!

File\Folder C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\5\58417905-37fcb957 not found!

File\Folder C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\39\f0cf627-23accdb9 not found!

C:\WINDOWS\temp\Perflib_Perfdata_abc.dat moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8326

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

12/6/2011 10:14:26 PM

mbam-log-2011-12-06 (22-14-26).txt

Scan type: Quick scan

Objects scanned: 229987

Time elapsed: 9 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Privacy Protection (Rogue.PrvacyProtect) -> Value: Privacy Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Thanks. Ran exhelper and rkill, nothing found. Will try TDSSKiller again and post back tomorrow.

exeHelper by Raktor

Build 20100414

Run at 23:21:50 on 12/06/11

Now searching...

Checking for numerical processes...

Checking for sysguard processes...

Checking for bad processes...

Checking for bad files...

Checking for bad registry entries...

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 12/06/2011 at 23:24:55.

Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 12/06/2011 at 23:26:23.

Link to post
Share on other sites

It didn't find anything but reset....

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

If TDSSKiller.exe still won't run

Rename it to TYDSSKiller.com > should run.

Let me know....MrC

Link to post
Share on other sites

Rename worked. Here's the log file. This is all I have time for tonight.

18:06:58.0828 4896 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

18:06:59.0296 4896 ============================================================

18:06:59.0296 4896 Current date / time: 2011/12/07 18:06:59.0296

18:06:59.0296 4896 SystemInfo:

18:06:59.0296 4896

18:06:59.0296 4896 OS Version: 5.1.2600 ServicePack: 3.0

18:06:59.0296 4896 Product type: Workstation

18:06:59.0296 4896 ComputerName: CRP104

18:06:59.0296 4896 UserName: JPursell

18:06:59.0296 4896 Windows directory: C:\WINDOWS

18:06:59.0296 4896 System windows directory: C:\WINDOWS

18:06:59.0296 4896 Processor architecture: Intel x86

18:06:59.0296 4896 Number of processors: 2

18:06:59.0296 4896 Page size: 0x1000

18:06:59.0296 4896 Boot type: Normal boot

18:06:59.0296 4896 ============================================================

18:06:59.0296 4896 SetPrivileges failed!

18:07:02.0390 4896 Initialize success

18:07:32.0140 5856 ============================================================

18:07:32.0140 5856 Scan started

18:07:32.0140 5856 Mode: Manual; SigCheck; TDLFS;

18:07:32.0140 5856 ============================================================

18:07:35.0000 5856 Abiosdsk - ok

18:07:35.0046 5856 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

18:07:37.0531 5856 abp480n5 - ok

18:07:37.0703 5856 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:07:38.0125 5856 ACPI - ok

18:07:38.0187 5856 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:07:38.0546 5856 ACPIEC - ok

18:07:38.0609 5856 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

18:07:39.0031 5856 adpu160m - ok

18:07:39.0281 5856 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:07:39.0687 5856 aec - ok

18:07:39.0781 5856 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys

18:07:39.0937 5856 AegisP - ok

18:07:40.0125 5856 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

18:07:40.0234 5856 AFD - ok

18:07:40.0343 5856 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

18:07:40.0765 5856 agp440 - ok

18:07:41.0000 5856 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

18:07:41.0484 5856 agpCPQ - ok

18:07:41.0593 5856 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

18:07:41.0781 5856 Aha154x - ok

18:07:41.0890 5856 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

18:07:42.0421 5856 aic78u2 - ok

18:07:42.0546 5856 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

18:07:42.0968 5856 aic78xx - ok

18:07:43.0015 5856 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

18:07:43.0375 5856 AliIde - ok

18:07:43.0484 5856 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

18:07:43.0843 5856 alim1541 - ok

18:07:43.0875 5856 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

18:07:44.0296 5856 amdagp - ok

18:07:44.0328 5856 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

18:07:44.0500 5856 amsint - ok

18:07:44.0718 5856 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

18:07:44.0828 5856 ApfiltrService - ok

18:07:44.0890 5856 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

18:07:44.0937 5856 APPDRV ( UnsignedFile.Multi.Generic ) - warning

18:07:44.0953 5856 APPDRV - detected UnsignedFile.Multi.Generic (1)

18:07:45.0046 5856 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

18:07:45.0437 5856 Arp1394 - ok

18:07:45.0468 5856 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

18:07:45.0843 5856 asc - ok

18:07:46.0046 5856 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

18:07:46.0250 5856 asc3350p - ok

18:07:46.0281 5856 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

18:07:46.0656 5856 asc3550 - ok

18:07:46.0750 5856 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:07:47.0125 5856 AsyncMac - ok

18:07:47.0156 5856 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:07:47.0562 5856 atapi - ok

18:07:47.0578 5856 Atdisk - ok

18:07:47.0609 5856 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:07:47.0968 5856 Atmarpc - ok

18:07:48.0078 5856 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:07:48.0437 5856 audstub - ok

18:07:48.0531 5856 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

18:07:48.0656 5856 b57w2k - ok

18:07:48.0781 5856 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

18:08:04.0015 5856 BASFND ( UnsignedFile.Multi.Generic ) - warning

18:08:04.0015 5856 BASFND - detected UnsignedFile.Multi.Generic (1)

18:08:04.0187 5856 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:08:04.0562 5856 Beep - ok

18:08:04.0703 5856 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

18:08:05.0062 5856 cbidf - ok

18:08:05.0109 5856 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:08:05.0484 5856 cbidf2k - ok

18:08:05.0578 5856 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

18:08:05.0781 5856 cd20xrnt - ok

18:08:05.0828 5856 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:08:06.0203 5856 Cdaudio - ok

18:08:06.0234 5856 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:08:07.0109 5856 Cdfs - ok

18:08:07.0265 5856 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:08:07.0656 5856 Cdrom - ok

18:08:07.0656 5856 Changer - ok

18:08:07.0703 5856 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

18:08:08.0078 5856 CmBatt - ok

18:08:08.0125 5856 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

18:08:08.0484 5856 CmdIde - ok

18:08:08.0515 5856 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

18:08:08.0875 5856 Compbatt - ok

18:08:09.0062 5856 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

18:08:09.0437 5856 Cpqarray - ok

18:08:09.0500 5856 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

18:08:09.0578 5856 CVirtA - ok

18:08:09.0640 5856 CVPNDRVA (8a15d7bd4cf1a8ccd7c65f7349f22e35) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

18:08:09.0703 5856 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

18:08:09.0703 5856 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

18:08:09.0906 5856 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

18:08:10.0296 5856 dac2w2k - ok

18:08:10.0359 5856 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

18:08:10.0734 5856 dac960nt - ok

18:08:10.0828 5856 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:08:11.0171 5856 Disk - ok

