Jump to content

Hijack.Userinit with extra problems


MizSuz

Recommended Posts

Good afternoon and thank you for your assistance!

My IBM Thinkpad began performing slowly so I installed and ran Malwarebytes. This is the log of that thorough scan:

START LOG

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.18.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: MYLAPTOP1 [administrator]

11/18/2012 8:17:33 AM

mbam-log-2012-11-18 (09-41-32).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 271402

Time elapsed: 1 hour(s), 9 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\DC3_FEXEC (Malware.Trace) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\Windupdt\winupdate.exe,C:\WINDOWS\system32\Windupdt\winupdate.exe) Good: (userinit.exe) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Program Files\LP\D9F1\1A0.tmp (Trojan.Dropper.PE4) -> No action taken.

C:\System Volume Information\_restore{FE98DFB6-A220-40AF-B448-C95D02CA20B6}\RP764\A0096300.exe (Trojan.Dropper.PE4) -> No action taken.

C:\System Volume Information\_restore{FE98DFB6-A220-40AF-B448-C95D02CA20B6}\RP764\A0096302.exe (Trojan.Agent) -> No action taken.

(end)

END LOG

In Malwarebytes I selected all five instances of issues and clicked "Remove." After removal I was prompted to insert a Windows CD because needed files were not present. I do not have a windows disc so I X'd out of that prompt. Malwarebytes prompted me to restart. I restarted. Once windows began to load the process to completion of loading was extremely slow. My wireless network can no longer find a network address and using the "fix" option in network connections only ends in an unsuccessful message.

I ran a quick scan using Malwarebytes again and this was the report:

START LOG

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.18.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: MYLAPTOP1 [administrator]

11/18/2012 9:55:03 AM

mbam-log-2012-11-18 (09-55-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 221412

Time elapsed: 10 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

END LOG

All processes are inordinately slow, I still do not have connectivity, and I noticed I am missing several critical Windows utilities like checkdisc, scandisk, defrag, etc. Start > Accessories > System Tools is now empty.

Using the desktop I am now posting from I came here and downloaded first the dds.scr file, transferred it to the desktop of the laptop using a thumbdrive and attempted to run the scan several times. It seems to start but after many minutes locks the computer up and a cold start is necessary to regain control of the computer. I then repeated the process with dds.com to similar results. The completion bar using dds.com gets to about 80% and the computer stops responding. Neither utility dropped any files for me to share with you.

I'm hoping you'll have some suggestions for next steps (besides using the thing as a doorstop, I mean). :)

Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Did you try to run DDS in Safe Mode? If not give it a try.

Link to post
Share on other sites

Hi Jeff!

Thanks for your assistance. My apologies for the delay.

dds.com run in safemode for 5 minutes generated the same result as running it in normal mode. It immediately achieves about 80% completion and then never progresses any farther. It just stops with the program open. There is no option for canceling out of dds, none of the buttons are active, nor is the maximize or close buttons on the upper right. Attempts to move the program window have frozen the computer and my mouse is no longer responding.

I await your instructions before restart.

Link to post
Share on other sites

Ok...go ahead and restart your system and then do the following....If a log is produced please post it. :)

OTL

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in
    netsvcs
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan
  • Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct
    items.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Link to post
Share on other sites

Hi Jeff! Here's the OTL reports. I'm running the TDSSKiller now.

OTL logfile created on: 11/18/2012 6:33:38 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 63.60% Memory free

2.60 Gb Paging File | 2.26 Gb Available in Paging File | 86.89% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 27.95 Gb Total Space | 4.98 Gb Free Space | 17.83% Space Free | Partition Type: NTFS

Computer Name: MYLAPTOP1 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)

PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll ()

MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()

MOD - C:\Program Files\IZArc\IZArcCM.dll ()

MOD - C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()

========== Services (SafeList) ==========

SRV - (Smcinst) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe File not found

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)

SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)

SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

SRV - (SoundMAX Agent Service (default) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (MpKslf2c680b6) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A565A20-04A6-417A-8181-5F287342301A}\MpKslf2c680b6.sys File not found

DRV - (MpKsla6e24314) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2ED3D08-9C24-44B6-BFAC-2BBE255965EE}\MpKsla6e24314.sys File not found

DRV - (MpKsla69825f5) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{705151A3-313B-429E-AACA-B2817A77D92A}\MpKsla69825f5.sys File not found

DRV - (MpKsl72cda73c) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CCF73A6-1A29-4957-9FA0-5E98DACA2B62}\MpKsl72cda73c.sys File not found

DRV - (lbrtfdc) -- File not found

DRV - (i2omgmt) -- File not found

DRV - (Changer) -- File not found

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)

DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)

DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (TPPWR) -- C:\WINDOWS\system32\drivers\TPPWR.SYS (IBM Corp.)

DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)

DRV - (SoC PC-Camera Service) -- C:\WINDOWS\system32\drivers\pfc027.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2244600799-3872077539-159684054-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-2244600799-3872077539-159684054-500\..\SearchScopes,DefaultScope = {F3EC2100-035E-4B9B-8C50-5E3A665F868F}

IE - HKU\S-1-5-21-2244600799-3872077539-159684054-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2244600799-3872077539-159684054-500\..\SearchScopes\{F3EC2100-035E-4B9B-8C50-5E3A665F868F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-2244600799-3872077539-159684054-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-2244600799-3872077539-159684054-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2244600799-3872077539-159684054-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55535

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.3

FF - prefs.js..extensions.enabledAddons: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.8

FF - prefs.js..extensions.enabledAddons: {77d2ed30-4cd2-11e0-b8af-0800200c9a66}:5.1.7.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.5

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.2

FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/04 10:28:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/15 07:21:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/15 07:20:46 | 000,000,000 | ---D | M]

