Jump to content

Anti-malware run but threat not clear


Recommended Posts

Malwarebytes Team:

My computer was infected with XP Security 2012. I followed the instructions provided in the forum for removal. Afterwards I noticed a problem with Google redirects and ping.exe constantly running and consuming large amounts of resources. When killing ping.exe from Windows Tasks Manager it eventually re-spawns. Also, Malwarebytes' Anti-Malware constantly reports that it is blocking access to a potentially malicious website and has displayed many IP Addresses. The attempts are always outgoing.

I followed the instructions found in this post. http://forums.malwarebytes.org//index.php?showtopic=9573

As instructed, I ran DDS. The resulting logs are included. I have also included the log from the Malwarebytes cleanup. You will find them all attached in the zip file.

Your support is very much appreciated. I hope that the details provided will prove to be useful.

Thank you!

malwarebytes.zip

Link to post
Share on other sites

Malwarebytes Team:

My computer was infected with XP Security 2012. I followed the instructions provided in the forum for removal. Afterwards I noticed a problem with Google redirects and ping.exe constantly running and consuming large amounts of resources. When killing ping.exe from Windows Tasks Manager it eventually re-spawns. Also, Malwarebytes' Anti-Malware constantly reports that it is blocking access to a potentially malicious website and has displayed many IP Addresses. The attempts are always outgoing.

I followed the instructions found in this post. http://forums.malwarebytes.org//index.php?showtopic=9573

As instructed, I ran DDS. The resulting logs are included. I have also included the log from the Malwarebytes cleanup. You will find them all attached in the zip file.

Your support is very much appreciated. I hope that the details provided will prove to be useful.

Thank you!

My apologies. I included my instructions and not the mbam-log file from the cleanup so here it is.

mbam-log-2011-12-04 (19-49-38).txt

Link to post
Share on other sites

Hello GalafreyanNinja! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Please follow the instructions here:

www.bleepingcomputer.com/combofix/how-to-use-combofix#use

Post the log file.

Link to post
Share on other sites

Hello GalafreyanNinja! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Please follow the instructions here:

www.bleepingcomputer.com/combofix/how-to-use-combofix#use

Post the log file.

Thanks for the prompt response. Here is the log from Combofix.

ComboFix 11-12-05.04 - storeoff 12/05/2011 20:23:28.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1432 [GMT -5:00]

Running from: c:\documents and settings\storeoff\Desktop\ComboFix.exe

AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\storeoff\Desktop\Internet Explorer.lnk

c:\windows\$NtUninstallKB63514$\1128657196

c:\windows\$NtUninstallKB63514$\2643420565\@

c:\windows\$NtUninstallKB63514$\2643420565\bckfg.tmp

c:\windows\$NtUninstallKB63514$\2643420565\cfg.ini

c:\windows\$NtUninstallKB63514$\2643420565\Desktop.ini

c:\windows\$NtUninstallKB63514$\2643420565\keywords

c:\windows\$NtUninstallKB63514$\2643420565\kwrd.dll

c:\windows\$NtUninstallKB63514$\2643420565\L\qozjkwnp

c:\windows\$NtUninstallKB63514$\2643420565\lsflt7.ver

c:\windows\$NtUninstallKB63514$\2643420565\U\00000001.@

c:\windows\$NtUninstallKB63514$\2643420565\U\00000002.@

c:\windows\$NtUninstallKB63514$\2643420565\U\00000004.@

c:\windows\$NtUninstallKB63514$\2643420565\U\80000000.@

c:\windows\$NtUninstallKB63514$\2643420565\U\80000004.@

c:\windows\$NtUninstallKB63514$\2643420565\U\80000032.@

c:\windows\Client.ini

c:\windows\CSC\d6

c:\windows\$NtUninstallKB63514$ . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))

.

.

2011-12-05 00:22 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-04 23:34 . 2011-12-04 23:34 388096 ----a-r- c:\documents and settings\storeoff\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-04 19:51 . 2011-12-04 19:51 -------- d-----w- c:\program files\ESET

2011-12-02 19:46 . 2011-12-02 19:46 -------- d-----w- c:\documents and settings\storeoff\Application Data\Malwarebytes

2011-12-02 19:45 . 2011-12-02 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-02 19:45 . 2011-12-05 00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-02 14:08 . 2011-12-02 19:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-11-24 17:06 . 2011-11-24 17:08 -------- d-----w- c:\program files\EvilLyrics

2011-11-24 16:44 . 2011-11-24 16:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2011-11-24 16:44 . 2011-11-24 16:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2011-11-24 16:44 . 2011-11-24 16:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2011-11-24 16:44 . 2011-11-24 16:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2011-11-24 16:44 . 2011-11-24 16:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2011-11-24 16:44 . 2011-11-24 16:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2011-11-24 16:44 . 2011-11-24 16:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2011-11-24 16:43 . 2011-11-24 16:44 -------- d-----w- c:\program files\QuickTime

2011-11-24 16:39 . 2011-11-24 16:39 -------- d-----w- c:\program files\iPod

2011-11-08 17:55 . 2011-11-08 17:55 -------- d-----w- c:\documents and settings\storeoff\My Vaults

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-09-30 20:08 . 2011-09-30 20:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-08 07:29 . 2011-10-17 12:00 85064 ----a-w- c:\windows\system32\drivers\NEOFLTR_710_19243.SYS

2011-11-21 04:04 . 2011-12-05 02:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"SanDiskSecureAccess_Manager.exe"="c:\documents and settings\storeoff\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-10-23 27306624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2010-07-07 730408]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-08-31 2097152]

"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2010-02-26 152872]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoBandCustomize"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\AMInit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\storeoff\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2408:TCP"= 2408:TCP:ApplicationVantage Agent

.

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [8/31/2009 6:55 AM 189968]

R1 CCDevice;CCDevice;c:\windows\system32\drivers\CCDevice.sys [3/23/2005 6:14 PM 9216]

R1 NEOFLTR_710_19243;Juniper Networks TDI Filter Driver (NEOFLTR_710_19243);c:\windows\system32\drivers\NEOFLTR_710_19243.SYS [10/17/2011 7:00 AM 85064]

R2 CWEnprobe;Vantage Packet Capture Driver;c:\windows\system32\drivers\cwenprobe.sys [8/19/2005 12:52 AM 60119]

R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/4/2011 7:22 PM 366152]

R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [5/22/2009 12:02 AM 262416]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [5/22/2009 12:00 AM 36624]

R2 VantageAgent;ApplicationVantage Agent;c:\program files\Compuware\ApplicationVantage Agent\OPTSA.exe [8/19/2005 1:48 AM 102400]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [8/31/2010 2:40 PM 228408]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/21/2005 3:19 AM 36352]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/4/2011 7:22 PM 22216]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/20/2011 12:18 PM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/20/2011 12:18 PM 135664]

S3 Maestro;ESS Maestro2E Audio Driver (WDM);c:\windows\system32\drivers\essm2e.sys [3/9/1980 8:10 PM 137088]

S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [10/8/2008 1:22 PM 689416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]

2011-02-17 19:00 124928 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]

.

2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 17:18]

.

2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 17:18]

.

2011-12-06 c:\windows\Tasks\User_Feed_Synchronization-{6DCBFFD3-7068-4A9D-8CBB-B77DB80DC221}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]

.

.

------- Supplementary Scan -------

.

uStart Page = https://remotevpn.meijer.com/dana-na/auth/url_default/welcome.cgi

mStart Page = about:blank

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Trusted Zone: 21cii.com\update

Trusted Zone: csc-fsg.com\rmx-meijer

Trusted Zone: freerealms.com

Trusted Zone: lifung.com

Trusted Zone: meijer.com\apps

Trusted Zone: meijer.com\ccowbc

Trusted Zone: meijer.com\cowbcdev

Trusted Zone: meijer.com\devtech

Trusted Zone: meijer.com\lcowbc

Trusted Zone: meijer.com\poswebdev

Trusted Zone: meijer.com\remotevpn

Trusted Zone: meijer.com\storeapps

Trusted Zone: meijer.com\timerecording

Trusted Zone: meijer.com\timerecording03

Trusted Zone: microsoft.com\msops

Trusted Zone: mvs-e-filing.com

Trusted Zone: navigant.com\reporflyr2

Trusted Zone: w0982ewebs0180

Trusted Zone: w0982iappv0208

Trusted Zone: warnerbros.com\marsdownload

Trusted Zone: 21cii.com\update

Trusted Zone: csc-fsg.com\rmx-meijer

Trusted Zone: lifung.com

Trusted Zone: meijer.com\apps

Trusted Zone: meijer.com\ccowbc

Trusted Zone: meijer.com\cowbcdev

Trusted Zone: meijer.com\devtech

Trusted Zone: meijer.com\lcowbc

Trusted Zone: meijer.com\poswebdev

Trusted Zone: meijer.com\remotevpn

Trusted Zone: meijer.com\storeapps

Trusted Zone: meijer.com\timerecording

Trusted Zone: meijer.com\timerecording03

Trusted Zone: microsoft.com\msops

Trusted Zone: mvs-e-filing.com

Trusted Zone: navigant.com\reporflyr2

Trusted Zone: w0982ewebs0180

Trusted Zone: w0982iappv0208

Trusted Zone: warnerbros.com\marsdownload

TCP: DhcpNameServer = 68.94.156.1 68.94.157.1

FF - ProfilePath - c:\documents and settings\storeoff\Application Data\Mozilla\Firefox\Profiles\9aj6b3cc.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM_ActiveSetup-{8F9AE6BC-0013-43AD-8264-46E6660D31DA} - Packages\Meijer\Fix_Proxy\1.0\01\fixproxy.vbs

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-05 20:38

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(936)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3920)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Citrix\ICA Client\ssonsvr.exe

c:\altiris\AClient\AClient.exe

c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\ccsrvc.exe

c:\program files\Altiris\Carbon Copy\shellker.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lxdicoms.exe

c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe

c:\program files\Altiris\Altiris Agent\AeXAgentUIHost.exe

c:\progra~1\Altiris\CARBON~1\client.exe

c:\windows\system32\wscntfy.exe

c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

c:\windows\TEMP\PHED47.EXE

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-12-05 20:46:44 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-06 01:46

.