18:08:11.0296 5856 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS

18:08:26.0468 5856 DLABMFSM - ok

18:08:26.0578 5856 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

18:08:26.0734 5856 DLABOIOM - ok

18:08:26.0812 5856 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

18:08:26.0921 5856 DLACDBHM - ok

18:08:26.0968 5856 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS

18:08:27.0093 5856 DLADResM - ok

18:08:27.0140 5856 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

18:08:27.0296 5856 DLAIFS_M - ok

18:08:27.0312 5856 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

18:08:27.0453 5856 DLAOPIOM - ok

18:08:27.0531 5856 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

18:08:27.0656 5856 DLAPoolM - ok

18:08:27.0703 5856 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

18:08:27.0843 5856 DLARTL_M - ok

18:08:27.0859 5856 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

18:08:28.0000 5856 DLAUDFAM - ok

18:08:28.0031 5856 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

18:08:28.0171 5856 DLAUDF_M - ok

18:08:28.0265 5856 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:08:28.0656 5856 dmboot - ok

18:08:28.0812 5856 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:08:29.0187 5856 dmio - ok

18:08:29.0234 5856 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:08:29.0609 5856 dmload - ok

18:08:29.0640 5856 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:08:30.0000 5856 DMusic - ok

18:08:30.0156 5856 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys

18:08:30.0203 5856 DNE - ok

18:08:30.0250 5856 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

18:08:30.0625 5856 dpti2o - ok

18:08:30.0687 5856 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:08:31.0046 5856 drmkaud - ok

18:08:31.0156 5856 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

18:08:31.0265 5856 DRVMCDB - ok

18:08:31.0359 5856 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

18:08:31.0468 5856 DRVNDDM - ok

18:08:31.0531 5856 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys

18:08:31.0562 5856 DXEC01 ( UnsignedFile.Multi.Generic ) - warning

18:08:31.0562 5856 DXEC01 - detected UnsignedFile.Multi.Generic (1)

18:08:31.0625 5856 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

18:08:32.0015 5856 E100B - ok

18:08:32.0218 5856 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

18:08:32.0359 5856 eeCtrl - ok

18:08:32.0375 5856 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

18:08:32.0531 5856 EraserUtilRebootDrv - ok

18:08:32.0734 5856 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:08:33.0109 5856 Fastfat - ok

18:08:33.0234 5856 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:08:33.0578 5856 Fdc - ok

18:08:33.0765 5856 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:08:34.0125 5856 Fips - ok

18:08:34.0234 5856 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:08:34.0593 5856 Flpydisk - ok

18:08:34.0765 5856 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:08:35.0125 5856 FltMgr - ok

18:08:35.0171 5856 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:08:35.0531 5856 Fs_Rec - ok

18:08:35.0578 5856 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:08:35.0968 5856 Ftdisk - ok

18:08:36.0031 5856 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

18:08:36.0078 5856 GEARAspiWDM - ok

18:08:36.0109 5856 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:08:36.0468 5856 Gpc - ok

18:08:36.0625 5856 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys

18:08:36.0703 5856 guardian2 - ok

18:08:36.0781 5856 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

18:08:37.0171 5856 HDAudBus - ok

18:08:37.0250 5856 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:08:37.0687 5856 HidUsb - ok

18:08:37.0812 5856 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

18:08:38.0171 5856 hpn - ok

18:08:38.0406 5856 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

18:08:38.0593 5856 HPZid412 - ok

18:08:38.0656 5856 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

18:08:38.0828 5856 HPZipr12 - ok

18:08:38.0921 5856 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

18:08:39.0062 5856 HPZius12 - ok

18:08:39.0171 5856 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

18:08:39.0296 5856 HSFHWAZL - ok

18:08:39.0375 5856 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

18:08:39.0500 5856 HSF_DPV - ok

18:08:39.0593 5856 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:08:39.0687 5856 HTTP - ok

18:08:39.0750 5856 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

18:08:40.0109 5856 i2omgmt - ok

18:08:40.0187 5856 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

18:08:40.0531 5856 i2omp - ok

18:08:40.0578 5856 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:08:40.0937 5856 i8042prt - ok

18:08:41.0531 5856 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

18:08:41.0937 5856 ialm - ok

18:08:42.0093 5856 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:08:42.0484 5856 Imapi - ok

18:08:42.0578 5856 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

18:08:42.0953 5856 ini910u - ok

18:08:43.0000 5856 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

18:08:43.0359 5856 IntelIde - ok

18:08:43.0531 5856 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:08:43.0859 5856 intelppm - ok

18:08:43.0921 5856 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:08:44.0296 5856 Ip6Fw - ok

18:08:44.0359 5856 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:08:44.0734 5856 IpFilterDriver - ok

18:08:44.0812 5856 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:08:45.0156 5856 IpInIp - ok

18:08:45.0281 5856 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:08:45.0671 5856 IpNat - ok

18:08:45.0734 5856 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:08:46.0109 5856 IPSec - ok

18:08:46.0140 5856 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:08:46.0500 5856 IRENUM - ok

18:08:46.0687 5856 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:08:47.0046 5856 isapnp - ok

18:08:47.0187 5856 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:08:47.0546 5856 Kbdclass - ok

18:08:47.0609 5856 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:08:47.0968 5856 kbdhid - ok

18:08:48.0093 5856 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:08:48.0453 5856 kmixer - ok

18:08:48.0609 5856 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:08:48.0750 5856 KSecDD - ok

18:08:48.0812 5856 lbrtfdc - ok

18:08:48.0968 5856 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

18:09:04.0109 5856 MBAMProtector - ok

18:09:04.0250 5856 MBAMSwissArmy - ok

18:09:04.0312 5856 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

18:09:04.0390 5856 mdmxsdk - ok

18:09:04.0421 5856 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:09:04.0796 5856 mnmdd - ok

18:09:04.0859 5856 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:09:05.0218 5856 Modem - ok

18:09:05.0390 5856 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:09:05.0734 5856 Mouclass - ok

18:09:05.0796 5856 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:09:06.0187 5856 mouhid - ok

18:09:06.0296 5856 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:09:06.0640 5856 MountMgr - ok

18:09:06.0843 5856 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

18:09:07.0671 5856 mraid35x - ok

18:09:07.0812 5856 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

18:09:07.0859 5856 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

18:09:07.0859 5856 MREMP50 - detected UnsignedFile.Multi.Generic (1)

18:09:07.0859 5856 MREMP50a64 - ok

18:09:07.0875 5856 MREMPR5 - ok

18:09:07.0890 5856 MRENDIS5 - ok

18:09:07.0937 5856 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

18:09:08.0015 5856 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

18:09:08.0015 5856 MRESP50 - detected UnsignedFile.Multi.Generic (1)