[2011/07/13 13:29:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2012/11/15 07:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g0h3t2l9.default\extensions

[2011/10/19 06:58:54 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g0h3t2l9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2012/11/15 07:22:56 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g0h3t2l9.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}

[2012/09/06 14:06:14 | 000,269,659 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g0h3t2l9.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi

[2012/11/15 07:22:56 | 000,328,449 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g0h3t2l9.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi

[2012/07/26 17:23:14 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g0h3t2l9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012/11/15 07:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/11/15 07:20:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012/11/15 07:20:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2012/11/15 07:20:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2012/11/15 07:21:02 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/03/08 05:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll

[2012/08/28 10:24:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/10/11 16:10:55 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: https://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: https://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.64\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.64\pdf.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Angry Birds = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

O1 HOSTS File: ([2012/08/04 09:07:47 | 000,000,763 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()

O4 - HKLM..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()

O4 - HKLM..\Run: [bMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()

O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

O4 - HKLM..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)

O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 4194304

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2244600799-3872077539-159684054-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2244600799-3872077539-159684054-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302729192250 (MUWebControl Class)

O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} http://service.ymcastlouis.org/crystalreportviewers115/ActiveXControls/ActiveXViewer.cab (Crystal ActiveX Report Viewer Control 11.5)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC72AEBC-1A44-4FEF-92FD-9183F50AE108}: DhcpNameServer = 209.18.47.61 209.18.47.62

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/06/18 15:15:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/18 18:29:48 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe

[2012/11/18 18:29:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2012/11/18 14:22:40 | 000,688,901 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.com

[2012/11/18 10:38:03 | 000,688,901 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr

[2012/11/18 07:31:26 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/11/18 07:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/11/18 07:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2012/11/18 07:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira

[2012/11/18 07:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira

[2012/11/18 07:04:49 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2012/11/18 07:04:45 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2012/11/18 07:04:45 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2012/11/18 07:04:45 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2012/11/18 07:04:45 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2012/11/18 07:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012/11/18 07:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2012/11/17 12:38:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Windupdt

[2012/11/17 12:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\6A272

[2012/11/17 12:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\1406A

[2012/11/17 12:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\LP

[2012/11/15 07:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012/11/14 21:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Forte Agent

[2012/11/14 21:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Agent

[2012/11/14 20:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Forte

[2012/11/14 20:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\GrabIt Downloads

[2012/11/14 20:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GrabIt

[2012/11/14 19:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\GrabIt

[2012/11/03 09:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/18 18:27:43 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\BMMTask.job

[2012/11/18 18:23:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/11/18 18:21:20 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe

[2012/11/18 18:20:40 | 1332,203,520 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/18 18:20:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/11/18 18:19:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2012/11/18 16:15:12 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2244600799-3872077539-159684054-500UA.job

[2012/11/18 14:19:04 | 000,688,901 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.com

[2012/11/18 11:15:02 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2244600799-3872077539-159684054-500Core.job

[2012/11/18 10:36:12 | 000,688,901 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr

[2012/11/18 07:33:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/18 07:05:14 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2012/11/05 10:26:39 | 000,467,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/11/05 10:26:39 | 000,080,610 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/11/03 09:18:31 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sigil.lnk

[2012/11/03 09:05:10 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk

[2012/10/27 19:30:18 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/18 18:20:40 | 1332,203,520 | -HS- | C] () -- C:\hiberfil.sys

[2012/11/18 07:33:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/18 07:05:14 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2012/11/17 12:23:08 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\chrtmp

[2012/09/01 07:43:36 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI

[2012/04/15 15:02:12 | 000,032,608 | ---- | C] () -- C:\WINDOWS\king-uninstall.exe

[2012/03/24 07:49:12 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2011/10/22 22:59:08 | 000,298,954 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2244600799-3872077539-159684054-500-0.dat

[2011/10/22 22:58:57 | 000,298,954 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2011/09/22 23:11:01 | 000,011,170 | R--- | C] () -- C:\WINDOWS\System32\PA207Usd.dll

[2011/09/22 23:11:00 | 000,136,832 | R--- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys

[2011/09/14 16:57:48 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/14 11:13:18 | 000,010,709 | ---- | C] () -- C:\WINDOWS\hpwscr19.dat

[2011/09/14 11:10:23 | 000,176,495 | ---- | C] () -- C:\WINDOWS\hpwins19.dat

[2011/09/14 11:10:23 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat

[2011/08/11 06:32:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/04/18 14:31:04 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2011/04/18 14:31:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2011/04/18 14:30:55 | 000,631,808 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011/04/18 14:30:54 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011/04/18 14:30:53 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/04/13 15:39:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/06/19 15:52:52 | 000,000,592 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol

========== ZeroAccess Check ==========

[2008/06/19 09:18:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2011/04/14 13:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft

[2012/11/17 12:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\1406A

[2012/04/20 12:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\cacaoweb

[2012/11/03 09:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\calibre

[2012/02/12 15:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FairStars Audio Converter Pro

[2012/11/14 20:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Forte

[2011/10/19 07:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Garmin

[2012/11/17 13:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabIt

[2012/09/18 12:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan

[2012/02/09 04:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SanDisk

[2012/11/15 23:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent

[2008/06/19 11:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus

[2012/08/04 09:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2008/06/19 12:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2011/06/19 06:11:22 | 001,007,120 | ---- | M] () MD5=62B8E10334799A27218FBE57708A9FC1 -- C:\Documents and Settings\Administrator\Desktop\antivirus\rKill\eXplorer.exe

[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >

[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe

[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >

[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2011/06/19 06:11:30 | 001,007,120 | ---- | M] () MD5=62B8E10334799A27218FBE57708A9FC1 -- C:\Documents and Settings\Administrator\Desktop\antivirus\rKill\uSeRiNiT.exe

