Jump to content

Ping.exe Uses all CPU and respawns after killing process


Recommended Posts

Hello adamneubauer! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check. Check the Scan All Users too.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

In your next reply, please post the following log files:

  • TDSSKiller log
  • OTL log with Extras.txt

Link to post
Share on other sites

Thank you for your help. I have pasted the TDSSKiller log file below. "Cure" was not an option for TDSSKiller; therefore, per your instructions, I chose "Skip". The other log files will be in subsequent replies because it is too long.

09:12:23.0199 3820 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

09:12:23.0543 3820 ============================================================

09:12:23.0543 3820 Current date / time: 2011/12/13 09:12:23.0543

09:12:23.0543 3820 SystemInfo:

09:12:23.0543 3820

09:12:23.0543 3820 OS Version: 5.1.2600 ServicePack: 3.0

09:12:23.0543 3820 Product type: Workstation

09:12:23.0543 3820 ComputerName: ADAM

09:12:23.0543 3820 UserName: Adam Neubauer

09:12:23.0543 3820 Windows directory: C:\WINDOWS

09:12:23.0543 3820 System windows directory: C:\WINDOWS

09:12:23.0543 3820 Processor architecture: Intel x86

09:12:23.0543 3820 Number of processors: 2

09:12:23.0543 3820 Page size: 0x1000

09:12:23.0543 3820 Boot type: Normal boot

09:12:23.0543 3820 ============================================================

09:12:26.0152 3820 Initialize success

09:12:56.0288 1392 ============================================================

09:12:56.0288 1392 Scan started

09:12:56.0288 1392 Mode: Manual; SigCheck; TDLFS;

09:12:56.0288 1392 ============================================================

09:12:58.0038 1392 Abiosdsk - ok

09:12:58.0116 1392 abp480n5 - ok

09:12:58.0304 1392 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:13:01.0053 1392 ACPI - ok

09:13:01.0225 1392 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

09:13:01.0475 1392 ACPIEC - ok

09:13:01.0616 1392 adpu160m - ok

09:13:01.0756 1392 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:13:01.0991 1392 aec - ok

09:13:02.0178 1392 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys

09:13:02.0381 1392 AFD - ok

09:13:02.0694 1392 AgereSoftModem (052343cd49c8da20c48958cfe73c7d44) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

09:13:03.0006 1392 AgereSoftModem - ok

09:13:03.0147 1392 Aha154x - ok

09:13:03.0240 1392 aic78u2 - ok

09:13:03.0334 1392 aic78xx - ok

09:13:03.0506 1392 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

09:13:03.0693 1392 ALCXSENS - ok

09:13:03.0928 1392 ALCXWDM (4dd2c10fc6434fedcb7c71fbdc1f107a) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

09:13:04.0100 1392 ALCXWDM - ok

09:13:04.0225 1392 AliIde - ok

09:13:04.0318 1392 amsint - ok

09:13:04.0490 1392 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

09:13:04.0584 1392 ApfiltrService - ok

09:13:04.0771 1392 AR5211 (b38fbcd95b8e4c130cf78a1df7f04523) C:\WINDOWS\system32\DRIVERS\ar5211.sys

09:13:04.0912 1392 AR5211 - ok

09:13:05.0099 1392 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

09:13:05.0287 1392 Arp1394 - ok

09:13:05.0412 1392 asc - ok

09:13:05.0568 1392 asc3350p - ok

09:13:05.0662 1392 asc3550 - ok

09:13:05.0818 1392 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:13:06.0021 1392 AsyncMac - ok

09:13:06.0146 1392 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:13:06.0318 1392 atapi - ok

09:13:06.0505 1392 Atdisk - ok

09:13:06.0693 1392 ati2mtag (4938ad74de9088f70922fabf86912eee) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

09:13:06.0865 1392 ati2mtag - ok

09:13:07.0037 1392 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:13:07.0224 1392 Atmarpc - ok

09:13:07.0412 1392 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:13:07.0599 1392 audstub - ok

09:13:07.0755 1392 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:13:07.0990 1392 Beep - ok

09:13:08.0208 1392 caboagp (10d5fb74ee18ea49c30daaa203c0e0ec) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys

09:13:08.0286 1392 caboagp - ok

09:13:08.0458 1392 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:13:08.0630 1392 cbidf2k - ok

09:13:08.0755 1392 cd20xrnt - ok

09:13:08.0880 1392 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:13:09.0068 1392 Cdaudio - ok

09:13:09.0630 1392 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:13:09.0896 1392 Cdfs - ok

09:13:10.0052 1392 Cdr4_xp (9714b7c918c6543d69074ec101f86ac4) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

09:13:10.0474 1392 Cdr4_xp - ok

09:13:10.0645 1392 Cdralw2k (0d856d16c08440bfb566d6cdd9948d4e) C:\WINDOWS\system32\drivers\Cdralw2k.sys

09:13:10.0645 1392 Cdralw2k - ok

09:13:10.0755 1392 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:13:10.0958 1392 Cdrom - ok