Pre-Run: 55,176,896,512 bytes free

Post-Run: 55,917,690,880 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

[spybotsd]

timeout.old=30

.

- - End Of File - - 2D4D31083C12FF1E2D95A96795B5131A

Link to post
Share on other sites

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Maniac,

As instructed I have run TDSKiller. Cure was not an option. The log follows. Thanks.

20:02:17.0890 0976 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

20:02:18.0062 0976 ============================================================

20:02:18.0062 0976 Current date / time: 2011/12/06 20:02:18.0062

20:02:18.0062 0976 SystemInfo:

20:02:18.0062 0976

20:02:18.0062 0976 OS Version: 5.1.2600 ServicePack: 3.0

20:02:18.0062 0976 Product type: Workstation

20:02:18.0062 0976 ComputerName: OFSTEVEIP-L02

20:02:18.0062 0976 UserName: storeoff

20:02:18.0062 0976 Windows directory: C:\WINDOWS

20:02:18.0062 0976 System windows directory: C:\WINDOWS

20:02:18.0062 0976 Processor architecture: Intel x86

20:02:18.0062 0976 Number of processors: 2

20:02:18.0062 0976 Page size: 0x1000

20:02:18.0062 0976 Boot type: Normal boot

20:02:18.0062 0976 ============================================================

20:02:20.0796 0976 Initialize success

20:02:39.0953 3636 ============================================================

20:02:39.0953 3636 Scan started

20:02:39.0953 3636 Mode: Manual; SigCheck; TDLFS;

20:02:39.0953 3636 ============================================================

20:02:40.0406 3636 Abiosdsk - ok

20:02:40.0453 3636 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

20:02:42.0296 3636 abp480n5 - ok

20:02:42.0421 3636 Accelerometer (2ad11b75224bc6c54735fb6853105b8b) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys

20:02:42.0531 3636 Accelerometer - ok

20:02:42.0578 3636 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:02:42.0703 3636 ACPI - ok

20:02:42.0828 3636 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

20:02:42.0968 3636 ACPIEC - ok

20:02:43.0031 3636 ADIHdAudAddService (be4beb3fde3edfad4ef2760722717b0f) C:\WINDOWS\system32\drivers\ADIHdAud.sys

20:02:43.0093 3636 ADIHdAudAddService - ok

20:02:43.0140 3636 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

20:02:43.0312 3636 adpu160m - ok

20:02:43.0500 3636 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys

20:02:43.0562 3636 AEAudio - ok

20:02:43.0609 3636 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:02:43.0765 3636 aec - ok

20:02:43.0812 3636 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

20:02:43.0859 3636 AFD - ok

20:02:44.0046 3636 AgereSoftModem (90456051c422e09bc36e6340dd891f0c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

20:02:44.0234 3636 AgereSoftModem - ok

20:02:44.0359 3636 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

20:02:44.0531 3636 agp440 - ok

20:02:44.0812 3636 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

20:02:44.0968 3636 agpCPQ - ok

20:02:44.0984 3636 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

20:02:45.0046 3636 Aha154x - ok

20:02:45.0046 3636 ahcix86 (3936a49ecb74cf23bbb6979cd683dd56) C:\WINDOWS\system32\DRIVERS\ahcix86.sys

20:02:45.0171 3636 ahcix86 - ok

20:02:45.0171 3636 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

20:02:45.0343 3636 aic78u2 - ok

20:02:45.0343 3636 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

20:02:45.0500 3636 aic78xx - ok

20:02:45.0515 3636 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

20:02:45.0671 3636 AliIde - ok

20:02:45.0687 3636 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

20:02:45.0859 3636 alim1541 - ok

20:02:45.0875 3636 AlKernel (06112696a1b06692939cf087d1f1c84e) C:\WINDOWS\system32\Drivers\AlKernel.sys

20:02:45.0906 3636 AlKernel ( UnsignedFile.Multi.Generic ) - warning

20:02:45.0906 3636 AlKernel - detected UnsignedFile.Multi.Generic (1)

20:02:46.0000 3636 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

20:02:46.0140 3636 amdagp - ok

20:02:46.0156 3636 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

20:02:46.0234 3636 amsint - ok

20:02:46.0281 3636 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

20:02:46.0453 3636 Arp1394 - ok

20:02:46.0484 3636 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

20:02:46.0656 3636 asc - ok

20:02:46.0765 3636 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

20:02:46.0828 3636 asc3350p - ok

20:02:46.0828 3636 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

20:02:47.0000 3636 asc3550 - ok

20:02:47.0078 3636 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:02:47.0234 3636 AsyncMac - ok

20:02:47.0250 3636 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:02:47.0390 3636 atapi - ok

20:02:47.0390 3636 Atdisk - ok

20:02:47.0531 3636 ati2mtag (a1789368b4a31d2111af7aeda0c8d3fc) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

20:02:47.0687 3636 ati2mtag - ok

20:02:47.0828 3636 atimpab (8d70c26425fde49ddce5bb2cf25b8df2) C:\WINDOWS\system32\DRIVERS\atimpab.sys

20:02:48.0078 3636 atimpab - ok

20:02:48.0093 3636 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:02:48.0265 3636 Atmarpc - ok

20:02:48.0312 3636 ATSWPDRV (002ecb6f1197a7754cc87f2073f41841) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys

20:02:48.0375 3636 ATSWPDRV - ok

20:02:48.0500 3636 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:02:48.0671 3636 audstub - ok

20:02:48.0718 3636 b57w2k (133ad3794572bce689763a8356c7ed06) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

20:02:48.0796 3636 b57w2k - ok

20:02:48.0906 3636 BCM43XX (fe4ed785396eaa554c561992106a35fa) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

20:02:49.0093 3636 BCM43XX - ok

20:02:49.0234 3636 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:02:49.0406 3636 Beep - ok

20:02:49.0406 3636 catchme - ok

20:02:49.0500 3636 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

20:02:49.0671 3636 cbidf - ok

20:02:49.0687 3636 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:02:49.0812 3636 cbidf2k - ok

20:02:49.0921 3636 CCDevice (f68d9209421c0a8a78d082cedd05bef8) C:\WINDOWS\system32\drivers\CCDevice.sys

20:02:49.0937 3636 CCDevice ( UnsignedFile.Multi.Generic ) - warning

20:02:49.0937 3636 CCDevice - detected UnsignedFile.Multi.Generic (1)

20:02:49.0937 3636 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

20:02:50.0015 3636 cd20xrnt - ok

20:02:50.0156 3636 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:02:50.0312 3636 Cdaudio - ok

20:02:50.0406 3636 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

20:02:50.0562 3636 Cdfs - ok

20:02:50.0593 3636 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:02:50.0781 3636 Cdrom - ok

20:02:50.0796 3636 Changer - ok

20:02:50.0843 3636 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

20:02:51.0015 3636 CmBatt - ok

20:02:51.0203 3636 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

20:02:51.0343 3636 CmdIde - ok

20:02:51.0359 3636 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

20:02:51.0531 3636 Compbatt - ok

20:02:51.0593 3636 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

20:02:51.0750 3636 Cpqarray - ok

20:02:51.0796 3636 CWEnprobe (89e9f9ad6604ac6355b007a812b3a68c) C:\WINDOWS\system32\DRIVERS\cwenprobe.sys

20:02:51.0828 3636 CWEnprobe ( UnsignedFile.Multi.Generic ) - warning

20:02:51.0828 3636 CWEnprobe - detected UnsignedFile.Multi.Generic (1)

20:02:51.0937 3636 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

20:02:52.0140 3636 dac2w2k - ok

20:02:52.0140 3636 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

20:02:52.0281 3636 dac960nt - ok

20:02:52.0390 3636 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

20:02:52.0546 3636 Disk - ok

20:02:52.0593 3636 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

20:02:52.0796 3636 dmboot - ok

20:02:52.0984 3636 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

20:02:53.0171 3636 dmio - ok

20:02:53.0187 3636 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:02:53.0343 3636 dmload - ok

20:02:53.0375 3636 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

20:02:53.0562 3636 DMusic - ok

20:02:53.0703 3636 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

20:02:53.0843 3636 dpti2o - ok

20:02:53.0875 3636 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

20:02:54.0015 3636 drmkaud - ok

20:02:54.0046 3636 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

20:02:54.0218 3636 E100B - ok

20:02:54.0250 3636 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys

20:02:54.0296 3636 eabusb - ok

20:02:54.0437 3636 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

20:02:54.0578 3636 Fastfat - ok

20:02:54.0609 3636 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

20:02:54.0765 3636 Fdc - ok

20:02:54.0796 3636 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

20:02:54.0968 3636 Fips - ok

20:02:55.0078 3636 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

20:02:55.0250 3636 Flpydisk - ok

20:02:55.0281 3636 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

20:02:55.0437 3636 FltMgr - ok

20:02:55.0484 3636 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:02:55.0656 3636 Fs_Rec - ok

20:02:55.0671 3636 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:02:55.0812 3636 Ftdisk - ok

20:02:55.0937 3636 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

20:02:56.0093 3636 gameenum - ok

20:02:56.0203 3636 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

20:02:56.0234 3636 GEARAspiWDM - ok

20:02:56.0281 3636 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:02:56.0453 3636 Gpc - ok

20:02:56.0593 3636 HBtnKey (fc657b7751729efe54e2ff24f50e5bab) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

20:02:56.0656 3636 HBtnKey - ok

20:02:56.0718 3636 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:02:56.0875 3636 HDAudBus - ok

20:02:56.0906 3636 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:02:57.0046 3636 HidUsb - ok

20:02:57.0109 3636 hpdskflt (b5e68a5d9e0aac82e4ddd340e1f0274a) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys

20:02:57.0125 3636 hpdskflt - ok

20:02:57.0250 3636 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

20:02:57.0390 3636 hpn - ok

20:02:57.0500 3636 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys

20:02:57.0640 3636 HpqKbFiltr - ok

20:02:57.0703 3636 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

20:02:57.0828 3636 HTTP - ok

20:02:57.0968 3636 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

20:02:58.0140 3636 i2omgmt - ok

20:02:58.0171 3636 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

20:02:58.0296 3636 i2omp - ok

20:02:58.0359 3636 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:02:58.0515 3636 i8042prt - ok