[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2011/06/19 06:11:36 | 001,007,120 | ---- | M] () MD5=62B8E10334799A27218FBE57708A9FC1 -- C:\Documents and Settings\Administrator\Desktop\antivirus\rKill\WiNlOgOn.exe

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\WINDOWS\$NtUninstallKB38949$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

OTL Extras logfile created on: 11/18/2012 6:33:38 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 63.60% Memory free

2.60 Gb Paging File | 2.26 Gb Available in Paging File | 86.89% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 27.95 Gb Total Space | 4.98 Gb Free Space | 17.83% Space Free | Partition Type: NTFS

Computer Name: MYLAPTOP1 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2244600799-3872077539-159684054-500\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"5900:TCP" = 5900:TCP:*:Enabled:UltraVNC

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:192.168.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22009

"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

"C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe:*:Enabled:Spotify

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional

"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}" = Python 2.6

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.0.2827

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 37

"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{34843AB3-8DBA-4388-8838-080635E1EDB6}" = SwiftFile 4.0

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A3FCC59-5231-4634-882C-BF8B511392C5}" = calibre

"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help

"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan

"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext

"{674D5CE7-BFE9-43B8-B246-51D8F088A1C6}" = Diskeeper Professional Premier Edition

"{6888DF17-2DB3-4CB6-9A0D-FCC3E0272368}" = ASNA Client for .NET v7.2.368

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax

"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"All ATI Software" = ATI - Software Uninstall Utility

"AudioShell_is1" = AudioShell 1.3.5

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem

"Digital Editions" = Adobe Digital Editions

"Easy PDF Creator Retail Version_is1" = Easy PDF Creator Retail Version 1.00

"FairStars Audio Converter Pro_is1" = FairStars Audio Converter Pro 1.02

"Forte Agent" = Forté Agent

"GrabIt_is1" = GrabIt 1.7.2 Beta 6 (build 1008)

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"IneptSuite" = IneptSuite-1.0

"king.com" = king.com (remove only)

"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full)

"LENOVO.SMIIF" = Lenovo System Interface Driver

"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OnScreenDisplay" = On Screen Display

"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features

"Power Management Driver" = ThinkPad Power Management Driver

"PROSet" = Intel® Network Connections Drivers

"pycrypto-py2.6" = Python 2.6 pycrypto-2.1.0

"Sigil_is1" = Sigil 0.6.0

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"TrackPoint" = ThinkPad TrackPoint Driver

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.1.11

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2244600799-3872077539-159684054-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/11/2012 11:02:08 PM | Computer Name = MYLAPTOP1 | Source = Application Error | ID = 1000

Description = Faulting application excel.exe, version 9.0.0.8968, faulting module

excel.exe, version 9.0.0.8968, fault address 0x00041e98.

Error - 11/17/2012 1:27:50 PM | Computer Name = MYLAPTOP1 | Source = Application Error | ID = 1000

Description = Faulting application crimson wind by diana pharaoh francis.exe, version

0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x0000eef7.

Error - 11/17/2012 1:31:55 PM | Computer Name = MYLAPTOP1 | Source = Diskeeper | ID = 6

Description = Diskeeper Control Center - ERROR No valid endpoint could be found.

Error - 11/17/2012 1:31:55 PM | Computer Name = MYLAPTOP1 | Source = Diskeeper | ID = 6

Description = Diskeeper Control Center - ERROR Diskeeper was not able to initialize

RPC.

Error - 11/17/2012 1:35:50 PM | Computer Name = MYLAPTOP1 | Source = Application Error | ID = 1000

Description = Faulting application crimson wind by diana pharaoh francis.exe, version

0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x0000eef7.

Error - 11/17/2012 1:46:12 PM | Computer Name = MYLAPTOP1 | Source = Diskeeper | ID = 6

Description = Diskeeper Control Center - ERROR No valid endpoint could be found.

Error - 11/17/2012 1:46:12 PM | Computer Name = MYLAPTOP1 | Source = Diskeeper | ID = 6

Description = Diskeeper Control Center - ERROR Diskeeper was not able to initialize

RPC.

Error - 11/18/2012 8:05:56 AM | Computer Name = MYLAPTOP1 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 11/18/2012 8:05:56 AM | Computer Name = MYLAPTOP1 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 11/18/2012 10:50:13 AM | Computer Name = MYLAPTOP1 | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 16.0.2.4680, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 11/18/2012 6:26:37 PM | Computer Name = MYLAPTOP1 | Source = Service Control Manager | ID = 7003

Description = The TCP/IP NetBIOS Helper service depends on the following nonexistent

service: NetBT

Error - 11/18/2012 6:28:54 PM | Computer Name = MYLAPTOP1 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/18/2012 6:28:55 PM | Computer Name = MYLAPTOP1 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/18/2012 6:29:47 PM | Computer Name = MYLAPTOP1 | Source = Service Control Manager | ID = 7003

Description = The DHCP Client service depends on the following nonexistent service:

NetBT

Error - 11/18/2012 6:29:47 PM | Computer Name = MYLAPTOP1 | Source = Service Control Manager | ID = 7001

Description = The DNS Client service depends on the TCP/IP Protocol Driver service

which failed to start because of the following error: %%31

Error - 11/18/2012 6:29:47 PM | Computer Name = MYLAPTOP1 | Source = Service Control Manager | ID = 7001

Description = The TCP/IP NetBIOS Helper service depends on the AFD service which

failed to start because of the following error: %%31

Error - 11/18/2012 6:29:47 PM | Computer Name = MYLAPTOP1 | Source = Service Control Manager | ID = 7001

Description = The IPSEC Services service depends on the IPSEC driver service which

failed to start because of the following error: %%31

Error - 11/18/2012 6:29:47 PM | Computer Name = MYLAPTOP1 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AFD avgio avipbb Fips intelppm IPSec lenovo.smi MRxSmb NetBIOS RasAcd Rdbss ssmdrv Tcpip TPHKDRV