18:09:08.0046 5856 MRESP50a64 - ok

18:09:08.0203 5856 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:09:08.0546 5856 MRxDAV - ok

18:09:08.0609 5856 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:09:08.0750 5856 MRxSmb - ok

18:09:08.0796 5856 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:09:09.0140 5856 Msfs - ok

18:09:09.0250 5856 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:09:09.0609 5856 MSKSSRV - ok

18:09:09.0640 5856 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:09:09.0984 5856 MSPCLOCK - ok

18:09:10.0000 5856 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:09:10.0343 5856 MSPQM - ok

18:09:10.0453 5856 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:09:10.0781 5856 mssmbios - ok

18:09:10.0921 5856 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:09:11.0031 5856 Mup - ok

18:09:11.0218 5856 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111205.003\NAVENG.SYS

18:09:11.0328 5856 NAVENG - ok

18:09:11.0468 5856 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111205.003\NAVEX15.SYS

18:09:11.0671 5856 NAVEX15 - ok

18:09:11.0875 5856 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:09:12.0296 5856 NDIS - ok

18:09:12.0359 5856 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:09:12.0453 5856 NdisTapi - ok

18:09:12.0609 5856 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:09:12.0968 5856 Ndisuio - ok

18:09:13.0000 5856 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:09:13.0359 5856 NdisWan - ok

18:09:13.0500 5856 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:09:13.0656 5856 NDProxy - ok

18:09:13.0750 5856 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:09:14.0093 5856 NetBIOS - ok

18:09:14.0234 5856 NetBT (d3c1dfa1f82169568fdcd09f0de4fd89) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:09:14.0250 5856 NetBT ( Rootkit.Win32.ZAccess.k ) - infected

18:09:14.0250 5856 NetBT - detected Rootkit.Win32.ZAccess.k (0)

18:09:14.0515 5856 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

18:09:14.0718 5856 NETw4x32 - ok

18:09:14.0765 5856 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

18:09:15.0125 5856 NIC1394 - ok

18:09:15.0203 5856 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys

18:09:30.0328 5856 NPF - ok

18:09:30.0515 5856 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:09:30.0875 5856 Npfs - ok

18:09:30.0953 5856 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:09:31.0343 5856 Ntfs - ok

18:09:31.0406 5856 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:09:31.0765 5856 Null - ok

18:09:31.0953 5856 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:09:32.0421 5856 nv - ok

18:09:32.0625 5856 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:09:32.0984 5856 NwlnkFlt - ok

18:09:33.0015 5856 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:09:33.0406 5856 NwlnkFwd - ok

18:09:33.0468 5856 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

18:09:33.0843 5856 ohci1394 - ok

18:09:33.0875 5856 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

18:09:34.0250 5856 Parport - ok

18:09:34.0281 5856 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:09:34.0625 5856 PartMgr - ok

18:09:34.0765 5856 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:09:35.0109 5856 ParVdm - ok

18:09:35.0156 5856 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys

18:09:50.0281 5856 PBADRV - ok

18:09:50.0390 5856 PCASp50 - ok

18:09:50.0437 5856 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:09:50.0781 5856 PCI - ok

18:09:50.0796 5856 PCIDump - ok

18:09:50.0843 5856 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:09:51.0187 5856 PCIIde - ok

18:09:51.0218 5856 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

18:09:51.0546 5856 Pcmcia - ok

18:09:51.0562 5856 PDCOMP - ok

18:09:51.0578 5856 PDFRAME - ok

18:09:51.0593 5856 PDRELI - ok

18:09:51.0609 5856 PDRFRAME - ok

18:09:51.0656 5856 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

18:09:52.0015 5856 perc2 - ok

18:09:52.0125 5856 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

18:09:52.0484 5856 perc2hib - ok

18:09:52.0562 5856 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:09:52.0906 5856 PptpMiniport - ok

18:09:52.0968 5856 ProxyHostDriver (cc11c67a3bbd5c0ea2eceb9e449702f5) C:\WINDOWS\system32\Drivers\phw2ksys.sys

18:09:53.0015 5856 ProxyHostDriver - ok

18:09:53.0046 5856 ProxyHostMirrorDisplay (69eae493f7e906cfc0b28573158ae097) C:\WINDOWS\system32\Drivers\phmmini.sys

18:09:53.0093 5856 ProxyHostMirrorDisplay - ok

18:09:53.0140 5856 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:09:53.0484 5856 PSched - ok

18:09:53.0531 5856 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:09:53.0859 5856 Ptilink - ok

18:09:53.0937 5856 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:09:54.0000 5856 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

18:09:54.0000 5856 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

18:09:54.0031 5856 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

18:09:54.0375 5856 ql1080 - ok

18:09:54.0406 5856 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

18:09:54.0734 5856 Ql10wnt - ok

18:09:54.0765 5856 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

18:09:55.0109 5856 ql12160 - ok

18:09:55.0234 5856 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

18:09:55.0562 5856 ql1240 - ok

18:09:55.0625 5856 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

18:09:55.0984 5856 ql1280 - ok

18:09:56.0093 5856 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:09:56.0437 5856 RasAcd - ok

18:09:56.0468 5856 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:09:56.0796 5856 Rasl2tp - ok

18:09:56.0828 5856 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:09:57.0218 5856 RasPppoe - ok

18:09:57.0265 5856 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:09:57.0609 5856 Raspti - ok

18:09:57.0671 5856 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:09:58.0031 5856 Rdbss - ok

18:09:58.0062 5856 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:09:58.0390 5856 RDPCDD - ok

18:09:58.0437 5856 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:09:58.0781 5856 rdpdr - ok

18:09:58.0828 5856 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

18:09:58.0921 5856 RDPWD - ok

18:09:58.0984 5856 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:09:59.0343 5856 redbook - ok

18:09:59.0375 5856 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

18:09:59.0703 5856 ROOTMODEM - ok

18:09:59.0765 5856 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys

18:09:59.0812 5856 s24trans ( UnsignedFile.Multi.Generic ) - warning

18:09:59.0812 5856 s24trans - detected UnsignedFile.Multi.Generic (1)

18:09:59.0921 5856 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:10:00.0281 5856 Secdrv - ok

18:10:00.0328 5856 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:10:00.0703 5856 serenum - ok

18:10:00.0734 5856 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

18:10:01.0093 5856 Serial - ok

18:10:01.0140 5856 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:10:01.0468 5856 Sfloppy - ok