20:02:58.0578 3636 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

20:02:58.0890 3636 iaStor - ok

20:02:59.0046 3636 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

20:02:59.0156 3636 IFXTPM - ok

20:02:59.0203 3636 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:02:59.0343 3636 Imapi - ok

20:02:59.0406 3636 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

20:02:59.0562 3636 ini910u - ok

20:02:59.0656 3636 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

20:02:59.0812 3636 IntelIde - ok

20:02:59.0859 3636 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

20:03:00.0000 3636 Ip6Fw - ok

20:03:00.0015 3636 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:03:00.0156 3636 IpFilterDriver - ok

20:03:00.0250 3636 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:03:00.0390 3636 IpInIp - ok

20:03:00.0468 3636 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:03:00.0609 3636 IpNat - ok

20:03:00.0656 3636 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:03:00.0796 3636 IPSec - ok

20:03:00.0906 3636 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

20:03:00.0984 3636 irda - ok

20:03:01.0109 3636 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:03:01.0187 3636 IRENUM - ok

20:03:01.0250 3636 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:03:01.0421 3636 isapnp - ok

20:03:01.0468 3636 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:03:01.0609 3636 Kbdclass - ok

20:03:01.0656 3636 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

20:03:01.0781 3636 kbdhid - ok

20:03:01.0984 3636 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

20:03:02.0125 3636 kmixer - ok

20:03:02.0171 3636 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

20:03:02.0328 3636 KSecDD - ok

20:03:02.0328 3636 lbrtfdc - ok

20:03:02.0375 3636 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

20:03:02.0625 3636 ltmodem5 - ok

20:03:02.0765 3636 Maestro (65fef13327d25bc33af78178365c1412) C:\WINDOWS\system32\drivers\essm2e.sys

20:03:02.0906 3636 Maestro - ok

20:03:02.0937 3636 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

20:03:02.0953 3636 MBAMProtector - ok

20:03:03.0000 3636 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:03:03.0156 3636 mnmdd - ok

20:03:03.0203 3636 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

20:03:03.0343 3636 Modem - ok

20:03:03.0484 3636 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:03:03.0609 3636 Mouclass - ok

20:03:03.0687 3636 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:03:03.0843 3636 mouhid - ok

20:03:03.0859 3636 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

20:03:04.0015 3636 MountMgr - ok

20:03:04.0031 3636 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

20:03:04.0171 3636 mraid35x - ok

20:03:04.0281 3636 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:03:04.0421 3636 MRxDAV - ok

20:03:04.0484 3636 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:03:04.0546 3636 MRxSmb - ok

20:03:04.0765 3636 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

20:03:04.0890 3636 Msfs - ok

20:03:04.0921 3636 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:03:05.0046 3636 MSKSSRV - ok

20:03:05.0062 3636 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:03:05.0187 3636 MSPCLOCK - ok

20:03:05.0187 3636 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

20:03:05.0312 3636 MSPQM - ok

20:03:05.0437 3636 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:03:05.0546 3636 mssmbios - ok

20:03:05.0562 3636 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys

20:03:05.0671 3636 ms_mpu401 - ok

20:03:05.0718 3636 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

20:03:05.0859 3636 Mup - ok

20:03:05.0921 3636 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

20:03:06.0046 3636 NDIS - ok

20:03:06.0093 3636 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:03:06.0250 3636 NdisTapi - ok

20:03:06.0375 3636 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:03:06.0500 3636 Ndisuio - ok

20:03:06.0500 3636 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:03:06.0656 3636 NdisWan - ok

20:03:06.0703 3636 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

20:03:06.0750 3636 NDProxy - ok

20:03:06.0812 3636 NEOFLTR_710_19243 (eae1a063947f3df91910c759f7c070ab) C:\WINDOWS\system32\Drivers\NEOFLTR_710_19243.SYS

20:03:06.0843 3636 NEOFLTR_710_19243 - ok

20:03:06.0984 3636 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:03:07.0125 3636 NetBIOS - ok

20:03:07.0156 3636 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:03:07.0296 3636 NetBT - ok

20:03:07.0343 3636 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

20:03:07.0484 3636 NIC1394 - ok

20:03:07.0484 3636 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

20:03:07.0609 3636 Npfs - ok

20:03:07.0734 3636 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

20:03:07.0890 3636 Ntfs - ok

20:03:07.0937 3636 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:03:08.0078 3636 Null - ok

20:03:08.0203 3636 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:03:08.0328 3636 NwlnkFlt - ok

20:03:08.0328 3636 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:03:08.0468 3636 NwlnkFwd - ok

20:03:08.0500 3636 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

20:03:08.0609 3636 ohci1394 - ok

20:03:08.0687 3636 ONMACH2 - ok

20:03:08.0750 3636 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

20:03:08.0921 3636 P3 - ok

20:03:08.0953 3636 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

20:03:09.0093 3636 Parport - ok

20:03:09.0125 3636 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

20:03:09.0250 3636 PartMgr - ok

20:03:09.0390 3636 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

20:03:09.0515 3636 ParVdm - ok

20:03:09.0531 3636 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

20:03:09.0671 3636 PCI - ok

20:03:09.0781 3636 PCIDump - ok

20:03:09.0968 3636 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:03:10.0093 3636 PCIIde - ok

20:03:10.0140 3636 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

20:03:10.0265 3636 Pcmcia - ok

20:03:10.0359 3636 PDCOMP - ok

20:03:10.0359 3636 PDFRAME - ok

20:03:10.0375 3636 PDRELI - ok

20:03:10.0375 3636 PDRFRAME - ok

20:03:10.0390 3636 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

20:03:10.0531 3636 perc2 - ok

20:03:10.0531 3636 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

20:03:10.0640 3636 perc2hib - ok

20:03:10.0734 3636 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:03:10.0906 3636 PptpMiniport - ok

20:03:10.0937 3636 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

20:03:11.0078 3636 Processor - ok

20:03:11.0093 3636 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

20:03:11.0218 3636 PSched - ok

20:03:11.0359 3636 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:03:11.0468 3636 Ptilink - ok

20:03:11.0531 3636 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

20:03:11.0562 3636 PxHelp20 - ok

20:03:11.0578 3636 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

20:03:11.0718 3636 ql1080 - ok

20:03:11.0734 3636 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

20:03:11.0859 3636 Ql10wnt - ok

20:03:11.0859 3636 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

20:03:12.0000 3636 ql12160 - ok

20:03:12.0000 3636 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

20:03:12.0140 3636 ql1240 - ok

20:03:12.0140 3636 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

20:03:12.0281 3636 ql1280 - ok

20:03:12.0312 3636 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:03:12.0453 3636 RasAcd - ok

20:03:12.0593 3636 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

20:03:12.0640 3636 Rasirda - ok

20:03:12.0656 3636 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:03:12.0796 3636 Rasl2tp - ok

20:03:12.0812 3636 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:03:12.0953 3636 RasPppoe - ok

20:03:12.0953 3636 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:03:13.0078 3636 Raspti - ok

20:03:13.0109 3636 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:03:13.0265 3636 Rdbss - ok

20:03:13.0406 3636 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:03:13.0546 3636 RDPCDD - ok

20:03:13.0593 3636 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:03:13.0750 3636 rdpdr - ok

20:03:13.0796 3636 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

20:03:13.0921 3636 RDPWD - ok

20:03:14.0031 3636 redbook (d7e0211f71e9897e8a6ee222eae63458) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:03:14.0046 3636 redbook ( UnsignedFile.Multi.Generic ) - warning

20:03:14.0046 3636 redbook - detected UnsignedFile.Multi.Generic (1)

20:03:14.0109 3636 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:03:14.0171 3636 Secdrv - ok

20:03:14.0187 3636 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

20:03:14.0312 3636 serenum - ok

20:03:14.0328 3636 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

20:03:14.0453 3636 Serial - ok

20:03:14.0484 3636 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:03:14.0625 3636 Sfloppy - ok

20:03:14.0718 3636 Simbad - ok

20:03:14.0781 3636 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

20:03:14.0921 3636 sisagp - ok

20:03:14.0953 3636 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

20:03:15.0015 3636 SMCIRDA - ok

20:03:15.0046 3636 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

20:03:15.0109 3636 Sparrow - ok

20:03:15.0140 3636 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

20:03:15.0250 3636 splitter - ok

20:03:15.0375 3636 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

20:03:15.0453 3636 sr - ok

20:03:15.0515 3636 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

20:03:15.0562 3636 Srv - ok

20:03:15.0625 3636 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:03:15.0765 3636 swenum - ok

20:03:15.0906 3636 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

20:03:16.0062 3636 swmidi - ok

20:03:16.0109 3636 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

20:03:16.0234 3636 symc810 - ok

20:03:16.0234 3636 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

20:03:16.0359 3636 symc8xx - ok

20:03:16.0359 3636 Symmpi (24a0901cafcee7343ee62565bcfb7c9a) C:\WINDOWS\system32\DRIVERS\symmpi.sys

20:03:16.0437 3636 Symmpi - ok

20:03:16.0453 3636 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

20:03:16.0578 3636 sym_hi - ok

20:03:16.0671 3636 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

20:03:16.0796 3636 sym_u3 - ok

20:03:16.0843 3636 SynTP (13e0d1974ce03e88c265a68325cb16de) C:\WINDOWS\system32\DRIVERS\SynTP.sys

20:03:16.0906 3636 SynTP - ok

20:03:16.0937 3636 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

20:03:17.0046 3636 sysaudio - ok

20:03:17.0125 3636 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:03:17.0156 3636 Tcpip - ok

20:03:17.0296 3636 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:03:17.0406 3636 TDPIPE - ok

20:03:17.0437 3636 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

20:03:17.0546 3636 TDTCP - ok

20:03:17.0593 3636 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:03:17.0718 3636 TermDD - ok

20:03:17.0750 3636 tmcomm (587c57b7d65f5534a751932a3f72bd82) C:\WINDOWS\system32\drivers\tmcomm.sys