TPPWR

Error - 11/18/2012 7:23:27 PM | Computer Name = MYLAPTOP1 | Source = Service Control Manager | ID = 7003

Description = The DHCP Client service depends on the following nonexistent service:

NetBT

Error - 11/18/2012 7:23:27 PM | Computer Name = MYLAPTOP1 | Source = Service Control Manager | ID = 7003

Description = The TCP/IP NetBIOS Helper service depends on the following nonexistent

service: NetBT

< End of report >

Link to post
Share on other sites

And here is the TDSSKiller report:

18:55:30.0359 2904 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

18:55:30.0369 2904 ============================================================

18:55:30.0369 2904 Current date / time: 2012/11/18 18:55:30.0369

18:55:30.0369 2904 SystemInfo:

18:55:30.0369 2904

18:55:30.0369 2904 OS Version: 5.1.2600 ServicePack: 3.0

18:55:30.0369 2904 Product type: Workstation

18:55:30.0369 2904 ComputerName: MYLAPTOP1

18:55:30.0369 2904 UserName: Administrator

18:55:30.0369 2904 Windows directory: C:\WINDOWS

18:55:30.0369 2904 System windows directory: C:\WINDOWS

18:55:30.0369 2904 Processor architecture: Intel x86

18:55:30.0369 2904 Number of processors: 1

18:55:30.0369 2904 Page size: 0x1000

18:55:30.0369 2904 Boot type: Normal boot

18:55:30.0369 2904 ============================================================

18:55:32.0112 2904 Drive \Device\Harddisk0\DR0 - Size: 0x6FC7C8000 (27.95 Gb), SectorSize: 0x200, Cylinders: 0xF24, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054

18:55:32.0112 2904 ============================================================

18:55:32.0112 2904 \Device\Harddisk0\DR0:

18:55:32.0112 2904 MBR partitions:

18:55:32.0112 2904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37E3E01

18:55:32.0112 2904 ============================================================

18:55:32.0152 2904 C: <-> \Device\Harddisk0\DR0\Partition1

18:55:32.0152 2904 ============================================================

18:55:32.0152 2904 Initialize success

18:55:32.0152 2904 ============================================================

18:55:43.0418 2004 ============================================================

18:55:43.0418 2004 Scan started

18:55:43.0418 2004 Mode: Manual;

18:55:43.0418 2004 ============================================================

18:55:43.0829 2004 ================ Scan system memory ========================

18:55:43.0829 2004 System memory - ok

18:55:43.0829 2004 ================ Scan services =============================

18:55:43.0909 2004 Abiosdsk - ok

18:55:43.0919 2004 abp480n5 - ok

18:55:43.0979 2004 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:55:43.0979 2004 ACPI - ok

18:55:44.0019 2004 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

18:55:44.0019 2004 ACPIEC - ok

18:55:44.0029 2004 adpu160m - ok

18:55:44.0089 2004 [ 9F59AE2DE835641FBB0C6AFD80D8FA9B ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys

18:55:44.0089 2004 aeaudio - ok

18:55:44.0129 2004 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

18:55:44.0129 2004 aec - ok

18:55:44.0189 2004 [ 7618D5218F2A614672EC61A80D854A37 ] AFD C:\WINDOWS\System32\drivers\afd.sys

18:55:44.0189 2004 AFD - ok

18:55:44.0239 2004 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys

18:55:44.0239 2004 agp440 - ok

18:55:44.0249 2004 Aha154x - ok

18:55:44.0259 2004 aic78u2 - ok

18:55:44.0269 2004 aic78xx - ok

18:55:44.0319 2004 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

18:55:44.0319 2004 Alerter - ok

18:55:44.0349 2004 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

18:55:44.0349 2004 ALG - ok

18:55:44.0359 2004 AliIde - ok

18:55:44.0369 2004 amsint - ok

18:55:44.0620 2004 [ CA8A0E78C3BBBAD05A9A132BC468DF9C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe

18:55:44.0630 2004 AntiVirSchedulerService - ok

18:55:44.0690 2004 [ 48BE1FCFF1C929C899F29BCDC8659D9F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe

18:55:44.0690 2004 AntiVirService - ok

18:55:44.0750 2004 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

18:55:44.0750 2004 AppMgmt - ok

18:55:44.0760 2004 asc - ok

18:55:44.0770 2004 asc3350p - ok

18:55:44.0790 2004 asc3550 - ok

18:55:44.0990 2004 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

18:55:44.0990 2004 aspnet_state - ok

18:55:45.0040 2004 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:55:45.0040 2004 AsyncMac - ok

18:55:45.0100 2004 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

18:55:45.0100 2004 atapi - ok

18:55:45.0110 2004 Atdisk - ok

18:55:45.0141 2004 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:55:45.0141 2004 Atmarpc - ok

18:55:45.0201 2004 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

18:55:45.0201 2004 AudioSrv - ok

18:55:45.0261 2004 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

18:55:45.0261 2004 audstub - ok

18:55:45.0311 2004 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys

18:55:45.0311 2004 avgio - ok

18:55:45.0351 2004 [ 47B879406246FFDCED59E18D331A0E7D ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys

18:55:45.0351 2004 avgntflt - ok

18:55:45.0401 2004 [ DA39805E2BAD99D37FCE9477DD94E7F2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys

18:55:45.0411 2004 avipbb - ok

18:55:45.0461 2004 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

18:55:45.0461 2004 Beep - ok

18:55:45.0531 2004 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

18:55:45.0541 2004 BITS - ok

18:55:45.0601 2004 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll

18:55:45.0601 2004 Browser - ok

18:55:45.0651 2004 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

18:55:45.0661 2004 cbidf2k - ok

18:55:45.0691 2004 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:55:45.0691 2004 CCDECODE - ok