09:13:11.0052 1392 Changer - ok

09:13:11.0224 1392 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

09:13:11.0380 1392 CmBatt - ok

09:13:11.0583 1392 CmdIde - ok

09:13:11.0677 1392 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

09:13:11.0911 1392 Compbatt - ok

09:13:12.0067 1392 Cpqarray - ok

09:13:12.0161 1392 dac2w2k - ok

09:13:12.0255 1392 dac960nt - ok

09:13:12.0380 1392 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:13:12.0536 1392 Disk - ok

09:13:12.0755 1392 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:13:13.0005 1392 dmboot - ok

09:13:13.0208 1392 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:13:13.0364 1392 dmio - ok

09:13:13.0598 1392 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:13:13.0770 1392 dmload - ok

09:13:13.0926 1392 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:13:14.0082 1392 DMusic - ok

09:13:14.0239 1392 dpti2o - ok

09:13:14.0364 1392 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:13:14.0582 1392 drmkaud - ok

09:13:14.0739 1392 EMSCR (a1ccdcb2e1eb8a6c3af879463ba2be89) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys

09:13:14.0770 1392 EMSCR ( UnsignedFile.Multi.Generic ) - warning

09:13:14.0770 1392 EMSCR - detected UnsignedFile.Multi.Generic (1)

09:13:14.0879 1392 EPOWER - ok

09:13:15.0004 1392 ESDCR (ec2a61fabd6f311d2a8596c280efba6f) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys

09:13:15.0035 1392 ESDCR ( UnsignedFile.Multi.Generic ) - warning

09:13:15.0035 1392 ESDCR - detected UnsignedFile.Multi.Generic (1)

09:13:15.0192 1392 ESMCR (328c7b07f4be4826d33b826396305686) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys

09:13:15.0301 1392 ESMCR - ok

09:13:15.0707 1392 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:13:15.0926 1392 Fastfat - ok

09:13:16.0082 1392 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

09:13:16.0223 1392 Fdc - ok

09:13:16.0488 1392 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:13:16.0645 1392 Fips - ok

09:13:16.0848 1392 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

09:13:17.0004 1392 Flpydisk - ok

09:13:17.0113 1392 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:13:17.0270 1392 FltMgr - ok

09:13:17.0441 1392 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:13:17.0707 1392 Fs_Rec - ok

09:13:17.0926 1392 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:13:18.0113 1392 Ftdisk - ok

09:13:18.0285 1392 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:13:18.0441 1392 Gpc - ok

09:13:18.0738 1392 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:13:18.0957 1392 HidUsb - ok

09:13:19.0097 1392 hpn - ok

09:13:19.0254 1392 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

09:13:19.0410 1392 HTTP - ok

09:13:19.0597 1392 i2omgmt - ok

09:13:19.0660 1392 i2omp - ok

09:13:19.0832 1392 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:13:20.0050 1392 i8042prt - ok

09:13:20.0253 1392 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:13:20.0425 1392 Imapi - ok

09:13:20.0613 1392 ini910u - ok

09:13:20.0675 1392 IntelIde - ok

09:13:20.0878 1392 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:13:21.0081 1392 intelppm - ok

09:13:21.0285 1392 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:13:21.0425 1392 ip6fw - ok

09:13:21.0644 1392 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:13:21.0878 1392 IpFilterDriver - ok

09:13:22.0066 1392 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:13:22.0206 1392 IpInIp - ok

09:13:22.0409 1392 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:13:22.0628 1392 IpNat - ok

09:13:22.0722 1392 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:13:22.0894 1392 IPSec - ok

09:13:23.0050 1392 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

09:13:23.0237 1392 irda - ok

09:13:23.0378 1392 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:13:23.0581 1392 IRENUM - ok

09:13:23.0753 1392 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:13:23.0909 1392 isapnp - ok

09:13:24.0065 1392 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:13:24.0300 1392 Kbdclass - ok

09:13:24.0550 1392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:13:24.0706 1392 kmixer - ok

09:13:24.0893 1392 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

09:13:25.0112 1392 KSecDD - ok

09:13:25.0268 1392 lbrtfdc - ok

09:13:25.0346 1392 MBAMSwissArmy - ok

09:13:25.0534 1392 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys

09:13:25.0565 1392 MDC8021X ( UnsignedFile.Multi.Generic ) - warning

09:13:25.0565 1392 MDC8021X - detected UnsignedFile.Multi.Generic (1)

09:13:25.0800 1392 meiudf (766a1d242f4390ddf1243084898a20c9) C:\WINDOWS\system32\Drivers\meiudf.sys

09:13:25.0846 1392 meiudf ( UnsignedFile.Multi.Generic ) - warning

09:13:25.0846 1392 meiudf - detected UnsignedFile.Multi.Generic (1)

09:13:26.0081 1392 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:13:26.0315 1392 mnmdd - ok

09:13:26.0628 1392 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:13:26.0799 1392 Modem - ok

09:13:27.0002 1392 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:13:27.0206 1392 Mouclass - ok

09:13:27.0409 1392 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:13:27.0596 1392 mouhid - ok

09:13:27.0784 1392 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:13:28.0002 1392 MountMgr - ok

09:13:28.0159 1392 mraid35x - ok

09:13:28.0284 1392 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:13:28.0455 1392 MRxDAV - ok