18:10:01.0500 5856 Simbad - ok

18:10:01.0531 5856 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

18:10:01.0890 5856 sisagp - ok

18:10:01.0968 5856 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

18:10:02.0218 5856 Sparrow - ok

18:10:02.0343 5856 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

18:10:02.0484 5856 SPBBCDrv - ok

18:10:02.0593 5856 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:10:02.0953 5856 splitter - ok

18:10:02.0984 5856 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:10:03.0343 5856 sr - ok

18:10:03.0375 5856 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\WINDOWS\system32\Drivers\SRTSP.SYS

18:10:03.0500 5856 SRTSP - ok

18:10:03.0562 5856 SRTSPL (c668edee729925635c254b04e70f9493) C:\WINDOWS\system32\Drivers\SRTSPL.SYS

18:10:03.0687 5856 SRTSPL - ok

18:10:03.0734 5856 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\WINDOWS\system32\Drivers\SRTSPX.SYS

18:10:03.0843 5856 SRTSPX - ok

18:10:03.0890 5856 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:10:04.0015 5856 Srv - ok

18:10:04.0156 5856 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

18:10:04.0312 5856 STHDA - ok

18:10:04.0421 5856 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

18:10:04.0765 5856 StillCam - ok

18:10:04.0843 5856 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:10:05.0187 5856 swenum - ok

18:10:05.0234 5856 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:10:05.0562 5856 swmidi - ok

18:10:05.0640 5856 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

18:10:05.0984 5856 symc810 - ok

18:10:06.0015 5856 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

18:10:06.0359 5856 symc8xx - ok

18:10:06.0421 5856 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

18:10:06.0531 5856 SymEvent - ok

18:10:06.0609 5856 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

18:10:06.0984 5856 sym_hi - ok

18:10:07.0031 5856 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

18:10:07.0406 5856 sym_u3 - ok

18:10:07.0468 5856 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:10:08.0250 5856 sysaudio - ok

18:10:08.0390 5856 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:10:08.0484 5856 Tcpip - ok

18:10:08.0546 5856 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:10:08.0890 5856 TDPIPE - ok

18:10:08.0921 5856 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:10:09.0250 5856 TDTCP - ok

18:10:09.0312 5856 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:10:09.0656 5856 TermDD - ok

18:10:09.0703 5856 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

18:10:10.0046 5856 TosIde - ok

18:10:10.0109 5856 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys

18:10:10.0187 5856 tosporte - ok

18:10:10.0296 5856 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys

18:10:10.0375 5856 tosrfbd - ok

18:10:10.0390 5856 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

18:10:10.0468 5856 tosrfbnp - ok

18:10:10.0500 5856 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

18:10:10.0593 5856 Tosrfcom - ok

18:10:10.0609 5856 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

18:10:10.0671 5856 Tosrfhid - ok

18:10:10.0703 5856 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

18:10:10.0765 5856 tosrfnds - ok

18:10:10.0796 5856 TosRfSnd (1ff09b64d1e0c82ee81026718d8d47c2) C:\WINDOWS\system32\drivers\tosrfsnd.sys

18:10:10.0875 5856 TosRfSnd - ok

18:10:10.0906 5856 Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys

18:10:11.0000 5856 Tosrfusb - ok

18:10:11.0062 5856 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:10:11.0390 5856 Udfs - ok

18:10:11.0500 5856 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

18:10:11.0671 5856 ultra - ok

18:10:11.0734 5856 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:10:12.0093 5856 Update - ok

18:10:12.0218 5856 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

18:10:12.0328 5856 USBAAPL - ok

18:10:12.0359 5856 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:10:12.0703 5856 usbccgp - ok

18:10:12.0734 5856 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:10:13.0093 5856 usbehci - ok

18:10:13.0109 5856 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:10:13.0468 5856 usbhub - ok

18:10:13.0515 5856 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

18:10:13.0859 5856 usbohci - ok

18:10:13.0937 5856 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:10:14.0281 5856 usbprint - ok

18:10:14.0296 5856 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:10:14.0640 5856 usbscan - ok

18:10:14.0656 5856 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:10:14.0984 5856 USBSTOR - ok

18:10:15.0093 5856 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:10:15.0453 5856 usbuhci - ok

18:10:15.0625 5856 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:10:15.0953 5856 VgaSave - ok

18:10:16.0046 5856 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

18:10:16.0453 5856 viaagp - ok

18:10:16.0562 5856 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

18:10:16.0953 5856 ViaIde - ok

18:10:17.0296 5856 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:10:17.0671 5856 VolSnap - ok

18:10:17.0687 5856 vsdatant - ok

18:10:17.0859 5856 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:10:18.0265 5856 Wanarp - ok

18:10:18.0312 5856 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys

18:10:18.0375 5856 WaveFDE ( UnsignedFile.Multi.Generic ) - warning

18:10:18.0375 5856 WaveFDE - detected UnsignedFile.Multi.Generic (1)

18:10:18.0406 5856 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys

18:10:18.0468 5856 WavxDMgr ( UnsignedFile.Multi.Generic ) - warning

18:10:18.0468 5856 WavxDMgr - detected UnsignedFile.Multi.Generic (1)

18:10:18.0546 5856 WDICA - ok

18:10:18.0593 5856 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:10:18.0921 5856 wdmaud - ok

18:10:19.0078 5856 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

18:10:19.0187 5856 winachsf - ok

18:10:19.0265 5856 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

18:10:19.0593 5856 WmiAcpi - ok

18:10:19.0671 5856 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

18:10:19.0703 5856 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected

18:10:19.0703 5856 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)

18:10:19.0765 5856 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

18:10:19.0765 5856 \Device\Harddisk0\DR0 - detected TDSS File System (1)

18:10:19.0796 5856 Boot (0x1200) (789a80dd07805de252613ff55059dde5) \Device\Harddisk0\DR0\Partition0

18:10:19.0796 5856 \Device\Harddisk0\DR0\Partition0 - ok

18:10:19.0796 5856 ============================================================

18:10:19.0796 5856 Scan finished

18:10:19.0796 5856 ============================================================

18:10:19.0921 5848 Detected object count: 13

18:10:19.0921 5848 Actual detected object count: 13

18:12:28.0359 5848 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user

18:12:28.0359 5848 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:12:28.0375 5848 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user

18:12:28.0375 5848 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:12:28.0375 5848 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

18:12:28.0375 5848 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:12:28.0375 5848 DXEC01 ( UnsignedFile.Multi.Generic ) - skipped by user

18:12:28.0375 5848 DXEC01 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:12:28.0375 5848 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

18:12:28.0375 5848 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:12:28.0375 5848 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

18:12:28.0375 5848 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:12:28.0468 5848 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813

18:12:40.0234 5848 Backup copy found, using it..