18:55:45.0701 2004 cd20xrnt - ok

18:55:45.0731 2004 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

18:55:45.0731 2004 Cdaudio - ok

18:55:45.0781 2004 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

18:55:45.0781 2004 Cdfs - ok

18:55:45.0842 2004 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:55:45.0842 2004 Cdrom - ok

18:55:45.0852 2004 Changer - ok

18:55:45.0912 2004 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

18:55:45.0912 2004 CiSvc - ok

18:55:45.0932 2004 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

18:55:45.0932 2004 ClipSrv - ok

18:55:46.0022 2004 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:55:46.0022 2004 clr_optimization_v2.0.50727_32 - ok

18:55:46.0072 2004 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:55:46.0082 2004 clr_optimization_v4.0.30319_32 - ok

18:55:46.0132 2004 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

18:55:46.0132 2004 CmBatt - ok

18:55:46.0142 2004 CmdIde - ok

18:55:46.0172 2004 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

18:55:46.0172 2004 Compbatt - ok

18:55:46.0182 2004 COMSysApp - ok

18:55:46.0202 2004 Cpqarray - ok

18:55:46.0252 2004 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

18:55:46.0252 2004 CryptSvc - ok

18:55:46.0262 2004 dac2w2k - ok

18:55:46.0272 2004 dac960nt - ok

18:55:46.0342 2004 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

18:55:46.0352 2004 DcomLaunch - ok

18:55:46.0422 2004 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

18:55:46.0422 2004 Dhcp - ok

18:55:46.0452 2004 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

18:55:46.0452 2004 Disk - ok

18:55:46.0583 2004 [ 7496908263A7C08DD8CCA9BADF053EE1 ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

18:55:46.0593 2004 Diskeeper - ok

18:55:46.0603 2004 dmadmin - ok

18:55:46.0673 2004 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

18:55:46.0693 2004 dmboot - ok

18:55:46.0703 2004 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

18:55:46.0703 2004 dmio - ok

18:55:46.0743 2004 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

18:55:46.0743 2004 dmload - ok

18:55:46.0783 2004 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

18:55:46.0783 2004 dmserver - ok

18:55:46.0893 2004 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

18:55:46.0893 2004 DMusic - ok

18:55:46.0943 2004 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

18:55:46.0943 2004 Dnscache - ok

18:55:47.0013 2004 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

18:55:47.0013 2004 Dot3svc - ok

18:55:47.0023 2004 dpti2o - ok

18:55:47.0033 2004 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

18:55:47.0033 2004 drmkaud - ok

18:55:47.0083 2004 [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys

18:55:47.0083 2004 E100B - ok

18:55:47.0123 2004 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

18:55:47.0123 2004 EapHost - ok

18:55:47.0173 2004 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

18:55:47.0173 2004 ERSvc - ok

18:55:47.0244 2004 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

18:55:47.0244 2004 Eventlog - ok

18:55:47.0284 2004 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

18:55:47.0284 2004 EventSystem - ok

18:55:47.0324 2004 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

18:55:47.0324 2004 Fastfat - ok

18:55:47.0384 2004 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

18:55:47.0384 2004 FastUserSwitchingCompatibility - ok

18:55:47.0414 2004 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

18:55:47.0414 2004 Fdc - ok

18:55:47.0434 2004 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

18:55:47.0434 2004 Fips - ok

18:55:47.0454 2004 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

18:55:47.0454 2004 Flpydisk - ok

18:55:47.0524 2004 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

18:55:47.0524 2004 FltMgr - ok

18:55:47.0604 2004 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:55:47.0604 2004 FontCache3.0.0.0 - ok

18:55:47.0644 2004 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:55:47.0644 2004 Fs_Rec - ok

18:55:47.0654 2004 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:55:47.0654 2004 Ftdisk - ok

18:55:47.0714 2004 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:55:47.0714 2004 Gpc - ok

18:55:47.0824 2004 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:55:47.0824 2004 helpsvc - ok

18:55:47.0864 2004 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

18:55:47.0864 2004 HidServ - ok

18:55:47.0905 2004 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:55:47.0905 2004 HidUsb - ok

18:55:47.0955 2004 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

18:55:47.0955 2004 hkmsvc - ok

18:55:47.0965 2004 hpn - ok

18:55:48.0085 2004 [ B14328CFEEB6B736BE44C2C9DB3B162C ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

18:55:48.0085 2004 hpqcxs08 - ok

18:55:48.0125 2004 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys

18:55:48.0125 2004 HPZid412 - ok

18:55:48.0135 2004 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

18:55:48.0135 2004 HPZipr12 - ok

18:55:48.0145 2004 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys

18:55:48.0145 2004 HPZius12 - ok

18:55:48.0215 2004 [ AE89580586649147B5B5EF71AF78DE4D ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

18:55:48.0215 2004 HSFHWICH - ok

18:55:48.0285 2004 [ 4C2AAB15AD6229134F70E5C950E6185C ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

18:55:48.0305 2004 HSF_DPV - ok

18:55:48.0365 2004 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

18:55:48.0375 2004 HTTP - ok

18:55:48.0425 2004 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

18:55:48.0425 2004 HTTPFilter - ok

18:55:48.0445 2004 i2omgmt - ok

18:55:48.0455 2004 i2omp - ok

18:55:48.0515 2004 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:55:48.0515 2004 i8042prt - ok

18:55:48.0606 2004 [ D4405BD2B6E95EFDC8E674ED4032874F ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

18:55:48.0626 2004 ialm - ok

18:55:48.0636 2004 [ FA3D0A6DA7BB7968EFE5C5BC267F0E55 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