20:03:17.0781 3636 tmcomm - ok

20:03:17.0984 3636 TmFilter (717e406972bbc07f8fb2a989416cab73) C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys

20:03:18.0046 3636 TmFilter - ok

20:03:18.0218 3636 TmPreFilter (379c4f99994a56b66e11d1e32bb22a1c) C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys

20:03:18.0250 3636 TmPreFilter - ok

20:03:18.0687 3636 tmtdi (92f4fac931169f09c8415ad2deefac28) C:\WINDOWS\system32\DRIVERS\tmtdi.sys

20:03:18.0718 3636 tmtdi - ok

20:03:18.0890 3636 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

20:03:19.0015 3636 TosIde - ok

20:03:19.0265 3636 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

20:03:19.0484 3636 Udfs - ok

20:03:19.0781 3636 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

20:03:19.0906 3636 ultra - ok

20:03:20.0296 3636 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

20:03:20.0531 3636 Update - ok

20:03:20.0640 3636 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

20:03:20.0703 3636 USBAAPL - ok

20:03:20.0734 3636 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:03:20.0859 3636 usbccgp - ok

20:03:20.0906 3636 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:03:21.0046 3636 usbehci - ok

20:03:21.0187 3636 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:03:21.0296 3636 usbhub - ok

20:03:21.0312 3636 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

20:03:21.0421 3636 usbohci - ok

20:03:21.0468 3636 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:03:21.0593 3636 usbscan - ok

20:03:21.0625 3636 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:03:21.0750 3636 USBSTOR - ok

20:03:21.0765 3636 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:03:21.0890 3636 usbuhci - ok

20:03:22.0015 3636 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

20:03:22.0140 3636 VgaSave - ok

20:03:22.0187 3636 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

20:03:22.0328 3636 viaagp - ok

20:03:22.0390 3636 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

20:03:22.0515 3636 ViaIde - ok

20:03:22.0609 3636 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

20:03:22.0734 3636 VolSnap - ok

20:03:22.0890 3636 VSApiNt (642eb152cb980ad9181b2161066be629) C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys

20:03:22.0953 3636 VSApiNt - ok

20:03:23.0093 3636 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:03:23.0281 3636 Wanarp - ok

20:03:23.0328 3636 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

20:03:23.0406 3636 Wdf01000 - ok

20:03:23.0515 3636 WDICA - ok

20:03:23.0562 3636 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

20:03:23.0718 3636 wdmaud - ok

20:03:23.0781 3636 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

20:03:23.0875 3636 WmiAcpi - ok

20:03:23.0921 3636 MBR (0x1B8) (c9bf916068238d16f510107a5ad6b482) \Device\Harddisk0\DR0

20:03:24.0156 3636 \Device\Harddisk0\DR0 - ok

20:03:24.0156 3636 Boot (0x1200) (324fc1bfbcd5d0cbee86d2d6359779ad) \Device\Harddisk0\DR0\Partition0

20:03:24.0156 3636 \Device\Harddisk0\DR0\Partition0 - ok

20:03:24.0156 3636 ============================================================

20:03:24.0156 3636 Scan finished

20:03:24.0156 3636 ============================================================

20:03:24.0281 0328 Detected object count: 4

20:03:24.0281 0328 Actual detected object count: 4

20:03:38.0625 0328 AlKernel ( UnsignedFile.Multi.Generic ) - skipped by user

20:03:38.0625 0328 AlKernel ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:03:38.0625 0328 CCDevice ( UnsignedFile.Multi.Generic ) - skipped by user

20:03:38.0625 0328 CCDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:03:38.0625 0328 CWEnprobe ( UnsignedFile.Multi.Generic ) - skipped by user

20:03:38.0625 0328 CWEnprobe ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:03:38.0625 0328 redbook ( UnsignedFile.Multi.Generic ) - skipped by user

20:03:38.0625 0328 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check. Check the Scan All Users too.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Link to post
Share on other sites

Maniac,

Here are the results of the OTL scan. The OTL.txt is first.

OTL logfile created on: 12/7/2011 6:56:10 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\storeoff\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 63.61% Memory free

2.19 Gb Paging File | 1.63 Gb Available in Paging File | 74.56% Paging File free

Paging file location(s): C:\pagefile.sys 480 960 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 52.08 Gb Free Space | 69.88% Space Free | Partition Type: NTFS

Computer Name: OFSTEVEIP-L02 | User Name: storeoff | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\storeoff\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\storeoff\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe (Trend Micro Inc.)

PRC - C:\WINDOWS\Temp\JZA2AD.EXE (Trend Micro Inc.)

PRC - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe (Altiris, Inc.)

PRC - C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe (Altiris, Inc.)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\altiris\aclient\ACLIENT.EXE (Altiris, Inc.)

PRC - C:\Program Files\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.)

PRC - C:\WINDOWS\system32\lxdicoms.exe ( )

PRC - C:\Program Files\Compuware\ApplicationVantage Agent\OPTSA.exe (Compuware)

PRC - C:\Program Files\Altiris\Carbon Copy\Client.exe (Altiris)

PRC - C:\Program Files\Altiris\Carbon Copy\ShellKer.exe (Altiris)

PRC - C:\WINDOWS\system32\CCSRVC.exe (Altiris)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Documents and Settings\storeoff\Application Data\SanDisk\My Vaults\dmBackup.dll ()

MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\WINDOWS\system32\preflib.dll ()

MOD - C:\WINDOWS\system32\bcm1xsup.dll ()

MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdidrpp.dll ()

MOD - C:\Program Files\Compuware\ApplicationVantage Agent\libeay32.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (TmProxy) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.)

SRV - (tmlisten) -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe (Trend Micro Inc.)

SRV - (ntrtscan) -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe (Trend Micro Inc.)

SRV - (AeXNSClient) -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe (Altiris, Inc.)

SRV - (AClient) -- C:\Altiris\AClient\AClient.exe (Altiris, Inc.)

SRV - (lxdi_device) -- C:\WINDOWS\System32\lxdicoms.exe ( )

SRV - (VantageAgent) -- C:\Program Files\Compuware\ApplicationVantage Agent\OPTSA.exe (Compuware)

SRV - (CarbonCopyScheduler) -- C:\WINDOWS\system32\SchdSrvc.exe (Altiris)

SRV - (CarbonCopy32) -- C:\WINDOWS\system32\CCSRVC.exe (Altiris)

========== Driver Services (SafeList) ==========

DRV - (NEOFLTR_710_19243) Juniper Networks TDI Filter Driver (NEOFLTR_710_19243) -- C:\WINDOWS\system32\drivers\NEOFLTR_710_19243.SYS (Juniper Networks)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (TmFilter) -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys (Trend Micro Inc.)

DRV - (TmPreFilter) -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys (Trend Micro Inc.)

DRV - (VSApiNt) -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys (Trend Micro Inc.)

DRV - (AlKernel) -- C:\WINDOWS\system32\drivers\AlKernel.sys ()

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)

DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (ahcix86) -- C:\WINDOWS\system32\DRIVERS\ahcix86.sys (Advanced Micro Devices, Inc)

DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys ()

DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)

DRV - (Maestro) ESS Maestro2E Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\essm2e.sys (ESS Technology, Inc.)

DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)

DRV - (Accelerometer) -- C:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)

DRV - (hpdskflt) -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)

DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)

DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)

DRV - (CWEnprobe) -- C:\WINDOWS\system32\drivers\cwenprobe.sys (Compuware Corporation)

DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)

DRV - (CCDevice) -- C:\WINDOWS\System32\drivers\CCDevice.sys (Altiris)

DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

DRV - (atimpab) -- C:\WINDOWS\system32\drivers\atimpab.sys (ATI Technologies Inc.)

DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://remotevpn.meijer.com/dana-na/auth/url_default/welcome.cgi

IE - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\storeoff\Application Data\Mozilla\Firefox\Profiles\cnz9ujpu.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/04 21:03:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010/09/08 17:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\storeoff\Application Data\Mozilla\Extensions

[2011/01/26 18:00:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\storeoff\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/12/04 21:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/12/04 21:03:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/11/20 20:04:05 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/20 20:04:05 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2011/11/20 20:04:05 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2011/11/20 20:04:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2011/11/20 20:04:05 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gears.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: SOE Web Installer (Enabled) = C:\Documents and Settings\storeoff\Application Data\Mozilla\Firefox\Profiles\cnz9ujpu.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll

CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\storeoff\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll

CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: DivX HiQ = C:\Documents and Settings\storeoff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\storeoff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2011/12/05 20:37:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Broadcom Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005..\Run: [sanDiskSecureAccess_Manager.exe] C:\Documents and Settings\storeoff\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)

O4 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0

O7 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0

O7 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0

O7 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0

O7 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0

O7 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0

O7 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0

O7 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0

O7 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0

O7 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: //system/ ([]hcp in Local intranet)

O15 - HKLM\..Trusted Domains: 21cii.com ([update] https in Trusted sites)

O15 - HKLM\..Trusted Domains: csc-fsg.com ([rmx-meijer] https in Trusted sites)

O15 - HKLM\..Trusted Domains: lifung.com ([]https in Trusted sites)

O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKLM\..Trusted Domains: localhost ([]https in Local intranet)

O15 - HKLM\..Trusted Domains: meijer.com ([]* in Local intranet)

O15 - HKLM\..Trusted Domains: meijer.com ([apps] http in Trusted sites)

O15 - HKLM\..Trusted Domains: meijer.com ([ccowbc] http in Trusted sites)

O15 - HKLM\..Trusted Domains: meijer.com ([cowbcdev] http in Trusted sites)

O15 - HKLM\..Trusted Domains: meijer.com ([devtech] http in Trusted sites)

O15 - HKLM\..Trusted Domains: meijer.com ([lcowbc] http in Trusted sites)

O15 - HKLM\..Trusted Domains: meijer.com ([poswebdev] http in Trusted sites)

O15 - HKLM\..Trusted Domains: meijer.com ([remotevpn] http in Trusted sites)

O15 - HKLM\..Trusted Domains: meijer.com ([remotevpn] https in Trusted sites)