09:13:28.0643 1392 MRxSmb (54bfd3e26e84e72089e76328229a91c4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:13:28.0752 1392 MRxSmb ( UnsignedFile.Multi.Generic ) - warning

09:13:28.0752 1392 MRxSmb - detected UnsignedFile.Multi.Generic (1)

09:13:29.0080 1392 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:13:29.0283 1392 Msfs - ok

09:13:29.0455 1392 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:13:29.0611 1392 MSKSSRV - ok

09:13:29.0752 1392 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:13:29.0908 1392 MSPCLOCK - ok

09:13:30.0049 1392 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:13:30.0205 1392 MSPQM - ok

09:13:30.0377 1392 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:13:30.0518 1392 mssmbios - ok

09:13:30.0689 1392 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

09:13:30.0846 1392 Mup - ok

09:13:31.0080 1392 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:13:31.0236 1392 NDIS - ok

09:13:31.0502 1392 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:13:31.0674 1392 NdisTapi - ok

09:13:31.0861 1392 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:13:32.0017 1392 Ndisuio - ok

09:13:32.0205 1392 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:13:32.0377 1392 NdisWan - ok

09:13:32.0580 1392 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

09:13:32.0752 1392 NDProxy - ok

09:13:32.0923 1392 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:13:33.0080 1392 NetBIOS - ok

09:13:33.0267 1392 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:13:33.0423 1392 NetBT - ok

09:13:33.0642 1392 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

09:13:33.0673 1392 Netdevio ( UnsignedFile.Multi.Generic ) - warning

09:13:33.0673 1392 Netdevio - detected UnsignedFile.Multi.Generic (1)

09:13:33.0845 1392 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

09:13:33.0986 1392 NIC1394 - ok

09:13:34.0173 1392 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:13:34.0314 1392 Npfs - ok

09:13:34.0720 1392 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:13:34.0908 1392 Ntfs - ok

09:13:35.0064 1392 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:13:35.0220 1392 Null - ok

09:13:35.0361 1392 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:13:35.0548 1392 NwlnkFlt - ok

09:13:35.0689 1392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:13:35.0861 1392 NwlnkFwd - ok

09:13:36.0017 1392 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

09:13:36.0189 1392 ohci1394 - ok

09:13:36.0407 1392 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:13:36.0642 1392 Parport - ok

09:13:36.0814 1392 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:13:36.0970 1392 PartMgr - ok

09:13:37.0126 1392 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:13:37.0298 1392 ParVdm - ok

09:13:37.0501 1392 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:13:37.0657 1392 PCI - ok

09:13:37.0782 1392 PCIDump - ok

09:13:37.0907 1392 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:13:38.0110 1392 PCIIde - ok

09:13:38.0266 1392 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

09:13:38.0423 1392 Pcmcia - ok

09:13:38.0563 1392 PDCOMP - ok

09:13:38.0657 1392 PDFRAME - ok

09:13:38.0766 1392 PDRELI - ok

09:13:38.0844 1392 PDRFRAME - ok

09:13:38.0954 1392 perc2 - ok

09:13:39.0048 1392 perc2hib - ok

09:13:39.0235 1392 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys

09:13:39.0251 1392 pfc ( UnsignedFile.Multi.Generic ) - warning

09:13:39.0251 1392 pfc - detected UnsignedFile.Multi.Generic (1)

09:13:39.0407 1392 pneteth (088335b06f75adbcbb81575c7cae6c43) C:\WINDOWS\system32\DRIVERS\pneteth.sys

09:13:39.0407 1392 pneteth ( UnsignedFile.Multi.Generic ) - warning

09:13:39.0407 1392 pneteth - detected UnsignedFile.Multi.Generic (1)

09:13:39.0672 1392 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:13:39.0891 1392 PptpMiniport - ok

09:13:40.0094 1392 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

09:13:40.0251 1392 Processor - ok

09:13:40.0485 1392 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:13:40.0704 1392 PSched - ok

09:13:40.0907 1392 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:13:41.0079 1392 Ptilink - ok

09:13:41.0282 1392 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:13:41.0297 1392 PxHelp20 - ok

09:13:41.0360 1392 ql1080 - ok

09:13:41.0688 1392 Ql10wnt - ok

09:13:41.0797 1392 ql12160 - ok

09:13:41.0813 1392 ql1240 - ok

09:13:41.0844 1392 ql1280 - ok

09:13:41.0922 1392 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:13:42.0125 1392 RasAcd - ok

09:13:42.0297 1392 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

09:13:42.0375 1392 Rasirda - ok

09:13:43.0016 1392 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:13:43.0266 1392 Rasl2tp - ok

09:13:43.0469 1392 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:13:43.0625 1392 RasPppoe - ok

09:13:43.0812 1392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:13:44.0031 1392 Raspti - ok

09:13:44.0250 1392 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:13:44.0406 1392 Rdbss - ok

09:13:45.0000 1392 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:13:45.0203 1392 RDPCDD - ok

09:13:45.0500 1392 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

09:13:45.0687 1392 RDPWD - ok

09:13:45.0859 1392 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:13:46.0047 1392 redbook - ok