18:55:48.0636 2004 IBMPMDRV - ok

18:55:48.0696 2004 [ 495F184A29B80B51735BCEE91D84FE8F ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe

18:55:48.0696 2004 IBMPMSVC - ok

18:55:48.0866 2004 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:55:48.0886 2004 idsvc - ok

18:55:48.0926 2004 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

18:55:48.0926 2004 Imapi - ok

18:55:48.0976 2004 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

18:55:48.0986 2004 ImapiService - ok

18:55:48.0996 2004 ini910u - ok

18:55:49.0016 2004 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

18:55:49.0016 2004 IntelIde - ok

18:55:49.0076 2004 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:55:49.0076 2004 intelppm - ok

18:55:49.0106 2004 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

18:55:49.0106 2004 Ip6Fw - ok

18:55:49.0146 2004 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:55:49.0146 2004 IpFilterDriver - ok

18:55:49.0186 2004 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:55:49.0186 2004 IpInIp - ok

18:55:49.0226 2004 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:55:49.0226 2004 IpNat - ok

18:55:49.0276 2004 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:55:49.0276 2004 IPSec - ok

18:55:49.0297 2004 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys

18:55:49.0307 2004 irda - ok

18:55:49.0337 2004 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

18:55:49.0337 2004 IRENUM - ok

18:55:49.0387 2004 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll

18:55:49.0387 2004 Irmon - ok

18:55:49.0447 2004 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:55:49.0447 2004 isapnp - ok

18:55:49.0607 2004 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

18:55:49.0607 2004 JavaQuickStarterService - ok

18:55:49.0667 2004 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:55:49.0667 2004 Kbdclass - ok

18:55:49.0717 2004 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:55:49.0717 2004 kbdhid - ok

18:55:49.0747 2004 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

18:55:49.0747 2004 kmixer - ok

18:55:49.0807 2004 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

18:55:49.0817 2004 KSecDD - ok

18:55:49.0917 2004 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

18:55:49.0927 2004 lanmanserver - ok

18:55:50.0018 2004 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

18:55:50.0018 2004 lanmanworkstation - ok

18:55:50.0028 2004 lbrtfdc - ok

18:55:50.0128 2004 [ FCE735941DA27929DBFC1918F286FFD8 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

18:55:50.0128 2004 LENOVO.MICMUTE - ok

18:55:50.0178 2004 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\WINDOWS\system32\DRIVERS\smiif32.sys

18:55:50.0178 2004 lenovo.smi - ok

18:55:50.0238 2004 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

18:55:50.0238 2004 LmHosts - ok

18:55:50.0298 2004 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

18:55:50.0298 2004 mdmxsdk - ok

18:55:50.0338 2004 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

18:55:50.0338 2004 Messenger - ok

18:55:50.0388 2004 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

18:55:50.0388 2004 mnmdd - ok

18:55:50.0438 2004 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

18:55:50.0438 2004 mnmsrvc - ok

18:55:50.0498 2004 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

18:55:50.0498 2004 Modem - ok

18:55:50.0548 2004 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:55:50.0548 2004 Mouclass - ok

18:55:50.0588 2004 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:55:50.0598 2004 mouhid - ok

18:55:50.0608 2004 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

18:55:50.0608 2004 MountMgr - ok

18:55:50.0719 2004 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

18:55:50.0719 2004 MozillaMaintenance - ok

18:55:50.0899 2004 MpKsl72cda73c - ok

18:55:50.0909 2004 MpKsla69825f5 - ok

18:55:50.0919 2004 MpKsla6e24314 - ok

18:55:50.0929 2004 MpKslf2c680b6 - ok

18:55:50.0939 2004 mraid35x - ok

18:55:51.0009 2004 [ E3F17E1EA5256709D4E97EF0DA04B3C9 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:55:51.0009 2004 MRxDAV - ok

18:55:51.0099 2004 [ 0EA4D8ED179B75F8AFA7998BA22285CA ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:55:51.0109 2004 MRxSmb - ok

18:55:51.0149 2004 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

18:55:51.0159 2004 MSDTC - ok

18:55:51.0169 2004 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

18:55:51.0179 2004 Msfs - ok

18:55:51.0189 2004 MSIServer - ok

18:55:51.0229 2004 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:55:51.0229 2004 MSKSSRV - ok

18:55:51.0239 2004 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:55:51.0239 2004 MSPCLOCK - ok

18:55:51.0259 2004 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

18:55:51.0259 2004 MSPQM - ok

18:55:51.0289 2004 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:55:51.0289 2004 mssmbios - ok

18:55:51.0319 2004 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

18:55:51.0319 2004 MSTEE - ok

18:55:51.0349 2004 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

18:55:51.0359 2004 Mup - ok

18:55:51.0410 2004 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:55:51.0410 2004 NABTSFEC - ok

18:55:51.0500 2004 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

18:55:51.0510 2004 napagent - ok

18:55:51.0570 2004 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

18:55:51.0570 2004 NDIS - ok

18:55:51.0630 2004 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:55:51.0630 2004 NdisIP - ok

18:55:51.0660 2004 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:55:51.0670 2004 NdisTapi - ok

18:55:51.0690 2004 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:55:51.0690 2004 Ndisuio - ok

18:55:51.0710 2004 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:55:51.0710 2004 NdisWan - ok

18:55:51.0760 2004 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

18:55:51.0760 2004 NDProxy - ok

18:55:51.0820 2004 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll

18:55:51.0820 2004 Net Driver HPZ12 - ok

18:55:51.0880 2004 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

18:55:51.0880 2004 NetBIOS - ok

18:55:51.0940 2004 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

18:55:51.0940 2004 NetDDE - ok

18:55:51.0950 2004 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

18:55:51.0960 2004 NetDDEdsdm - ok

18:55:52.0010 2004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

18:55:52.0010 2004 Netlogon - ok

18:55:52.0040 2004 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

18:55:52.0050 2004 Netman - ok

18:55:52.0101 2004 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:55:52.0101 2004 NetTcpPortSharing - ok