O15 - HKLM\..Trusted Domains: meijer.com ([storeapps] http in Trusted sites)

O15 - HKLM\..Trusted Domains: meijer.com ([timerecording] http in Trusted sites)

O15 - HKLM\..Trusted Domains: meijer.com ([timerecording03] http in Trusted sites)

O15 - HKLM\..Trusted Domains: microsoft.com ([msops] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mvs-e-filing.com ([]https in Trusted sites)

O15 - HKLM\..Trusted Domains: navigant.com ([reporflyr2] https in Trusted sites)

O15 - HKLM\..Trusted Domains: w0982ewebs0180 ([]http in Trusted sites)

O15 - HKLM\..Trusted Domains: w0982iappv0208 ([]http in Trusted sites)

O15 - HKLM\..Trusted Domains: warnerbros.com ([marsdownload] https in Trusted sites)

O15 - HKLM\..Trusted Ranges: Range1 ([https] in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: //system/ ([]hcp in Local intranet)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: 21cii.com ([update] http in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: 21cii.com ([update] https in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: csc-fsg.com ([rmx-meijer] https in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: lifung.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: localhost ([]https in Local intranet)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: meijer.com ([]* in Local intranet)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: meijer.com ([apps] http in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: meijer.com ([ccowbc] http in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: meijer.com ([cowbcdev] http in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: meijer.com ([devtech] http in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: meijer.com ([lcowbc] http in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: meijer.com ([poswebdev] http in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: meijer.com ([remotevpn] http in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: meijer.com ([remotevpn] https in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: meijer.com ([storeapps] http in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: meijer.com ([timerecording] http in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: meijer.com ([timerecording03] http in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: microsoft.com ([msops] http in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: mvs-e-filing.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: navigant.com ([reporflyr2] https in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: w0982ewebs0180 ([]http in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: w0982iappv0208 ([]http in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Domains: warnerbros.com ([marsdownload] https in Trusted sites)

O15 - HKU\S-1-5-21-1983875437-3072259679-2064708728-1005\..Trusted Ranges: Range1 ([https] in Trusted sites)

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (none) (Macromedia Authorware Web Player Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remotevpn.meijer.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CAC2E44-911E-4389-9ACE-7E901A3A8B0C}: DhcpNameServer = 68.94.156.1 68.94.157.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\AMInit.dll) -C:\WINDOWS\system32\AMInit.dll (Altiris, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [1980/03/10 01:21:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/07 06:50:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\storeoff\Desktop\OTL.exe

[2011/12/06 20:01:07 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\storeoff\Desktop\tdsskiller.exe

[2011/12/06 17:00:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/12/05 20:13:49 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/12/05 20:09:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/12/05 20:09:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/12/05 20:09:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/12/05 20:09:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/12/05 20:09:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/12/05 20:07:45 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/12/05 20:02:19 | 004,329,111 | R--- | C] (Swearware) -- C:\Documents and Settings\storeoff\Desktop\ComboFix.exe

[2011/12/04 21:48:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\storeoff\Start Menu\Programs\Administrative Tools

[2011/12/04 21:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2011/12/04 19:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/12/04 19:22:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/12/04 18:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\storeoff\Start Menu\Programs\HiJackThis

[2011/12/04 14:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/12/04 14:29:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\storeoff\Recent

[2011/12/02 14:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\storeoff\Application Data\Malwarebytes

[2011/12/02 14:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/12/02 14:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/12/02 09:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2011/12/01 22:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\storeoff\Start Menu\Programs\Revo Uninstaller

[2011/12/01 17:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/12/01 17:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/12/01 17:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/11/24 12:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\storeoff\Start Menu\Programs\EvilLyrics

[2011/11/24 12:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\EvilLyrics

[2011/11/24 12:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\storeoff\My Documents\EvilLyrics

[2011/11/24 11:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

[2011/11/24 11:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2011/11/24 11:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/11/24 11:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/11/08 12:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\storeoff\My Vaults

[2007/06/11 09:14:53 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiih.exe

[2007/06/11 09:14:51 | 000,517,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicoms.exe

[2007/06/11 09:14:49 | 000,340,912 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicfg.exe

[2007/05/17 10:06:54 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll

[2007/05/17 10:05:36 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll

[2007/05/17 10:00:53 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll

[2007/05/17 10:00:50 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll

[2007/05/17 10:00:07 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll

[2007/05/17 09:58:54 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll

[2007/05/17 09:58:37 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll

[2007/05/17 09:58:11 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll

[2007/05/17 09:55:16 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll

[2007/05/17 09:55:11 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll

[2007/05/17 09:54:15 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/07 06:50:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\storeoff\Desktop\OTL.exe

[2011/12/07 06:46:48 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/07 06:46:28 | 000,001,435 | ---- | M] () -- C:\AClient.cfg

[2011/12/07 06:44:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/07 06:44:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/12/06 23:29:59 | 000,016,892 | ---- | M] () -- C:\WINDOWS\cfgall.ini

[2011/12/06 23:28:53 | 000,000,398 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6DCBFFD3-7068-4A9D-8CBB-B77DB80DC221}.job

[2011/12/06 20:01:12 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\storeoff\Desktop\tdsskiller.exe

[2011/12/06 17:49:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\client.INI

[2011/12/05 20:37:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/12/05 20:19:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/12/05 20:14:02 | 000,000,355 | RHS- | M] () -- C:\boot.ini

[2011/12/05 20:02:33 | 004,329,111 | R--- | M] (Swearware) -- C:\Documents and Settings\storeoff\Desktop\ComboFix.exe

[2011/12/04 22:37:42 | 000,011,457 | ---- | M] () -- C:\Documents and Settings\storeoff\Desktop\malwarebytes.zip

[2011/12/04 21:03:46 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\storeoff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/12/04 21:03:46 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/12/04 20:20:28 | 000,001,726 | -H-- | M] () -- C:\Documents and Settings\storeoff\My Documents\Default.rdp

[2011/12/04 20:13:02 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\storeoff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/04 19:22:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/12/04 18:34:59 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\storeoff\Desktop\HiJackThis.lnk

[2011/12/04 18:28:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/12/04 15:34:58 | 000,000,239 | ---- | M] () -- C:\Boot.bak

[2011/12/04 14:30:14 | 000,441,908 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/12/04 14:30:14 | 000,071,572 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/12/04 14:28:14 | 000,001,070 | RHS- | M] () -- C:\Documents and Settings\storeoff\ntuser.pol

[2011/12/04 14:28:05 | 000,000,888 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2011/12/02 14:10:51 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\05431k.dat

[2011/12/01 22:13:30 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\storeoff\Desktop\Revo Uninstaller.lnk

[2011/12/01 22:01:10 | 000,014,422 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3j32yw3y18d132

[2011/12/01 21:47:24 | 000,014,372 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3j32yw3y18d132.OLD

[2011/11/24 12:06:02 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\storeoff\Application Data\Microsoft\Internet Explorer\Quick Launch\EvilLyrics.lnk

[2011/11/24 12:06:02 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\storeoff\Desktop\EvilLyrics.lnk

[2011/11/24 11:44:09 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2011/11/24 11:40:21 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/11/24 11:31:52 | 000,000,629 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf

[2011/11/21 08:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/06 17:49:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\client.INI

[2011/12/05 20:14:02 | 000,000,239 | ---- | C] () -- C:\Boot.bak

[2011/12/05 20:13:59 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/12/05 20:09:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/12/05 20:09:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/12/05 20:09:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/12/05 20:09:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/12/05 20:09:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/12/04 22:37:42 | 000,011,457 | ---- | C] () -- C:\Documents and Settings\storeoff\Desktop\malwarebytes.zip

[2011/12/04 21:03:46 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\storeoff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/12/04 21:03:46 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2011/12/04 21:03:46 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/12/04 19:22:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/12/04 18:34:47 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\storeoff\Desktop\HiJackThis.lnk

[2011/12/01 22:13:30 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\storeoff\Desktop\Revo Uninstaller.lnk

[2011/12/01 21:59:06 | 000,014,422 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3j32yw3y18d132

[2011/12/01 17:50:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/12/01 16:56:36 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\05431k.dat

[2011/12/01 16:44:37 | 000,014,372 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3j32yw3y18d132.OLD

[2011/11/24 12:06:02 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\storeoff\Application Data\Microsoft\Internet Explorer\Quick Launch\EvilLyrics.lnk

[2011/11/24 12:06:02 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\storeoff\Desktop\EvilLyrics.lnk

[2011/11/24 11:44:09 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2011/11/24 11:40:21 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/11/08 12:54:16 | 000,144,672 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/10/23 10:24:38 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\storeoff\Application Data\.backup.dm

[2011/10/14 05:45:17 | 000,046,356 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/06/04 22:18:26 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxdicoin.dll

[2011/05/21 22:34:17 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe

[2011/05/17 14:21:41 | 000,015,498 | -HS- | C] () -- C:\Documents and Settings\storeoff\Local Settings\Application Data\8s7h0376ile

[2010/09/10 05:34:52 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\storeoff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/08 17:35:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/09/07 12:48:25 | 000,000,258 | ---- | C] () -- C:\Program Files\Altiră

[2010/08/31 14:41:46 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2010/08/31 14:41:45 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE

[2010/08/31 14:41:44 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2010/08/31 14:22:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2010/08/31 14:22:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2010/08/31 14:22:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2010/08/31 14:22:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2010/08/31 14:22:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2010/08/31 14:22:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2010/08/31 14:03:48 | 000,000,292 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2010/08/31 14:03:22 | 000,002,401 | ---- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys

[2010/08/31 14:03:02 | 000,016,892 | ---- | C] () -- C:\WINDOWS\cfgall.ini

[2007/05/22 02:04:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll

[2007/05/04 08:17:38 | 000,000,137 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI

[2007/02/02 07:40:12 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat

[2007/01/30 04:21:34 | 000,128,813 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2006/08/01 00:53:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll

[2005/01/31 14:07:48 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\mjrCOJetSortScan.dll

[2004/05/17 22:30:56 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\Unity201202.dll

[2003/10/09 08:22:44 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\mjrCOAutoCheckIN.exe