09:13:46.0234 1392 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys

09:13:46.0328 1392 RTL8023 - ok

09:13:46.0828 1392 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

09:13:47.0000 1392 rtl8139 - ok

09:13:47.0218 1392 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:13:47.0359 1392 Secdrv - ok

09:13:47.0640 1392 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

09:13:47.0859 1392 Serial - ok

09:13:48.0031 1392 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

09:13:48.0171 1392 Sfloppy - ok

09:13:48.0312 1392 Simbad - ok

09:13:48.0452 1392 SMCIRDA (f5fec5b4b985fbf81927844e75dd5bd1) C:\WINDOWS\system32\DRIVERS\smcirda.sys

09:13:48.0515 1392 SMCIRDA - ok

09:13:48.0640 1392 Sparrow - ok

09:13:48.0749 1392 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:13:48.0952 1392 splitter - ok

09:13:49.0155 1392 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:13:49.0296 1392 sr - ok

09:13:49.0562 1392 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys

09:13:49.0812 1392 Srv - ok

09:13:49.0999 1392 SrvcEKIOMngr (2024a857cc3351662655ee32b60254a1) C:\WINDOWS\system32\Drivers\EKIoMngr.sys

09:13:50.0030 1392 SrvcEKIOMngr ( UnsignedFile.Multi.Generic ) - warning

09:13:50.0030 1392 SrvcEKIOMngr - detected UnsignedFile.Multi.Generic (1)

09:13:50.0202 1392 SrvcSSIOMngr (bb30a993e1cd2c74b9160b82f95aa3ea) C:\WINDOWS\system32\Drivers\SSIoMngr.sys

09:13:50.0218 1392 SrvcSSIOMngr ( UnsignedFile.Multi.Generic ) - warning

09:13:50.0218 1392 SrvcSSIOMngr - detected UnsignedFile.Multi.Generic (1)

09:13:50.0358 1392 SrvcTPIOMngr (0c2fe008042012cd24fcdcedc7ec8832) C:\WINDOWS\system32\Drivers\TPIoMngr.sys

09:13:50.0358 1392 SrvcTPIOMngr ( UnsignedFile.Multi.Generic ) - warning

09:13:50.0358 1392 SrvcTPIOMngr - detected UnsignedFile.Multi.Generic (1)

09:13:50.0640 1392 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:13:50.0843 1392 swenum - ok

09:13:51.0046 1392 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:13:51.0202 1392 swmidi - ok

09:13:51.0374 1392 symc810 - ok

09:13:51.0530 1392 symc8xx - ok

09:13:51.0655 1392 SymEvent - ok

09:13:52.0014 1392 sym_hi - ok

09:13:52.0093 1392 sym_u3 - ok

09:13:52.0171 1392 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:13:52.0374 1392 sysaudio - ok

09:13:52.0608 1392 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\System32\drivers\TBiosDrv.sys

09:13:52.0639 1392 TBiosDrv ( UnsignedFile.Multi.Generic ) - warning

09:13:52.0639 1392 TBiosDrv - detected UnsignedFile.Multi.Generic (1)

09:13:52.0827 1392 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:13:53.0030 1392 Tcpip - ok

09:13:53.0186 1392 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:13:53.0327 1392 TDPIPE - ok

09:13:53.0545 1392 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:13:53.0686 1392 TDTCP - ok

09:13:53.0842 1392 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:13:54.0014 1392 TermDD - ok

09:13:54.0139 1392 TosIde - ok

09:13:54.0280 1392 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:13:54.0483 1392 Udfs - ok

09:13:54.0577 1392 ultra - ok

09:13:54.0780 1392 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:13:54.0967 1392 Update - ok

09:13:55.0139 1392 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:13:55.0326 1392 usbccgp - ok

09:13:55.0514 1392 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:13:55.0654 1392 usbehci - ok

09:13:55.0858 1392 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:13:56.0076 1392 usbhub - ok

09:13:56.0279 1392 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

09:13:56.0420 1392 usbohci - ok

09:13:56.0545 1392 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:13:56.0732 1392 USBSTOR - ok

09:13:56.0889 1392 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:13:57.0076 1392 VgaSave - ok

09:13:57.0232 1392 ViaIde - ok

09:13:57.0373 1392 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:13:57.0529 1392 VolSnap - ok

09:13:57.0732 1392 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:13:57.0951 1392 Wanarp - ok

09:13:58.0107 1392 wanatw - ok

09:13:58.0263 1392 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

09:13:58.0279 1392 Wdf01000 - ok

09:13:58.0435 1392 WDICA - ok

09:13:58.0607 1392 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:13:58.0810 1392 wdmaud - ok

09:13:58.0982 1392 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

09:13:58.0998 1392 WinUSB - ok

09:13:59.0170 1392 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:13:59.0232 1392 WudfPf - ok

09:13:59.0420 1392 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:13:59.0466 1392 WudfRd - ok

09:13:59.0560 1392 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0

09:13:59.0873 1392 \Device\Harddisk0\DR0 - ok

09:13:59.0873 1392 Boot (0x1200) (3bc193b1a972a5a954ed1f28a6544dca) \Device\Harddisk0\DR0\Partition0