18:12:40.0328 5848 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot

18:12:42.0328 5848 NetBT ( Rootkit.Win32.ZAccess.k ) - User select action: Cure

18:12:42.0328 5848 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

18:12:42.0328 5848 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:12:42.0328 5848 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

18:12:42.0328 5848 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:12:42.0328 5848 WaveFDE ( UnsignedFile.Multi.Generic ) - skipped by user

18:12:42.0328 5848 WaveFDE ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:12:42.0343 5848 WavxDMgr ( UnsignedFile.Multi.Generic ) - skipped by user

18:12:42.0343 5848 WavxDMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:12:42.0390 5848 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot

18:12:42.0390 5848 \Device\Harddisk0\DR0 - ok

18:12:42.0390 5848 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure

18:12:42.0390 5848 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

18:12:42.0390 5848 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

18:13:29.0515 4764 Deinitialize success

The rename worked, I don't see the log file.

Link to post
Share on other sites

21:26:48.0078 4984 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

21:26:48.0296 4984 ============================================================

21:26:48.0296 4984 Current date / time: 2011/12/07 21:26:48.0296

21:26:48.0296 4984 SystemInfo:

21:26:48.0296 4984

21:26:48.0296 4984 OS Version: 5.1.2600 ServicePack: 3.0

21:26:48.0296 4984 Product type: Workstation

21:26:48.0296 4984 ComputerName: CRP104

21:26:48.0296 4984 UserName: JPursell

21:26:48.0296 4984 Windows directory: C:\WINDOWS

21:26:48.0296 4984 System windows directory: C:\WINDOWS

21:26:48.0296 4984 Processor architecture: Intel x86

21:26:48.0296 4984 Number of processors: 2

21:26:48.0296 4984 Page size: 0x1000

21:26:48.0296 4984 Boot type: Normal boot

21:26:48.0296 4984 ============================================================

21:26:48.0312 4984 SetPrivileges failed!

21:26:50.0171 4984 Initialize success

21:27:02.0125 0572 ============================================================

21:27:02.0125 0572 Scan started

21:27:02.0125 0572 Mode: Manual; SigCheck; TDLFS;

21:27:02.0125 0572 ============================================================

21:27:03.0484 0572 Abiosdsk - ok

21:27:03.0531 0572 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

21:27:06.0375 0572 abp480n5 - ok

21:27:06.0531 0572 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:27:06.0968 0572 ACPI - ok

21:27:07.0015 0572 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

21:27:07.0359 0572 ACPIEC - ok

21:27:07.0406 0572 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

21:27:07.0781 0572 adpu160m - ok

21:27:07.0890 0572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

21:27:08.0250 0572 aec - ok

21:27:08.0312 0572 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys

21:27:08.0437 0572 AegisP - ok

21:27:08.0484 0572 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

21:27:08.0609 0572 AFD - ok

21:27:08.0656 0572 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

21:27:09.0031 0572 agp440 - ok

21:27:09.0078 0572 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

21:27:09.0437 0572 agpCPQ - ok

21:27:09.0484 0572 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

21:27:09.0703 0572 Aha154x - ok

21:27:09.0812 0572 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

21:27:10.0187 0572 aic78u2 - ok

21:27:10.0218 0572 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

21:27:10.0609 0572 aic78xx - ok

21:27:10.0625 0572 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

21:27:10.0984 0572 AliIde - ok

21:27:11.0015 0572 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

21:27:11.0375 0572 alim1541 - ok

21:27:11.0406 0572 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

21:27:11.0781 0572 amdagp - ok

21:27:11.0812 0572 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

21:27:12.0000 0572 amsint - ok

21:27:12.0062 0572 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

21:27:12.0171 0572 ApfiltrService - ok

21:27:12.0234 0572 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

21:27:12.0281 0572 APPDRV ( UnsignedFile.Multi.Generic ) - warning

21:27:12.0281 0572 APPDRV - detected UnsignedFile.Multi.Generic (1)

21:27:12.0375 0572 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

21:27:12.0718 0572 Arp1394 - ok

21:27:12.0765 0572 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

21:27:13.0156 0572 asc - ok

21:27:13.0187 0572 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

21:27:13.0375 0572 asc3350p - ok

21:27:13.0453 0572 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

21:27:13.0843 0572 asc3550 - ok

21:27:13.0890 0572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:27:14.0250 0572 AsyncMac - ok

21:27:14.0281 0572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:27:14.0703 0572 atapi - ok

21:27:14.0718 0572 Atdisk - ok

21:27:14.0750 0572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:27:15.0125 0572 Atmarpc - ok

21:27:15.0343 0572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:27:15.0718 0572 audstub - ok

21:27:15.0765 0572 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

21:27:15.0875 0572 b57w2k - ok

21:27:15.0968 0572 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

21:27:31.0296 0572 BASFND ( UnsignedFile.Multi.Generic ) - warning

21:27:31.0296 0572 BASFND - detected UnsignedFile.Multi.Generic (1)

21:27:31.0390 0572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:27:31.0890 0572 Beep - ok

21:27:31.0953 0572 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

21:27:32.0359 0572 cbidf - ok

21:27:32.0406 0572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:27:32.0796 0572 cbidf2k - ok

21:27:33.0000 0572 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

21:27:33.0203 0572 cd20xrnt - ok

21:27:33.0265 0572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:27:33.0781 0572 Cdaudio - ok

21:27:33.0828 0572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

21:27:34.0265 0572 Cdfs - ok

21:27:34.0343 0572 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:27:34.0953 0572 Cdrom - ok

21:27:34.0968 0572 Changer - ok

21:27:35.0000 0572 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

21:27:35.0484 0572 CmBatt - ok

21:27:35.0515 0572 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

21:27:35.0890 0572 CmdIde - ok

21:27:35.0968 0572 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

21:27:36.0406 0572 Compbatt - ok

21:27:36.0546 0572 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

21:27:37.0015 0572 Cpqarray - ok

21:27:37.0078 0572 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

21:27:37.0218 0572 CVirtA - ok

21:27:37.0296 0572 CVPNDRVA (8a15d7bd4cf1a8ccd7c65f7349f22e35) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