[2003/06/13 13:31:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\mjrImpressChecks.dll

[2001/08/27 20:59:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CheckVer.dll

[2001/03/02 09:25:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\wtrantcp.dll

[1980/03/10 02:54:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[1980/03/10 02:54:26 | 000,441,908 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[1980/03/10 02:54:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[1980/03/10 02:54:26 | 000,071,572 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[1980/03/10 02:54:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[1980/03/10 02:54:23 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[1980/03/10 02:54:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[1980/03/10 02:54:17 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[1980/03/10 02:54:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[1980/03/10 02:54:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[1980/03/10 02:53:33 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[1980/03/10 02:53:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[1980/03/10 02:12:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[1980/03/10 01:27:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[1980/03/10 01:16:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[1980/03/09 20:12:09 | 000,057,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys

[1980/03/09 20:08:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[1980/03/09 20:06:50 | 000,225,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/10/23 10:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk

[2010/08/31 14:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Compuware

[2011/09/21 15:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks

[2011/01/25 15:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

[2011/08/19 21:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2011/06/13 13:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir.ninja

[2010/10/17 10:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/08/31 14:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ICAClient

[2011/08/18 10:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\storeoff\Application Data\.minecraft

[2011/03/20 14:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\storeoff\Application Data\DDMSettings

[2011/07/08 07:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\storeoff\Application Data\ElevatedDiagnostics

[2010/09/07 12:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\storeoff\Application Data\ICAClient

[2011/10/14 04:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\storeoff\Application Data\Juniper Networks

[2011/11/08 12:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\storeoff\Application Data\SanDisk

[2011/04/16 14:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\storeoff\Application Data\Sony Online Entertainment

[2010/12/31 02:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\storeoff\Application Data\Tific

[2011/03/26 21:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\storeoff\Application Data\Unity

[2011/12/06 23:28:53 | 000,000,398 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6DCBFFD3-7068-4A9D-8CBB-B77DB80DC221}.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 12/7/2011 6:56:10 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\storeoff\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 63.61% Memory free

2.19 Gb Paging File | 1.63 Gb Available in Paging File | 74.56% Paging File free

Paging file location(s): C:\pagefile.sys 480 960 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 52.08 Gb Free Space | 69.88% Space Free | Partition Type: NTFS

Computer Name: OFSTEVEIP-L02 | User Name: storeoff | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"2408:TCP" = 2408:TCP:*:Enabled:ApplicationVantage Agent

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Documents and Settings\storeoff\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\storeoff\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)

"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- (Juniper Networks)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{021DC6F9-32C2-4E22-AF4E-C8F3D6EE94B4}" = Authorware Web Player

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{2851123E-5786-41BE-A3F1-A9B21E499EEB}" = Altiris Task Synchronization Agent

"{2CCA5D08-0F7A-457F-A939-E1175DFCCDA3}" = Compuware ApplicationVantage Agent 9.8 Build 201

"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A702DA1-9E48-4346-8030-26B399CCFA8C}" = Altiris Application Metering Agent

"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{66E3BA00-6B3D-466B-96FA-6309A7F42BB0}" = Adobe Flash Player 10 ActiveX

"{71690082-2BEF-4B36-87B6-C705091E7562}" = Altiris State Management Agent

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{81419E57-5C77-406F-A3F9-EA5D6DB26CA7}" = Web Applications

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel

"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007

"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5

"{A0A1EB01-A6FD-423A-8480-364055A7C961}" = Altiris Software Delivery Solution Agent

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BC13AD87-65E7-4963-A2DA-1ED419D3DC34}" = Altiris Carbon Copy Solution Agent

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E89956F9-5B89-470E-818D-BD46102D0A01}" = Citrix Presentation Server Client

"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Altiris Carbon Copy Solution Agent 6.1" = Altiris Carbon Copy Solution Agent 6.1

"ATI Display Driver" = ATI Display Driver

"Broadcom 802.11 Application" = Broadcom Wireless Utility

"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter

"CCleaner" = CCleaner

"DivX Setup.divx.com" = DivX Setup

"ESET Online Scanner" = ESET Online Scanner v3

"EvilLyrics" = EvilLyrics

"Google Chrome" = Google Chrome

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)

"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OfficeScanNT" = Trend Micro OfficeScan Client

"PROPLUS" = Microsoft Office Professional Plus 2007

"Revo Uninstaller" = Revo Uninstaller 1.93

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1983875437-3072259679-2064708728-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe

"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client

"Juniper_Term_Services" = Juniper Terminal Services Client

"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Link to post
Share on other sites

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
[2011/12/02 14:10:51 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\05431k.dat
[2011/12/01 22:01:10 | 000,014,422 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3j32yw3y18d132
[2011/12/01 21:47:24 | 000,014,372 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3j32yw3y18d132.OLD
[2011/05/17 14:21:41 | 000,015,498 | -HS- | C] () -- C:\Documents and Settings\storeoff\Local Settings\Application Data\8s7h0376ile

:Commands
[emptytemp]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

Maniac,

I followed your instructions. Only, OTL.exe requested a reboot when the run of the fix was complete. I complied and when it booted back up I had to approve starting OTL.exe again. Once the application came up the log did as well. Here are the contents of the log.

Thanks,

All processes killed

========== OTL ==========

C:\Documents and Settings\All Users\Application Data\05431k.dat moved successfully.

C:\Documents and Settings\All Users\Application Data\3j32yw3y18d132 moved successfully.

C:\Documents and Settings\All Users\Application Data\3j32yw3y18d132.OLD moved successfully.

C:\Documents and Settings\storeoff\Local Settings\Application Data\8s7h0376ile moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 15222 bytes

->Flash cache emptied: 32713 bytes

User: storeoff

->Temp folder emptied: 664836 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 57806342 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 8607 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 361760 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 56.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 12082011_193240

Files\Folders moved on Reboot...

C:\WINDOWS\temp\Perflib_Perfdata_670.dat moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

Here are the logs...

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8352

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

12/11/2011 2:31:22 PM

mbam-log-2011-12-11 (14-31-22).txt

Scan type: Quick scan

Objects scanned: 174992

Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=7.00.6000.17096 (vista_gdr.110211-1830)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=7cd89ac092e5dc4594b511ef0495bd0e

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-11 08:26:41

# local_time=2011-12-11 03:26:41 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 507669 507669 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=62491

# found=1

# cleaned=0

# scan_time=3044

C:\WINDOWS\system32\drivers\redbook.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

I hope that I understood your instructions properly. I deleted TDSKiller and downloaded it again. I ran TDSKiller, following the same instructions as before. This time a malicious file was found and cured. Here is the resulting log.

18:52:39.0336 3040 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

18:52:40.0242 3040 ============================================================

18:52:40.0242 3040 Current date / time: 2011/12/12 18:52:40.0242

18:52:40.0242 3040 SystemInfo:

18:52:40.0242 3040

18:52:40.0242 3040 OS Version: 5.1.2600 ServicePack: 3.0

18:52:40.0242 3040 Product type: Workstation

18:52:40.0242 3040 ComputerName: OFSTEVEIP-L02

18:52:40.0242 3040 UserName: storeoff

18:52:40.0242 3040 Windows directory: C:\WINDOWS

18:52:40.0242 3040 System windows directory: C:\WINDOWS

18:52:40.0242 3040 Processor architecture: Intel x86

18:52:40.0242 3040 Number of processors: 2

18:52:40.0242 3040 Page size: 0x1000

18:52:40.0242 3040 Boot type: Normal boot

18:52:40.0242 3040 ============================================================

18:52:42.0883 3040 Initialize success

18:53:16.0898 3712 ============================================================

18:53:16.0898 3712 Scan started

18:53:16.0898 3712 Mode: Manual; SigCheck; TDLFS;

18:53:16.0898 3712 ============================================================

18:53:17.0352 3712 Abiosdsk - ok

18:53:17.0414 3712 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

18:53:19.0695 3712 abp480n5 - ok

18:53:19.0805 3712 Accelerometer (2ad11b75224bc6c54735fb6853105b8b) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys

18:53:19.0898 3712 Accelerometer - ok

18:53:19.0961 3712 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:53:20.0133 3712 ACPI - ok

18:53:20.0227 3712 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

18:53:20.0367 3712 ACPIEC - ok

18:53:20.0414 3712 ADIHdAudAddService (be4beb3fde3edfad4ef2760722717b0f) C:\WINDOWS\system32\drivers\ADIHdAud.sys

18:53:20.0477 3712 ADIHdAudAddService - ok

18:53:20.0602 3712 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

18:53:20.0742 3712 adpu160m - ok

18:53:20.0758 3712 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys

18:53:20.0820 3712 AEAudio - ok

18:53:20.0852 3712 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:53:21.0008 3712 aec - ok

18:53:21.0102 3712 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

18:53:21.0180 3712 AFD - ok

18:53:21.0336 3712 AgereSoftModem (90456051c422e09bc36e6340dd891f0c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

18:53:21.0492 3712 AgereSoftModem - ok

18:53:21.0602 3712 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

18:53:21.0805 3712 agp440 - ok

18:53:21.0883 3712 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

18:53:22.0055 3712 agpCPQ - ok

18:53:22.0055 3712 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

18:53:22.0117 3712 Aha154x - ok

18:53:22.0133 3712 ahcix86 (3936a49ecb74cf23bbb6979cd683dd56) C:\WINDOWS\system32\DRIVERS\ahcix86.sys

18:53:22.0242 3712 ahcix86 - ok

18:53:22.0242 3712 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

18:53:22.0398 3712 aic78u2 - ok

18:53:22.0398 3712 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

18:53:22.0555 3712 aic78xx - ok

18:53:22.0570 3712 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

18:53:22.0711 3712 AliIde - ok

18:53:22.0742 3712 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

18:53:22.0898 3712 alim1541 - ok

18:53:23.0055 3712 AlKernel (06112696a1b06692939cf087d1f1c84e) C:\WINDOWS\system32\Drivers\AlKernel.sys

18:53:23.0070 3712 AlKernel ( UnsignedFile.Multi.Generic ) - warning

18:53:23.0070 3712 AlKernel - detected UnsignedFile.Multi.Generic (1)