09:13:59.0873 1392 \Device\Harddisk0\DR0\Partition0 - ok

09:13:59.0904 1392 ============================================================

09:13:59.0904 1392 Scan finished

09:13:59.0904 1392 ============================================================

09:14:00.0060 0444 Detected object count: 12

09:14:00.0060 0444 Actual detected object count: 12

09:15:43.0967 0444 EMSCR ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:43.0967 0444 EMSCR ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:43.0967 0444 ESDCR ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:43.0967 0444 ESDCR ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:43.0982 0444 MDC8021X ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:43.0982 0444 MDC8021X ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:43.0982 0444 meiudf ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:43.0982 0444 meiudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:43.0982 0444 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:43.0982 0444 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:43.0982 0444 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:43.0982 0444 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:43.0982 0444 pfc ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:43.0982 0444 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:43.0998 0444 pneteth ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:43.0998 0444 pneteth ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:43.0998 0444 SrvcEKIOMngr ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:43.0998 0444 SrvcEKIOMngr ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:43.0998 0444 SrvcSSIOMngr ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:43.0998 0444 SrvcSSIOMngr ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:43.0998 0444 SrvcTPIOMngr ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:43.0998 0444 SrvcTPIOMngr ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:44.0014 0444 TBiosDrv ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:44.0014 0444 TBiosDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:50.0825 3920 Deinitialize success

Link to post
Share on other sites

Here is OTL.Txt:

OTL logfile created on: 12/13/2011 9:19:00 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Adam Neubauer\Desktop\Download

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.98 Mb Total Physical Memory | 176.77 Mb Available Physical Memory | 39.55% Memory free

1.03 Gb Paging File | 0.75 Gb Available in Paging File | 73.11% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.89 Gb Total Space | 23.98 Gb Free Space | 42.90% Space Free | Partition Type: NTFS

Computer Name: ADAM | User Name: Adam Neubauer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Adam Neubauer\Desktop\Download\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Polar\Daemon\polard.exe ()

PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)

PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)

PRC - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe ()

PRC - C:\WINDOWS\system32\acs.exe ()

PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

========== Modules (No Company Name) ==========

MOD - \\.\f77ec2c9\U\80000032.@ ()

MOD - C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll ()

MOD - C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll ()

MOD - C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll ()

MOD - C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll ()

MOD - C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll ()

MOD - C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll ()

MOD - C:\Program Files\Polar\Daemon\polard.exe ()

MOD - C:\Program Files\Polar\Daemon\libpolar.dll ()

MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()

MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()

MOD - C:\WINDOWS\system32\pdfxp.dll ()

MOD - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe ()

MOD - C:\WINDOWS\system32\acs.exe ()

MOD - C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (Polar Daemon) -- C:\Program Files\Polar\Daemon\polard.exe ()

SRV - (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)

SRV - (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)

SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)

SRV - (Swupdtmr) -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe ()

SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()

SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

========== Driver Services (SafeList) ==========

DRV - (pneteth) -- C:\WINDOWS\system32\drivers\pneteth.sys (June Fabrics Technology Inc.)

DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)

DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)

DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)

DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)

DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)

DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)

DRV - (SrvcTPIOMngr) -- C:\WINDOWS\system32\drivers\TPIOMngr.sys (COMPAL ELECTRONIC INC.)

DRV - (SrvcEKIOMngr) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys (COMPAL ELECTRONIC INC.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)

DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)

DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)

DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )

DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()

DRV - (caboagp) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)

DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)

DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3299461807-3324413993-3039487113-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-3299461807-3324413993-3039487113-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-3299461807-3324413993-3039487113-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search

IE - HKU\S-1-5-21-3299461807-3324413993-3039487113-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-3299461807-3324413993-3039487113-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3106777

IE - HKU\S-1-5-21-3299461807-3324413993-3039487113-1006\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-3299461807-3324413993-3039487113-1006\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3299461807-3324413993-3039487113-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/01/29 22:01:50 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)

CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT3106777'>http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT3106777

CHR - default_search_provider: suggest_url = http://search.conduit.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Google\Update\1.3.21.71\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-3299461807-3324413993-3039487113-1006\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-3299461807-3324413993-3039487113-1006\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-3299461807-3324413993-3039487113-1006\..\Toolbar\WebBrowser: (WinZipBar Toolbar) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - C:\Program Files\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)

O4 - HKU\S-1-5-21-3299461807-3324413993-3039487113-1006..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3299461807-3324413993-3039487113-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3125A424-3F33-4D71-8E66-F0B45D1D6E73}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60715394-8448-492E-A2AA-3E8ADA021259}: DhcpNameServer = 67.109.160.8

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{73311c94-6c34-11e0-9d00-009096b4a57c}\Shell\AutoRun\command - "" = E:\podcastready.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-3299461807-3324413993-3039487113-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/11 12:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Neubauer\Application Data\Malwarebytes

[2011/12/10 23:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/12/10 23:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/12/10 23:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/12/10 23:11:31 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/12/10 23:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/12/10 20:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/12/10 20:34:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/12/01 10:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Neubauer\.freescreensharing

[2011/12/01 10:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Neubauer\Start Menu\Programs\FreeScreenSharing