21:27:37.0453 0572 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

21:27:37.0453 0572 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

21:27:37.0515 0572 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

21:27:37.0921 0572 dac2w2k - ok

21:27:37.0968 0572 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

21:27:38.0437 0572 dac960nt - ok

21:27:38.0578 0572 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

21:27:38.0968 0572 Disk - ok

21:27:39.0046 0572 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS

21:27:54.0218 0572 DLABMFSM - ok

21:27:54.0328 0572 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

21:27:54.0468 0572 DLABOIOM - ok

21:27:54.0578 0572 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

21:27:54.0734 0572 DLACDBHM - ok

21:27:54.0781 0572 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS

21:27:54.0906 0572 DLADResM - ok

21:27:54.0937 0572 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

21:27:55.0078 0572 DLAIFS_M - ok

21:27:55.0093 0572 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

21:27:55.0218 0572 DLAOPIOM - ok

21:27:55.0234 0572 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

21:27:55.0359 0572 DLAPoolM - ok

21:27:55.0390 0572 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

21:27:55.0531 0572 DLARTL_M - ok

21:27:55.0531 0572 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

21:27:55.0671 0572 DLAUDFAM - ok

21:27:55.0687 0572 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

21:27:55.0828 0572 DLAUDF_M - ok

21:27:55.0906 0572 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

21:27:56.0312 0572 dmboot - ok

21:27:56.0453 0572 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

21:27:56.0828 0572 dmio - ok

21:27:56.0890 0572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:27:57.0250 0572 dmload - ok

21:27:57.0296 0572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

21:27:57.0671 0572 DMusic - ok

21:27:57.0734 0572 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys

21:27:57.0828 0572 DNE - ok

21:27:57.0875 0572 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

21:27:58.0265 0572 dpti2o - ok

21:27:58.0328 0572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

21:27:58.0687 0572 drmkaud - ok

21:27:58.0781 0572 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

21:28:13.0921 0572 DRVMCDB - ok

21:28:14.0000 0572 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

21:28:14.0140 0572 DRVNDDM - ok

21:28:14.0187 0572 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys

21:28:14.0250 0572 DXEC01 ( UnsignedFile.Multi.Generic ) - warning

21:28:14.0250 0572 DXEC01 - detected UnsignedFile.Multi.Generic (1)

21:28:14.0296 0572 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

21:28:14.0750 0572 E100B - ok

21:28:14.0906 0572 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

21:28:15.0078 0572 eeCtrl - ok

21:28:15.0093 0572 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

21:28:15.0234 0572 EraserUtilRebootDrv - ok

21:28:15.0281 0572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

21:28:15.0687 0572 Fastfat - ok

21:28:15.0734 0572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

21:28:16.0125 0572 Fdc - ok

21:28:16.0156 0572 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

21:28:16.0546 0572 Fips - ok

21:28:16.0562 0572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

21:28:16.0937 0572 Flpydisk - ok

21:28:17.0078 0572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

21:28:17.0453 0572 FltMgr - ok

21:28:17.0500 0572 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:28:17.0859 0572 Fs_Rec - ok

21:28:17.0890 0572 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:28:18.0281 0572 Ftdisk - ok

21:28:18.0328 0572 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

21:28:18.0390 0572 GEARAspiWDM - ok

21:28:18.0421 0572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:28:18.0796 0572 Gpc - ok

21:28:18.0828 0572 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys

21:28:18.0937 0572 guardian2 - ok

21:28:19.0000 0572 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

21:28:19.0390 0572 HDAudBus - ok

21:28:19.0546 0572 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:28:19.0906 0572 HidUsb - ok

21:28:19.0968 0572 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

21:28:20.0328 0572 hpn - ok

21:28:20.0375 0572 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

21:28:20.0578 0572 HPZid412 - ok

21:28:20.0609 0572 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

21:28:20.0765 0572 HPZipr12 - ok

21:28:20.0796 0572 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

21:28:20.0953 0572 HPZius12 - ok

21:28:21.0015 0572 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

21:28:21.0140 0572 HSFHWAZL - ok

21:28:21.0250 0572 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

21:28:21.0390 0572 HSF_DPV - ok

21:28:21.0453 0572 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

21:28:21.0578 0572 HTTP - ok

21:28:21.0640 0572 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

21:28:21.0984 0572 i2omgmt - ok

21:28:22.0015 0572 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

21:28:22.0359 0572 i2omp - ok

21:28:22.0406 0572 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:28:22.0765 0572 i8042prt - ok

21:28:23.0203 0572 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

21:28:23.0734 0572 ialm - ok

21:28:23.0875 0572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:28:24.0250 0572 Imapi - ok

21:28:24.0312 0572 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

21:28:24.0734 0572 ini910u - ok

21:28:24.0765 0572 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

21:28:25.0125 0572 IntelIde - ok

21:28:25.0156 0572 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

21:28:25.0500 0572 intelppm - ok

21:28:25.0531 0572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

21:28:25.0890 0572 Ip6Fw - ok

21:28:25.0921 0572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:28:26.0296 0572 IpFilterDriver - ok

21:28:26.0312 0572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:28:26.0671 0572 IpInIp - ok

21:28:26.0703 0572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:28:27.0093 0572 IpNat - ok

21:28:27.0140 0572 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:28:27.0531 0572 IPSec - ok

21:28:27.0640 0572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:28:28.0000 0572 IRENUM - ok

21:28:28.0031 0572 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:28:28.0437 0572 isapnp - ok

21:28:28.0468 0572 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:28:28.0828 0572 Kbdclass - ok

21:28:28.0859 0572 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:28:29.0218 0572 kbdhid - ok

21:28:29.0265 0572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

21:28:29.0671 0572 kmixer - ok

21:28:29.0718 0572 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

21:28:29.0875 0572 KSecDD - ok

21:28:29.0906 0572 lbrtfdc - ok

21:28:29.0937 0572 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

21:28:45.0093 0572 MBAMProtector - ok

21:28:45.0234 0572 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

21:28:45.0484 0572 MBAMSwissArmy - ok

21:28:45.0546 0572 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

21:28:45.0640 0572 mdmxsdk - ok

21:28:45.0687 0572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:28:46.0062 0572 mnmdd - ok

21:28:46.0109 0572 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

21:28:46.0515 0572 Modem - ok

21:28:46.0593 0572 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:28:47.0000 0572 Mouclass - ok

21:28:47.0062 0572 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:28:47.0531 0572 mouhid - ok

21:28:47.0578 0572 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

21:28:47.0968 0572 MountMgr - ok

21:28:48.0015 0572 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

21:28:48.0453 0572 mraid35x - ok

21:28:48.0578 0572 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

21:28:48.0671 0572 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

21:28:48.0671 0572 MREMP50 - detected UnsignedFile.Multi.Generic (1)

21:28:48.0671 0572 MREMP50a64 - ok

21:28:48.0687 0572 MREMPR5 - ok

21:28:48.0703 0572 MRENDIS5 - ok

21:28:48.0718 0572 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

21:28:48.0812 0572 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

21:28:48.0812 0572 MRESP50 - detected UnsignedFile.Multi.Generic (1)

21:28:48.0828 0572 MRESP50a64 - ok

21:28:48.0937 0572 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:28:49.0453 0572 MRxDAV - ok