18:55:52.0171 2004 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

18:55:52.0171 2004 Nla - ok

18:55:52.0221 2004 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

18:55:52.0221 2004 Npfs - ok

18:55:52.0251 2004 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys

18:55:52.0251 2004 NSCIRDA - ok

18:55:52.0301 2004 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

18:55:52.0311 2004 Ntfs - ok

18:55:52.0331 2004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

18:55:52.0341 2004 NtLmSsp - ok

18:55:52.0401 2004 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

18:55:52.0411 2004 NtmsSvc - ok

18:55:52.0451 2004 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

18:55:52.0451 2004 Null - ok

18:55:52.0511 2004 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:55:52.0511 2004 NwlnkFlt - ok

18:55:52.0531 2004 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:55:52.0531 2004 NwlnkFwd - ok

18:55:52.0591 2004 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

18:55:52.0591 2004 Parport - ok

18:55:52.0611 2004 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

18:55:52.0611 2004 PartMgr - ok

18:55:52.0671 2004 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

18:55:52.0671 2004 ParVdm - ok

18:55:52.0701 2004 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

18:55:52.0701 2004 PCI - ok

18:55:52.0721 2004 PCIDump - ok

18:55:52.0731 2004 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

18:55:52.0731 2004 PCIIde - ok

18:55:52.0741 2004 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys

18:55:52.0741 2004 Pcmcia - ok

18:55:52.0751 2004 PDCOMP - ok

18:55:52.0761 2004 PDFRAME - ok

18:55:52.0772 2004 PDRELI - ok

18:55:52.0782 2004 PDRFRAME - ok

18:55:52.0792 2004 perc2 - ok

18:55:52.0802 2004 perc2hib - ok

18:55:52.0862 2004 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

18:55:52.0862 2004 PlugPlay - ok

18:55:52.0892 2004 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll

18:55:52.0892 2004 Pml Driver HPZ12 - ok

18:55:52.0902 2004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

18:55:52.0902 2004 PolicyAgent - ok

18:55:52.0952 2004 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:55:52.0952 2004 PptpMiniport - ok

18:55:52.0972 2004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

18:55:52.0972 2004 ProtectedStorage - ok

18:55:53.0032 2004 [ 651D3ABC1D82D61B6CFB40CB947B3DB3 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys

18:55:53.0032 2004 psadd - ok

18:55:53.0042 2004 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

18:55:53.0052 2004 PSched - ok

18:55:53.0082 2004 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:55:53.0082 2004 Ptilink - ok

18:55:53.0092 2004 ql1080 - ok

18:55:53.0102 2004 Ql10wnt - ok

18:55:53.0112 2004 ql12160 - ok

18:55:53.0122 2004 ql1240 - ok

18:55:53.0132 2004 ql1280 - ok

18:55:53.0162 2004 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:55:53.0172 2004 RasAcd - ok

18:55:53.0222 2004 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

18:55:53.0222 2004 RasAuto - ok

18:55:53.0272 2004 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys

18:55:53.0272 2004 Rasirda - ok

18:55:53.0282 2004 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:55:53.0282 2004 Rasl2tp - ok

18:55:53.0342 2004 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

18:55:53.0342 2004 RasMan - ok

18:55:53.0352 2004 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:55:53.0352 2004 RasPppoe - ok

18:55:53.0372 2004 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

18:55:53.0372 2004 Raspti - ok

18:55:53.0392 2004 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:55:53.0402 2004 Rdbss - ok

18:55:53.0422 2004 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:55:53.0422 2004 RDPCDD - ok

18:55:53.0462 2004 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:55:53.0462 2004 rdpdr - ok

18:55:53.0513 2004 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

18:55:53.0513 2004 RDPWD - ok

18:55:53.0573 2004 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

18:55:53.0573 2004 RDSessMgr - ok

18:55:53.0613 2004 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

18:55:53.0613 2004 redbook - ok

18:55:53.0663 2004 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

18:55:53.0663 2004 RemoteAccess - ok

18:55:53.0723 2004 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

18:55:53.0723 2004 RemoteRegistry - ok

18:55:53.0773 2004 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

18:55:53.0773 2004 RpcLocator - ok

18:55:53.0833 2004 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

18:55:53.0833 2004 RpcSs - ok

18:55:53.0903 2004 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

18:55:53.0903 2004 RSVP - ok

18:55:53.0933 2004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

18:55:53.0933 2004 SamSs - ok

18:55:53.0973 2004 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

18:55:53.0973 2004 SCardSvr - ok

18:55:54.0023 2004 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

18:55:54.0033 2004 Schedule - ok

18:55:54.0063 2004 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:55:54.0073 2004 Secdrv - ok

18:55:54.0103 2004 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

18:55:54.0103 2004 seclogon - ok

18:55:54.0143 2004 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

18:55:54.0143 2004 SENS - ok

18:55:54.0174 2004 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

18:55:54.0184 2004 serenum - ok

18:55:54.0194 2004 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

18:55:54.0194 2004 Serial - ok

18:55:54.0244 2004 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

18:55:54.0244 2004 Sfloppy - ok

18:55:54.0314 2004 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

18:55:54.0324 2004 SharedAccess - ok

18:55:54.0354 2004 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

18:55:54.0364 2004 ShellHWDetection - ok

18:55:54.0404 2004 [ BC31655A03D9E9ED6F7116BAFB9B38C7 ] Shockprf C:\WINDOWS\system32\DRIVERS\Apsx86.sys

18:55:54.0404 2004 Shockprf - ok

18:55:54.0424 2004 Simbad - ok

18:55:54.0454 2004 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:55:54.0454 2004 SLIP - ok