[2011/12/01 10:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\FreeScreenSharing

[2011/11/23 18:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\WinZip

[2011/11/23 18:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2011/11/23 18:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\WinZipBar

[2011/11/23 18:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Conduit

[2011/11/23 18:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinZipBar

[2011/11/23 18:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip

[2011/11/23 18:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2011/11/23 18:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip

[2004/05/06 17:03:26 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\ECioctl.dll

[2003/12/02 17:22:38 | 000,028,672 | ---- | C] ( ) -- C:\WINDOWS\System32\ControlACS.exe

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/13 09:21:09 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/13 09:06:25 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/13 09:06:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/12/12 20:04:05 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3299461807-3324413993-3039487113-1006UA.job

[2011/12/12 19:49:19 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/12/12 14:51:40 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2011/12/11 09:04:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3299461807-3324413993-3039487113-1006Core.job

[2011/12/10 23:15:00 | 000,012,742 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5q77xb5p14p437

[2011/12/10 23:15:00 | 000,012,742 | -HS- | M] () -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\5q77xb5p14p437

[2011/12/10 22:16:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\{31FD8AD5-0AE8-40A4-A2C8-C7C03D5E22AC}

[2011/12/10 20:20:41 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2011/12/05 09:18:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/12/02 11:22:28 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Adam Neubauer\Desktop\Microsoft Word 2010.lnk

[2011/11/23 19:33:17 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/18 15:06:56 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Adam Neubauer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/11/18 15:06:55 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Adam Neubauer\Desktop\Google Chrome.lnk

[2011/11/16 16:42:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\{671521B5-C78D-4ABB-8BE4-6310906AFB48}

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/10 22:16:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\{31FD8AD5-0AE8-40A4-A2C8-C7C03D5E22AC}

[2011/12/10 22:02:59 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/12/10 20:13:32 | 000,012,742 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5q77xb5p14p437

[2011/12/10 20:13:32 | 000,012,742 | -HS- | C] () -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\5q77xb5p14p437

[2011/11/16 16:42:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\{671521B5-C78D-4ABB-8BE4-6310906AFB48}

[2011/09/22 09:20:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI

[2011/06/14 12:36:30 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2011/06/14 12:36:30 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxhweq.dat

[2011/02/27 21:09:44 | 000,000,089 | ---- | C] () -- C:\WINDOWS\EWF520.ini

[2011/02/01 21:48:23 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/29 16:52:42 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2011/01/29 16:52:42 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2011/01/29 16:52:42 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2011/01/29 16:52:42 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2011/01/29 16:52:42 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2011/01/29 16:52:42 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2011/01/29 16:52:42 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2011/01/29 16:52:42 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2011/01/29 16:52:42 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2011/01/29 16:52:42 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2011/01/29 16:52:42 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2011/01/29 16:52:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2011/01/29 16:52:41 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2011/01/29 16:52:41 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2011/01/29 16:52:41 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2011/01/29 16:52:41 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2011/01/29 16:34:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\pdfxp.dll

[2011/01/29 16:34:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\unpdf.exe

[2011/01/29 13:58:22 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2011/01/29 13:58:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2011/01/29 13:58:20 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011/01/29 13:58:19 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011/01/29 13:58:18 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/01/29 00:10:05 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2011/01/28 22:23:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2011/01/28 22:22:28 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011/01/28 22:15:51 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini

[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/04/22 00:58:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

[2004/04/22 00:56:04 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe

[2003/12/02 17:33:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2003/12/02 17:33:28 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2003/12/02 17:33:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2003/12/02 17:33:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2003/12/02 17:33:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2003/12/02 17:33:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2003/12/02 17:32:25 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\EMCRI.dll

[2003/12/02 17:22:38 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe

[2003/12/02 17:22:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2003/12/02 17:22:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe

[2003/12/02 17:22:35 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2003/12/02 17:22:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\acs.exe

[2003/12/02 17:21:52 | 000,218,003 | ---- | C] () -- C:\WINDOWS\dssec.dat

[2003/12/02 17:18:36 | 000,000,894 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2003/12/02 17:09:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CePMTray.INI

[2003/12/02 17:06:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI

[2003/12/02 17:02:45 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2003/12/02 16:55:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2003/12/02 16:39:22 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe

[2003/12/02 16:39:22 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe

[2003/12/02 16:39:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\RefreshDevice.exe

[2003/12/02 16:30:44 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini

[2003/12/02 16:30:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll

[2003/12/02 16:30:44 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini

[2003/12/02 16:30:44 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini

[2003/12/02 16:22:32 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat

[2003/12/02 16:07:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2003/12/02 16:01:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe

[2003/12/02 16:01:32 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys

[2003/12/02 15:14:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003/12/02 15:11:32 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/12/02 15:10:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2003/12/02 15:06:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2003/12/02 15:04:50 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003/12/02 13:18:30 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2003/12/02 13:15:31 | 000,385,164 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2003/12/02 13:15:31 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2003/12/02 13:15:31 | 000,054,682 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2003/12/02 13:15:31 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2003/12/02 13:15:30 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003/12/02 13:15:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003/12/02 13:15:26 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/12/02 13:15:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2003/12/02 13:15:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2003/12/02 13:15:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003/12/02 13:14:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2003/12/02 07:00:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003/12/02 06:59:41 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/10/27 10:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Neubauer\Application Data\Dropbox