18:53:23.0102 3712 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

18:53:23.0258 3712 amdagp - ok

18:53:23.0273 3712 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

18:53:23.0352 3712 amsint - ok

18:53:23.0398 3712 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

18:53:23.0586 3712 Arp1394 - ok

18:53:23.0586 3712 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

18:53:23.0758 3712 asc - ok

18:53:23.0867 3712 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

18:53:23.0930 3712 asc3350p - ok

18:53:23.0945 3712 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

18:53:24.0102 3712 asc3550 - ok

18:53:24.0164 3712 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:53:24.0320 3712 AsyncMac - ok

18:53:24.0320 3712 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:53:24.0461 3712 atapi - ok

18:53:24.0477 3712 Atdisk - ok

18:53:24.0586 3712 ati2mtag (a1789368b4a31d2111af7aeda0c8d3fc) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

18:53:24.0680 3712 ati2mtag - ok

18:53:24.0789 3712 atimpab (8d70c26425fde49ddce5bb2cf25b8df2) C:\WINDOWS\system32\DRIVERS\atimpab.sys

18:53:25.0055 3712 atimpab - ok

18:53:25.0070 3712 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:53:25.0227 3712 Atmarpc - ok

18:53:25.0273 3712 ATSWPDRV (002ecb6f1197a7754cc87f2073f41841) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys

18:53:25.0336 3712 ATSWPDRV - ok

18:53:25.0445 3712 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:53:25.0602 3712 audstub - ok

18:53:25.0664 3712 b57w2k (133ad3794572bce689763a8356c7ed06) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

18:53:25.0742 3712 b57w2k - ok

18:53:25.0852 3712 BCM43XX (fe4ed785396eaa554c561992106a35fa) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

18:53:26.0055 3712 BCM43XX - ok

18:53:26.0180 3712 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:53:26.0352 3712 Beep - ok

18:53:26.0367 3712 catchme - ok

18:53:26.0398 3712 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

18:53:26.0555 3712 cbidf - ok

18:53:26.0570 3712 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:53:26.0695 3712 cbidf2k - ok

18:53:26.0805 3712 CCDevice (f68d9209421c0a8a78d082cedd05bef8) C:\WINDOWS\system32\drivers\CCDevice.sys

18:53:26.0820 3712 CCDevice ( UnsignedFile.Multi.Generic ) - warning

18:53:26.0820 3712 CCDevice - detected UnsignedFile.Multi.Generic (1)

18:53:26.0820 3712 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

18:53:26.0898 3712 cd20xrnt - ok

18:53:27.0023 3712 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:53:27.0164 3712 Cdaudio - ok

18:53:27.0211 3712 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:53:27.0352 3712 Cdfs - ok

18:53:27.0414 3712 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:53:27.0586 3712 Cdrom - ok

18:53:27.0586 3712 Changer - ok

18:53:27.0695 3712 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

18:53:27.0852 3712 CmBatt - ok

18:53:27.0977 3712 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

18:53:28.0133 3712 CmdIde - ok

18:53:28.0133 3712 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

18:53:28.0289 3712 Compbatt - ok

18:53:28.0383 3712 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

18:53:28.0539 3712 Cpqarray - ok

18:53:28.0602 3712 CWEnprobe (89e9f9ad6604ac6355b007a812b3a68c) C:\WINDOWS\system32\DRIVERS\cwenprobe.sys

18:53:28.0648 3712 CWEnprobe ( UnsignedFile.Multi.Generic ) - warning

18:53:28.0648 3712 CWEnprobe - detected UnsignedFile.Multi.Generic (1)

18:53:28.0742 3712 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

18:53:28.0930 3712 dac2w2k - ok

18:53:28.0961 3712 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

18:53:29.0133 3712 dac960nt - ok

18:53:29.0258 3712 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:53:29.0398 3712 Disk - ok

18:53:29.0461 3712 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:53:29.0648 3712 dmboot - ok

18:53:29.0773 3712 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:53:29.0945 3712 dmio - ok

18:53:29.0977 3712 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:53:30.0117 3712 dmload - ok

18:53:30.0164 3712 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:53:30.0320 3712 DMusic - ok

18:53:30.0430 3712 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

18:53:30.0570 3712 dpti2o - ok

18:53:30.0570 3712 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:53:30.0695 3712 drmkaud - ok

18:53:30.0727 3712 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

18:53:30.0883 3712 E100B - ok

18:53:30.0977 3712 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys

18:53:31.0039 3712 eabusb - ok

18:53:31.0086 3712 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:53:31.0242 3712 Fastfat - ok

18:53:31.0367 3712 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:53:31.0523 3712 Fdc - ok

18:53:31.0555 3712 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:53:31.0711 3712 Fips - ok

18:53:31.0742 3712 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:53:31.0883 3712 Flpydisk - ok

18:53:32.0008 3712 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

18:53:32.0148 3712 FltMgr - ok

18:53:32.0195 3712 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:53:32.0352 3712 Fs_Rec - ok

18:53:32.0367 3712 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:53:32.0508 3712 Ftdisk - ok

18:53:32.0539 3712 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

18:53:32.0680 3712 gameenum - ok

18:53:32.0867 3712 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

18:53:32.0883 3712 GEARAspiWDM - ok

18:53:32.0930 3712 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:53:33.0086 3712 Gpc - ok

18:53:33.0195 3712 HBtnKey (fc657b7751729efe54e2ff24f50e5bab) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

18:53:33.0227 3712 HBtnKey - ok

18:53:33.0258 3712 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

18:53:33.0383 3712 HDAudBus - ok

18:53:33.0539 3712 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:53:33.0680 3712 HidUsb - ok

18:53:33.0789 3712 hpdskflt (b5e68a5d9e0aac82e4ddd340e1f0274a) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys

18:53:33.0836 3712 hpdskflt - ok

18:53:33.0852 3712 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

18:53:33.0992 3712 hpn - ok

18:53:34.0086 3712 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys

18:53:34.0227 3712 HpqKbFiltr - ok

18:53:34.0367 3712 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

18:53:34.0523 3712 HTTP - ok

18:53:34.0539 3712 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

18:53:34.0695 3712 i2omgmt - ok

18:53:34.0742 3712 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

18:53:34.0867 3712 i2omp - ok

18:53:34.0914 3712 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:53:35.0070 3712 i8042prt - ok

18:53:35.0195 3712 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

18:53:35.0492 3712 iaStor - ok

18:53:35.0602 3712 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

18:53:35.0680 3712 IFXTPM - ok

18:53:35.0742 3712 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:53:35.0898 3712 Imapi - ok

18:53:35.0945 3712 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

18:53:36.0117 3712 ini910u - ok

18:53:36.0195 3712 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

18:53:36.0320 3712 IntelIde - ok

18:53:36.0352 3712 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

18:53:36.0508 3712 Ip6Fw - ok

18:53:36.0539 3712 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:53:36.0695 3712 IpFilterDriver - ok

18:53:36.0773 3712 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:53:36.0898 3712 IpInIp - ok

18:53:36.0930 3712 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:53:37.0070 3712 IpNat - ok

18:53:37.0133 3712 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:53:37.0273 3712 IPSec - ok

18:53:37.0320 3712 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

18:53:37.0414 3712 irda - ok

18:53:37.0570 3712 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:53:37.0648 3712 IRENUM - ok

18:53:37.0695 3712 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:53:37.0867 3712 isapnp - ok

18:53:37.0914 3712 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:53:38.0055 3712 Kbdclass - ok

18:53:38.0102 3712 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:53:38.0227 3712 kbdhid - ok

18:53:38.0352 3712 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:53:38.0492 3712 kmixer - ok

18:53:38.0539 3712 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

18:53:38.0695 3712 KSecDD - ok

18:53:38.0695 3712 lbrtfdc - ok

18:53:38.0742 3712 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

18:53:38.0992 3712 ltmodem5 - ok

18:53:39.0086 3712 Maestro (65fef13327d25bc33af78178365c1412) C:\WINDOWS\system32\drivers\essm2e.sys

18:53:39.0242 3712 Maestro - ok

18:53:39.0273 3712 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

18:53:39.0305 3712 MBAMProtector - ok

18:53:39.0320 3712 MBAMSwissArmy - ok

18:53:39.0367 3712 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:53:39.0508 3712 mnmdd - ok

18:53:39.0523 3712 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:53:39.0680 3712 Modem - ok

18:53:39.0805 3712 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:53:39.0945 3712 Mouclass - ok

18:53:39.0977 3712 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:53:40.0133 3712 mouhid - ok

18:53:40.0164 3712 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:53:40.0320 3712 MountMgr - ok

18:53:40.0336 3712 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

18:53:40.0461 3712 mraid35x - ok

18:53:40.0570 3712 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:53:40.0727 3712 MRxDAV - ok

18:53:40.0805 3712 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:53:40.0883 3712 MRxSmb - ok

18:53:40.0992 3712 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:53:41.0133 3712 Msfs - ok

18:53:41.0164 3712 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:53:41.0305 3712 MSKSSRV - ok

18:53:41.0305 3712 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:53:41.0430 3712 MSPCLOCK - ok

18:53:41.0430 3712 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:53:41.0555 3712 MSPQM - ok

18:53:41.0602 3712 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:53:41.0727 3712 mssmbios - ok

18:53:41.0820 3712 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys

18:53:41.0930 3712 ms_mpu401 - ok

18:53:41.0977 3712 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

18:53:42.0117 3712 Mup - ok

18:53:42.0180 3712 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:53:42.0336 3712 NDIS - ok

18:53:42.0367 3712 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:53:42.0523 3712 NdisTapi - ok

18:53:42.0633 3712 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:53:42.0758 3712 Ndisuio - ok

18:53:42.0758 3712 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:53:42.0898 3712 NdisWan - ok

18:53:42.0930 3712 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:53:42.0992 3712 NDProxy - ok

18:53:43.0039 3712 NEOFLTR_710_19243 (eae1a063947f3df91910c759f7c070ab) C:\WINDOWS\system32\Drivers\NEOFLTR_710_19243.SYS