21:28:49.0640 0572 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:28:49.0843 0572 MRxSmb - ok

21:28:49.0890 0572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

21:28:50.0312 0572 Msfs - ok

21:28:50.0406 0572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:28:50.0796 0572 MSKSSRV - ok

21:28:50.0843 0572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:28:51.0218 0572 MSPCLOCK - ok

21:28:51.0250 0572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

21:28:51.0734 0572 MSPQM - ok

21:28:51.0828 0572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:28:52.0203 0572 mssmbios - ok

21:28:52.0281 0572 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

21:28:52.0593 0572 Mup - ok

21:28:52.0781 0572 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111205.003\NAVENG.SYS

21:29:07.0937 0572 NAVENG - ok

21:29:08.0062 0572 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111205.003\NAVEX15.SYS

21:29:08.0375 0572 NAVEX15 - ok

21:29:08.0484 0572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

21:29:08.0953 0572 NDIS - ok

21:29:09.0031 0572 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:29:09.0156 0572 NdisTapi - ok

21:29:09.0171 0572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:29:09.0812 0572 Ndisuio - ok

21:29:09.0843 0572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:29:10.0343 0572 NdisWan - ok

21:29:10.0421 0572 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

21:29:10.0562 0572 NDProxy - ok

21:29:10.0578 0572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:29:11.0015 0572 NetBIOS - ok

21:29:11.0078 0572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:29:11.0546 0572 NetBT - ok

21:29:11.0828 0572 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

21:29:12.0109 0572 NETw4x32 - ok

21:29:12.0187 0572 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

21:29:12.0703 0572 NIC1394 - ok

21:29:12.0765 0572 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys

21:29:12.0937 0572 NPF - ok

21:29:12.0984 0572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

21:29:13.0421 0572 Npfs - ok

21:29:13.0531 0572 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

21:29:13.0906 0572 Ntfs - ok

21:29:13.0968 0572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:29:14.0328 0572 Null - ok

21:29:14.0421 0572 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

21:29:14.0890 0572 nv - ok

21:29:14.0921 0572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:29:15.0265 0572 NwlnkFlt - ok

21:29:15.0296 0572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:29:15.0656 0572 NwlnkFwd - ok

21:29:15.0765 0572 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

21:29:16.0140 0572 ohci1394 - ok

21:29:16.0187 0572 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

21:29:16.0578 0572 Parport - ok

21:29:16.0593 0572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

21:29:16.0953 0572 PartMgr - ok

21:29:16.0984 0572 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

21:29:17.0328 0572 ParVdm - ok

21:29:17.0375 0572 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys

21:29:32.0515 0572 PBADRV - ok

21:29:32.0578 0572 PCASp50 - ok

21:29:32.0640 0572 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

21:29:32.0984 0572 PCI - ok

21:29:33.0000 0572 PCIDump - ok

21:29:33.0046 0572 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

21:29:33.0390 0572 PCIIde - ok

21:29:33.0421 0572 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

21:29:33.0750 0572 Pcmcia - ok

21:29:33.0765 0572 PDCOMP - ok

21:29:33.0781 0572 PDFRAME - ok

21:29:33.0796 0572 PDRELI - ok

21:29:33.0812 0572 PDRFRAME - ok

21:29:33.0859 0572 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

21:29:34.0218 0572 perc2 - ok

21:29:34.0234 0572 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

21:29:34.0625 0572 perc2hib - ok

21:29:34.0718 0572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:29:35.0109 0572 PptpMiniport - ok

21:29:35.0156 0572 ProxyHostDriver (cc11c67a3bbd5c0ea2eceb9e449702f5) C:\WINDOWS\system32\Drivers\phw2ksys.sys

21:29:35.0234 0572 ProxyHostDriver - ok

21:29:35.0265 0572 ProxyHostMirrorDisplay (69eae493f7e906cfc0b28573158ae097) C:\WINDOWS\system32\Drivers\phmmini.sys

21:29:35.0328 0572 ProxyHostMirrorDisplay - ok

21:29:35.0359 0572 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

21:29:35.0703 0572 PSched - ok

21:29:35.0765 0572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:29:36.0109 0572 Ptilink - ok

21:29:36.0171 0572 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

21:29:36.0265 0572 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

21:29:36.0265 0572 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

21:29:36.0312 0572 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

21:29:36.0656 0572 ql1080 - ok

21:29:36.0687 0572 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

21:29:37.0031 0572 Ql10wnt - ok

21:29:37.0062 0572 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

21:29:37.0406 0572 ql12160 - ok

21:29:37.0453 0572 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

21:29:37.0796 0572 ql1240 - ok

21:29:37.0843 0572 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

21:29:38.0187 0572 ql1280 - ok

21:29:38.0234 0572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:29:38.0593 0572 RasAcd - ok

21:29:38.0625 0572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:29:38.0968 0572 Rasl2tp - ok

21:29:39.0000 0572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:29:39.0375 0572 RasPppoe - ok

21:29:39.0515 0572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:29:39.0921 0572 Raspti - ok

21:29:39.0968 0572 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:29:40.0343 0572 Rdbss - ok

21:29:40.0437 0572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:29:40.0765 0572 RDPCDD - ok

21:29:40.0812 0572 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

21:29:41.0171 0572 rdpdr - ok

21:29:41.0218 0572 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

21:29:41.0343 0572 RDPWD - ok

21:29:41.0375 0572 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:29:41.0750 0572 redbook - ok

21:29:41.0781 0572 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

21:29:42.0109 0572 ROOTMODEM - ok

21:29:42.0171 0572 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys

21:29:42.0234 0572 s24trans ( UnsignedFile.Multi.Generic ) - warning

21:29:42.0234 0572 s24trans - detected UnsignedFile.Multi.Generic (1)

21:29:42.0312 0572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:29:42.0671 0572 Secdrv - ok

21:29:42.0796 0572 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

21:29:43.0171 0572 serenum - ok

21:29:43.0234 0572 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

21:29:43.0593 0572 Serial - ok

21:29:43.0656 0572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

21:29:43.0984 0572 Sfloppy - ok

21:29:44.0031 0572 Simbad - ok

21:29:44.0078 0572 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

21:29:44.0421 0572 sisagp - ok

21:29:44.0546 0572 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

21:29:44.0765 0572 Sparrow - ok

21:29:44.0921 0572 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

21:29:45.0062 0572 SPBBCDrv - ok

21:29:45.0171 0572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

21:29:45.0531 0572 splitter - ok

21:29:45.0562 0572 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

21:29:45.0921 0572 sr - ok

21:29:45.0953 0572 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\WINDOWS\system32\Drivers\SRTSP.SYS