[2011/02/27 21:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Neubauer\Application Data\Epson

[2003/12/02 16:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Neubauer\Application Data\InterTrust

[2003/12/02 18:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Neubauer\Application Data\InterVideo

[2011/02/27 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Neubauer\Application Data\Leadertech

[2011/10/07 16:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Neubauer\Application Data\Polar WebSync

[2011/11/30 19:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Neubauer\Application Data\tixati

[2003/12/02 17:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Neubauer\Application Data\toshiba

[2003/12/02 16:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust

[2003/12/02 18:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo

[2003/12/02 17:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba

[2011/02/27 21:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2011/01/29 11:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster

[2003/12/02 17:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2011/11/23 18:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2003/12/02 16:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust

[2003/12/02 18:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterVideo

[2003/12/02 17:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Here is Extras.txt:

OTL Extras logfile created on: 12/13/2011 9:19:00 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Adam Neubauer\Desktop\Download

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.98 Mb Total Physical Memory | 176.77 Mb Available Physical Memory | 39.55% Memory free

1.03 Gb Paging File | 0.75 Gb Available in Paging File | 73.11% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.89 Gb Total Space | 23.98 Gb Free Space | 42.90% Space Free | Partition Type: NTFS

Computer Name: ADAM | User Name: Adam Neubauer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3299461807-3324413993-3039487113-1006\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Documents and Settings\Adam Neubauer\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Adam Neubauer\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 24

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B948527-CBFD-4FF1-B745-D59E887D4EB3}" = Polar WebSync

"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch

"{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility

"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for Toshiba

"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek Fast Ethernet Adapter Driver

"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AC200C3-A4C8-401C-A5A8-202BE888B165}" = TOSHIBA Fax Extension

"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite

"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree

"{BE8602AE-3E73-4820-8063-F833BCAD7C3C}" = Polar Daemon

"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C8}" = WinZip 16.0

"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer

"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications

"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.3 SP1

"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.5

"{F48D45F4-8728-41D5-8F60-C22B48009736}" = TouchPad On/Off Utility

"{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}" = TOSHIBA Software Upgrades

"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration

"{F821C9EC-BC2E-4FC4-993D-88B8B30C3AD6}" = TOSHIBA Hotkey Utility

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist

"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"All ATI Software" = ATI - Software Uninstall Utility

"AT&T Connection Services Software" = AT&T Connection Services Manager

"ATI Display Driver" = ATI Display Driver

"Audacity_is1" = Audacity 1.2.6

"Celtx (2.7)" = Celtx (2.7)

"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver

"EPSON Scanner" = EPSON Scan

"EPSON WorkForce 520 Series" = EPSON WorkForce 520 Series Printer Uninstall

"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall

"ie8" = Windows Internet Explorer 8

"InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1

"InstallShield_{F48D45F4-8728-41D5-8F60-C22B48009736}" = TouchPad On/Off Utility

"InstallShield_{F821C9EC-BC2E-4FC4-993D-88B8B30C3AD6}" = TOSHIBA Hotkey Utility

"KLiteCodecPack_is1" = K-Lite Codec Pack 6.9.0 (Full)

"LiveReg" = LiveReg (Symantec Corporation)

"LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Office14.SingleImage" = Microsoft Office Professional 2010

"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool

"PdaNet_is1" = PdaNet for Android 2.45

"QuickTime" = QuickTime

"StreetPlugin" = Learn2 Player (Uninstall Only)

"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2004 (Symantec Corporation)

"tixati" = Tixati

"TOSHIBA Access" = TOSHIBA Access

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver

"VeryPDF PDFcamp Printer v2.3_is1" = VeryPDF PDFcamp Printer v2.3

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"winusb0100" = Microsoft WinUsb 1.0

"WinZipBar Toolbar" = WinZipBar Toolbar

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3299461807-3324413993-3039487113-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"FoxTab Audio Converter" = FoxTab Audio Converter

"FreeScreenSharing" = FreeScreenSharing

"Google Chrome" = Google Chrome

"GoToMeeting" = GoToMeeting 5.0.0.799

"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/23/2011 2:36:41 PM | Computer Name = ADAM | Source = Application Hang | ID = 1002

Description = Hanging application WINWORD.EXE, version 14.0.4762.1000, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2011 5:24:49 PM | Computer Name = ADAM | Source = Application Hang | ID = 1002

Description = Hanging application WINWORD.EXE, version 14.0.4762.1000, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2011 5:24:49 PM | Computer Name = ADAM | Source = Application Hang | ID = 1002

Description = Hanging application WINWORD.EXE, version 14.0.4762.1000, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2011 1:26:00 PM | Computer Name = ADAM | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 800706BF from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 12/12/2011 1:26:00 PM | Computer Name = ADAM | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

[ System Events ]

Error - 12/13/2011 11:09:14 AM | Computer Name = ADAM | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/13/2011 11:09:39 AM | Computer Name = ADAM | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/13/2011 11:10:24 AM | Computer Name = ADAM | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/13/2011 11:10:27 AM | Computer Name = ADAM | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/13/2011 11:11:22 AM | Computer Name = ADAM | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/13/2011 11:16:15 AM | Computer Name = ADAM | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/13/2011 11:18:33 AM | Computer Name = ADAM | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/13/2011 11:19:04 AM | Computer Name = ADAM | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/13/2011 11:20:35 AM | Computer Name = ADAM | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/13/2011 11:22:06 AM | Computer Name = ADAM | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

< End of report >

Link to post
Share on other sites

Step 1

Please uninstall WinZipBar Toolbar.