18:53:43.0070 3712 NEOFLTR_710_19243 - ok

18:53:43.0133 3712 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:53:43.0273 3712 NetBIOS - ok

18:53:43.0367 3712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:53:43.0523 3712 NetBT - ok

18:53:43.0570 3712 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

18:53:43.0711 3712 NIC1394 - ok

18:53:43.0742 3712 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:53:43.0883 3712 Npfs - ok

18:53:43.0992 3712 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:53:44.0180 3712 Ntfs - ok

18:53:44.0227 3712 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:53:44.0352 3712 Null - ok

18:53:44.0461 3712 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:53:44.0617 3712 NwlnkFlt - ok

18:53:44.0664 3712 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:53:44.0836 3712 NwlnkFwd - ok

18:53:45.0148 3712 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

18:53:45.0336 3712 ohci1394 - ok

18:53:45.0570 3712 ONMACH2 - ok

18:53:45.0680 3712 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

18:53:45.0883 3712 P3 - ok

18:53:46.0180 3712 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

18:53:46.0352 3712 Parport - ok

18:53:46.0836 3712 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:53:47.0008 3712 PartMgr - ok

18:53:47.0117 3712 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:53:47.0258 3712 ParVdm - ok

18:53:47.0289 3712 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:53:47.0430 3712 PCI - ok

18:53:47.0430 3712 PCIDump - ok

18:53:47.0461 3712 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:53:47.0602 3712 PCIIde - ok

18:53:47.0695 3712 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

18:53:47.0836 3712 Pcmcia - ok

18:53:47.0836 3712 PDCOMP - ok

18:53:47.0852 3712 PDFRAME - ok

18:53:47.0852 3712 PDRELI - ok

18:53:47.0867 3712 PDRFRAME - ok

18:53:47.0867 3712 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

18:53:48.0008 3712 perc2 - ok

18:53:48.0023 3712 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

18:53:48.0133 3712 perc2hib - ok

18:53:48.0164 3712 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:53:48.0305 3712 PptpMiniport - ok

18:53:48.0336 3712 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

18:53:48.0492 3712 Processor - ok

18:53:48.0492 3712 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:53:48.0648 3712 PSched - ok

18:53:48.0758 3712 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:53:48.0883 3712 Ptilink - ok

18:53:48.0930 3712 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:53:48.0961 3712 PxHelp20 - ok

18:53:48.0961 3712 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

18:53:49.0117 3712 ql1080 - ok

18:53:49.0133 3712 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

18:53:49.0258 3712 Ql10wnt - ok

18:53:49.0273 3712 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

18:53:49.0398 3712 ql12160 - ok

18:53:49.0398 3712 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

18:53:49.0539 3712 ql1240 - ok

18:53:49.0539 3712 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

18:53:49.0664 3712 ql1280 - ok

18:53:49.0711 3712 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:53:49.0852 3712 RasAcd - ok

18:53:49.0930 3712 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

18:53:49.0992 3712 Rasirda - ok

18:53:50.0023 3712 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:53:50.0148 3712 Rasl2tp - ok

18:53:50.0164 3712 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:53:50.0305 3712 RasPppoe - ok

18:53:50.0320 3712 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:53:50.0445 3712 Raspti - ok

18:53:50.0508 3712 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:53:50.0680 3712 Rdbss - ok

18:53:50.0773 3712 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:53:50.0914 3712 RDPCDD - ok

18:53:50.0977 3712 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:53:51.0117 3712 rdpdr - ok

18:53:51.0164 3712 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

18:53:51.0289 3712 RDPWD - ok

18:53:51.0383 3712 redbook (d7e0211f71e9897e8a6ee222eae63458) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:53:51.0398 3712 redbook ( Rootkit.Win32.ZAccess.k ) - infected

18:53:51.0398 3712 redbook - detected Rootkit.Win32.ZAccess.k (0)

18:53:51.0445 3712 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:53:51.0555 3712 Secdrv - ok

18:53:51.0570 3712 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:53:51.0680 3712 serenum - ok

18:53:51.0711 3712 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

18:53:51.0836 3712 Serial - ok

18:53:51.0867 3712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:53:52.0008 3712 Sfloppy - ok

18:53:52.0086 3712 Simbad - ok

18:53:52.0133 3712 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

18:53:52.0273 3712 sisagp - ok

18:53:52.0305 3712 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

18:53:52.0383 3712 SMCIRDA - ok

18:53:52.0398 3712 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

18:53:52.0461 3712 Sparrow - ok

18:53:52.0492 3712 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:53:52.0617 3712 splitter - ok

18:53:52.0633 3712 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:53:52.0711 3712 sr - ok

18:53:52.0852 3712 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:53:52.0977 3712 Srv - ok

18:53:53.0023 3712 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:53:53.0164 3712 swenum - ok

18:53:53.0195 3712 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:53:53.0320 3712 swmidi - ok

18:53:53.0445 3712 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

18:53:53.0570 3712 symc810 - ok

18:53:53.0570 3712 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

18:53:53.0695 3712 symc8xx - ok

18:53:53.0711 3712 Symmpi (24a0901cafcee7343ee62565bcfb7c9a) C:\WINDOWS\system32\DRIVERS\symmpi.sys

18:53:53.0773 3712 Symmpi - ok

18:53:53.0773 3712 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

18:53:53.0914 3712 sym_hi - ok

18:53:53.0930 3712 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

18:53:54.0055 3712 sym_u3 - ok

18:53:54.0117 3712 SynTP (13e0d1974ce03e88c265a68325cb16de) C:\WINDOWS\system32\DRIVERS\SynTP.sys

18:53:54.0180 3712 SynTP - ok

18:53:54.0273 3712 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:53:54.0383 3712 sysaudio - ok

18:53:54.0492 3712 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:53:54.0617 3712 Tcpip - ok

18:53:54.0773 3712 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:53:54.0914 3712 TDPIPE - ok

18:53:55.0039 3712 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:53:55.0180 3712 TDTCP - ok

18:53:55.0211 3712 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:53:55.0336 3712 TermDD - ok

18:53:55.0398 3712 tmcomm (587c57b7d65f5534a751932a3f72bd82) C:\WINDOWS\system32\drivers\tmcomm.sys

18:53:55.0430 3712 tmcomm - ok

18:53:55.0523 3712 TmFilter (717e406972bbc07f8fb2a989416cab73) C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys

18:53:55.0602 3712 TmFilter - ok

18:53:55.0648 3712 TmPreFilter (379c4f99994a56b66e11d1e32bb22a1c) C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys

18:53:55.0664 3712 TmPreFilter - ok

18:53:55.0805 3712 tmtdi (92f4fac931169f09c8415ad2deefac28) C:\WINDOWS\system32\DRIVERS\tmtdi.sys

18:53:55.0836 3712 tmtdi - ok

18:53:55.0883 3712 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

18:53:55.0992 3712 TosIde - ok

18:53:56.0023 3712 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:53:56.0164 3712 Udfs - ok

18:53:56.0164 3712 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

18:53:56.0242 3712 ultra - ok

18:53:56.0289 3712 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:53:56.0430 3712 Update - ok

18:53:56.0539 3712 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

18:53:56.0617 3712 USBAAPL - ok

18:53:56.0680 3712 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:53:56.0789 3712 usbccgp - ok

18:53:56.0836 3712 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:53:56.0977 3712 usbehci - ok

18:53:57.0102 3712 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:53:57.0227 3712 usbhub - ok

18:53:57.0227 3712 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

18:53:57.0367 3712 usbohci - ok

18:53:57.0414 3712 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:53:57.0523 3712 usbscan - ok

18:53:57.0555 3712 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:53:57.0711 3712 USBSTOR - ok

18:53:57.0820 3712 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:53:57.0930 3712 usbuhci - ok

18:53:57.0961 3712 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:53:58.0102 3712 VgaSave - ok

18:53:58.0133 3712 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

18:53:58.0289 3712 viaagp - ok

18:53:58.0305 3712 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

18:53:58.0430 3712 ViaIde - ok

18:53:58.0523 3712 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:53:58.0648 3712 VolSnap - ok

18:53:58.0758 3712 VSApiNt (642eb152cb980ad9181b2161066be629) C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys

18:53:58.0852 3712 VSApiNt - ok

18:53:59.0023 3712 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:53:59.0164 3712 Wanarp - ok

18:53:59.0227 3712 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

18:53:59.0320 3712 Wdf01000 - ok

18:53:59.0398 3712 WDICA - ok

18:53:59.0461 3712 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:53:59.0633 3712 wdmaud - ok

18:53:59.0695 3712 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

18:53:59.0805 3712 WmiAcpi - ok

18:53:59.0867 3712 MBR (0x1B8) (c9bf916068238d16f510107a5ad6b482) \Device\Harddisk0\DR0

18:54:00.0102 3712 \Device\Harddisk0\DR0 - ok

18:54:00.0102 3712 Boot (0x1200) (324fc1bfbcd5d0cbee86d2d6359779ad) \Device\Harddisk0\DR0\Partition0

18:54:00.0102 3712 \Device\Harddisk0\DR0\Partition0 - ok

18:54:00.0117 3712 ============================================================

18:54:00.0117 3712 Scan finished

18:54:00.0117 3712 ============================================================

18:54:00.0242 1040 Detected object count: 4

18:54:00.0242 1040 Actual detected object count: 4

18:54:39.0461 1040 AlKernel ( UnsignedFile.Multi.Generic ) - skipped by user

18:54:39.0461 1040 AlKernel ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:54:39.0461 1040 CCDevice ( UnsignedFile.Multi.Generic ) - skipped by user

18:54:39.0461 1040 CCDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:54:39.0461 1040 CWEnprobe ( UnsignedFile.Multi.Generic ) - skipped by user

18:54:39.0461 1040 CWEnprobe ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:54:39.0602 1040 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\redbook.sys) error 1813

18:54:44.0523 1040 Backup copy found, using it..

18:54:44.0617 1040 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot

18:54:46.0258 1040 redbook ( Rootkit.Win32.ZAccess.k ) - User select action: Cure

18:55:02.0008 4036 Deinitialize success

Thank you.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.