21:29:46.0093 0572 SRTSP - ok

21:29:46.0140 0572 SRTSPL (c668edee729925635c254b04e70f9493) C:\WINDOWS\system32\Drivers\SRTSPL.SYS

21:29:46.0281 0572 SRTSPL - ok

21:29:46.0328 0572 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\WINDOWS\system32\Drivers\SRTSPX.SYS

21:29:46.0453 0572 SRTSPX - ok

21:29:46.0546 0572 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

21:29:46.0718 0572 Srv - ok

21:29:46.0843 0572 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

21:29:47.0062 0572 STHDA - ok

21:29:47.0187 0572 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

21:29:47.0546 0572 StillCam - ok

21:29:47.0609 0572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:29:47.0937 0572 swenum - ok

21:29:47.0968 0572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

21:29:48.0312 0572 swmidi - ok

21:29:48.0359 0572 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

21:29:48.0687 0572 symc810 - ok

21:29:48.0734 0572 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

21:29:49.0078 0572 symc8xx - ok

21:29:49.0140 0572 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

21:29:49.0265 0572 SymEvent - ok

21:29:49.0296 0572 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

21:29:49.0656 0572 sym_hi - ok

21:29:49.0687 0572 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

21:29:50.0062 0572 sym_u3 - ok

21:29:50.0093 0572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

21:29:50.0453 0572 sysaudio - ok

21:29:50.0593 0572 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:29:50.0734 0572 Tcpip - ok

21:29:50.0796 0572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:29:51.0125 0572 TDPIPE - ok

21:29:51.0156 0572 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

21:29:51.0515 0572 TDTCP - ok

21:29:51.0546 0572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:29:51.0890 0572 TermDD - ok

21:29:51.0953 0572 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

21:29:52.0281 0572 TosIde - ok

21:29:52.0296 0572 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys

21:29:52.0421 0572 tosporte - ok

21:29:52.0468 0572 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys

21:29:52.0562 0572 tosrfbd - ok

21:29:52.0593 0572 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

21:29:52.0812 0572 tosrfbnp - ok

21:29:53.0000 0572 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

21:29:53.0125 0572 Tosrfcom - ok

21:29:53.0156 0572 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

21:29:53.0296 0572 Tosrfhid - ok

21:29:53.0343 0572 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

21:29:53.0453 0572 tosrfnds - ok

21:29:53.0484 0572 TosRfSnd (1ff09b64d1e0c82ee81026718d8d47c2) C:\WINDOWS\system32\drivers\tosrfsnd.sys

21:29:53.0593 0572 TosRfSnd - ok

21:29:53.0625 0572 Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys

21:29:53.0734 0572 Tosrfusb - ok

21:29:53.0781 0572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

21:29:54.0140 0572 Udfs - ok

21:29:54.0171 0572 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

21:29:54.0375 0572 ultra - ok

21:29:54.0437 0572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

21:29:54.0828 0572 Update - ok

21:29:55.0000 0572 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

21:29:55.0140 0572 USBAAPL - ok

21:29:55.0171 0572 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:29:55.0515 0572 usbccgp - ok

21:29:55.0562 0572 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:29:55.0921 0572 usbehci - ok

21:29:55.0937 0572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:29:56.0312 0572 usbhub - ok

21:29:56.0375 0572 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

21:29:56.0703 0572 usbohci - ok

21:29:56.0734 0572 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:29:57.0078 0572 usbprint - ok

21:29:57.0093 0572 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:29:57.0453 0572 usbscan - ok

21:29:57.0484 0572 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:29:57.0812 0572 USBSTOR - ok

21:29:57.0843 0572 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

21:29:58.0203 0572 usbuhci - ok

21:29:58.0343 0572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

21:29:58.0687 0572 VgaSave - ok

21:29:58.0734 0572 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

21:29:59.0078 0572 viaagp - ok

21:29:59.0109 0572 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

21:29:59.0453 0572 ViaIde - ok

21:29:59.0500 0572 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

21:29:59.0875 0572 VolSnap - ok

21:29:59.0875 0572 vsdatant - ok

21:29:59.0921 0572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:30:00.0250 0572 Wanarp - ok

21:30:00.0312 0572 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys

21:30:00.0359 0572 WaveFDE ( UnsignedFile.Multi.Generic ) - warning

21:30:00.0359 0572 WaveFDE - detected UnsignedFile.Multi.Generic (1)

21:30:00.0390 0572 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys

21:30:00.0468 0572 WavxDMgr ( UnsignedFile.Multi.Generic ) - warning

21:30:00.0468 0572 WavxDMgr - detected UnsignedFile.Multi.Generic (1)

21:30:00.0484 0572 WDICA - ok

21:30:00.0531 0572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

21:30:00.0875 0572 wdmaud - ok

21:30:00.0953 0572 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

21:30:01.0109 0572 winachsf - ok

21:30:01.0234 0572 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

21:30:01.0562 0572 WmiAcpi - ok

21:30:01.0687 0572 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

21:30:01.0984 0572 \Device\Harddisk0\DR0 - ok

21:30:01.0984 0572 Boot (0x1200) (789a80dd07805de252613ff55059dde5) \Device\Harddisk0\DR0\Partition0

21:30:02.0000 0572 \Device\Harddisk0\DR0\Partition0 - ok

21:30:02.0000 0572 ============================================================

21:30:02.0000 0572 Scan finished

21:30:02.0000 0572 ============================================================

21:30:02.0125 4372 Detected object count: 10

21:30:02.0125 4372 Actual detected object count: 10

21:30:22.0109 4372 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user

21:30:22.0109 4372 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:30:22.0125 4372 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user

21:30:22.0125 4372 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:30:22.0125 4372 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

21:30:22.0125 4372 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:30:22.0125 4372 DXEC01 ( UnsignedFile.Multi.Generic ) - skipped by user

21:30:22.0125 4372 DXEC01 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:30:22.0125 4372 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

21:30:22.0125 4372 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:30:22.0125 4372 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

21:30:22.0125 4372 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:30:22.0125 4372 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

21:30:22.0125 4372 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:30:22.0140 4372 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

21:30:22.0140 4372 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:30:22.0140 4372 WaveFDE ( UnsignedFile.Multi.Generic ) - skipped by user

21:30:22.0140 4372 WaveFDE ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:30:22.0140 4372 WavxDMgr ( UnsignedFile.Multi.Generic ) - skipped by user

21:30:22.0140 4372 WavxDMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8331

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

12/7/2011 9:47:15 PM

mbam-log-2011-12-07 (21-47-15).txt

Scan type: Quick scan

Objects scanned: 234007

Time elapsed: 15 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.