Step 2

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
MOD - \\.\f77ec2c9\U\80000032.@ ()
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT3106777
CHR - default_search_provider: suggest_url = http://search.conduit.com/
O2 - BHO: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3299461807-3324413993-3039487113-1006\..\Toolbar\WebBrowser: (WinZipBar Toolbar) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - C:\Program Files\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
[2011/11/23 18:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/11/23 18:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\WinZipBar
[2011/11/23 18:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Conduit
[2011/11/23 18:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinZipBar
[2011/12/10 23:15:00 | 000,012,742 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5q77xb5p14p437
[2011/12/10 23:15:00 | 000,012,742 | -HS- | M] () -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\5q77xb5p14p437
[2011/12/10 22:16:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\{31FD8AD5-0AE8-40A4-A2C8-C7C03D5E22AC}
[2011/06/14 12:36:30 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxhweq.dat
[2003/12/02 17:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

:Commands
[emptytemp]
[resethosts]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

All processes killed

========== OTL ==========

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\ not found.

File C:\Program Files\WinZipBar\prxtbWinZ.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\ not found.

File C:\Program Files\WinZipBar\prxtbWinZ.dll not found.

Registry value HKEY_USERS\S-1-5-21-3299461807-3324413993-3039487113-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}\ not found.

File C:\Program Files\WinZipBar\prxtbWinZ.dll not found.

C:\Program Files\Conduit\Community Alerts folder moved successfully.

C:\Program Files\Conduit folder moved successfully.

Folder C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\WinZipBar\ not found.

C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.

C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.

C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.

C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.

C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.

C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.

C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.

C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\Conduit folder moved successfully.

Folder C:\Program Files\WinZipBar\ not found.

C:\Documents and Settings\All Users\Application Data\5q77xb5p14p437 moved successfully.

C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\5q77xb5p14p437 moved successfully.

C:\Documents and Settings\Adam Neubauer\Local Settings\Application Data\{31FD8AD5-0AE8-40A4-A2C8-C7C03D5E22AC} moved successfully.

C:\WINDOWS\system32\drivers\alcxhweq.dat moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Adam Neubauer

->Temp folder emptied: 737633291 bytes

->Temporary Internet Files folder emptied: 54836064 bytes

->Java cache emptied: 2416363 bytes

->Google Chrome cache emptied: 7704615 bytes

->Flash cache emptied: 6187 bytes

User: Administrator

->Temp folder emptied: 147456 bytes

->Temporary Internet Files folder emptied: 8694829 bytes

->Flash cache emptied: 56958 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

->Flash cache emptied: 56502 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 449153448 bytes

->Java cache emptied: 417100 bytes

->Flash cache emptied: 29161 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 39097 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 35888122 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 43518738 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 50373 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,279.00 mb

HOSTS file reset successfully

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 12142011_104014

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

MBAM Log File:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8372

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/14/2011 5:12:25 PM

mbam-log-2011-12-14 (17-12-25).txt

Scan type: Quick scan

Objects scanned: 177422

Time elapsed: 11 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MozillaAgent (Trojan.Agent) -> Value: MozillaAgent -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

ESET Log File:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=71e0efb956306c44ab280f9db19d7e20

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-12-15 12:33:46

# local_time=2011-12-14 06:33:46 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=74150

# found=5

# cleaned=3

# scan_time=3894

C:\Program Files\Audacity\AudioConverter.exe a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Winamp\winamp561_full_emusic-7plus_all.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Winamp\winamp5621_full_emusic-7plus_all.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\drivers\mrxsmb.sys a variant of Win32/Rootkit.Kryptik.GG trojan (unable to clean) 00000000000000000000000000000000 I

${Memory} multiple threats 00000000000000000000000000000000 I

Link to post
Share on other sites

I ran combo fix and it says there were a couple Rootkits detected. Then, it prompted that it would restart the computer. However, the computer froze and the cursor would not move, and CNTRL+ALT+DELETE would not work, so I manually turned it off and on. Upon reboot, I ran combo fix again and the computer froze after 10 minutes. I waited 2 hours to see if it would come back to life, but it didn't. I manually turned off and on again. I have been doing normal tasks on the computer for a half hour and ping.exe has not restarted. My computer seems to be acting healthy. Has this happened before? Do you think it is disinfected? If it reappears, I will repost.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hi,

My apologies for the delay.

Maniac is away and I will be helping you instead.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix (delete your copy and grab a fresh copy):

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Describe what issues you are currently experiencing.

-screen317

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.