18:55:54.0504 2004 Smcinst - ok

18:55:54.0584 2004 [ 1319EA66A96250D59665D133C0FF7CD0 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys

18:55:54.0594 2004 smwdm - ok

18:55:54.0664 2004 [ 79AD3ACFFA28EC914F652081CAD3DF48 ] SoC PC-Camera Service C:\WINDOWS\system32\DRIVERS\pfc027.sys

18:55:54.0674 2004 SoC PC-Camera Service - ok

18:55:54.0734 2004 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

18:55:54.0734 2004 SoundMAX Agent Service (default) - ok

18:55:54.0744 2004 Sparrow - ok

18:55:54.0804 2004 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

18:55:54.0804 2004 splitter - ok

18:55:54.0885 2004 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

18:55:54.0885 2004 Spooler - ok

18:55:54.0925 2004 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

18:55:54.0925 2004 sr - ok

18:55:55.0015 2004 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

18:55:55.0025 2004 srservice - ok

18:55:55.0095 2004 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

18:55:55.0105 2004 Srv - ok

18:55:55.0155 2004 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

18:55:55.0165 2004 SSDPSRV - ok

18:55:55.0215 2004 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

18:55:55.0215 2004 ssmdrv - ok

18:55:55.0265 2004 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

18:55:55.0275 2004 stisvc - ok

18:55:55.0315 2004 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:55:55.0315 2004 streamip - ok

18:55:55.0405 2004 [ 109CA8F9DB4886F9F14667ADC10A5065 ] SUService c:\program files\lenovo\system update\suservice.exe

18:55:55.0405 2004 SUService - ok

18:55:55.0455 2004 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

18:55:55.0455 2004 swenum - ok

18:55:55.0485 2004 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

18:55:55.0485 2004 swmidi - ok

18:55:55.0495 2004 SwPrv - ok

18:55:55.0505 2004 symc810 - ok

18:55:55.0525 2004 symc8xx - ok

18:55:55.0535 2004 sym_hi - ok

18:55:55.0545 2004 sym_u3 - ok

18:55:55.0616 2004 [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys

18:55:55.0616 2004 SynTP - ok

18:55:55.0626 2004 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

18:55:55.0636 2004 sysaudio - ok

18:55:55.0686 2004 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

18:55:55.0696 2004 SysmonLog - ok

18:55:55.0746 2004 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

18:55:55.0756 2004 TapiSrv - ok

18:55:55.0836 2004 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:55:55.0846 2004 Tcpip - ok

18:55:55.0926 2004 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

18:55:55.0926 2004 TDPIPE - ok

18:55:55.0946 2004 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

18:55:55.0946 2004 TDTCP - ok

18:55:55.0976 2004 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

18:55:55.0976 2004 TermDD - ok

18:55:56.0046 2004 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

18:55:56.0046 2004 TermService - ok

18:55:56.0076 2004 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

18:55:56.0076 2004 Themes - ok

18:55:56.0236 2004 [ 9626746A9B120D2ED537DD8D76278405 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

18:55:56.0236 2004 ThinkVantage Registry Monitor Service - ok

18:55:56.0297 2004 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

18:55:56.0297 2004 TlntSvr - ok

18:55:56.0317 2004 TosIde - ok

18:55:56.0367 2004 [ C5DC9E462407B274B504DE2AA3220C2E ] TPDIGIMN C:\WINDOWS\system32\DRIVERS\ApsHM86.sys

18:55:56.0367 2004 TPDIGIMN - ok

18:55:56.0407 2004 [ 4B2F57221E4CA268967EED0C4F2B7726 ] TPHDEXLGSVC C:\WINDOWS\system32\TPHDEXLG.exe

18:55:56.0407 2004 TPHDEXLGSVC - ok

18:55:56.0437 2004 [ 8AEF2188630F5ECD79AD9ABBA630630B ] TPHKDRV C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys

18:55:56.0447 2004 TPHKDRV - ok

18:55:56.0497 2004 [ 88D609BFDEB7E013E9E491434190BA43 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

18:55:56.0497 2004 TPHKLOAD - ok

18:55:56.0527 2004 [ 9E6E4A9789F76593CC5A6A5AF8FC5929 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

18:55:56.0527 2004 TPHKSVC - ok

18:55:56.0547 2004 [ 8D6678AAAB7CA42A71999E7B931CDF1D ] TPPWR C:\WINDOWS\system32\drivers\Tppwr.sys

18:55:56.0547 2004 TPPWR - ok

18:55:56.0597 2004 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

18:55:56.0597 2004 TrkWks - ok

18:55:56.0727 2004 [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

18:55:56.0737 2004 TVT Scheduler - ok

18:55:56.0767 2004 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

18:55:56.0767 2004 Udfs - ok

18:55:56.0787 2004 ultra - ok

18:55:56.0887 2004 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

18:55:56.0887 2004 Update - ok

18:55:56.0958 2004 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

18:55:56.0968 2004 upnphost - ok

18:55:56.0998 2004 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

18:55:56.0998 2004 UPS - ok

18:55:57.0038 2004 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:55:57.0038 2004 usbccgp - ok

18:55:57.0068 2004 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:55:57.0068 2004 usbehci - ok

18:55:57.0128 2004 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:55:57.0128 2004 usbhub - ok

18:55:57.0188 2004 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:55:57.0188 2004 usbprint - ok

18:55:57.0228 2004 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:55:57.0228 2004 usbscan - ok

18:55:57.0268 2004 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:55:57.0268 2004 USBSTOR - ok

18:55:57.0318 2004 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:55:57.0318 2004 usbuhci - ok

18:55:57.0348 2004 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

18:55:57.0348 2004 VgaSave - ok

18:55:57.0358 2004 ViaIde - ok

18:55:57.0398 2004 [ 4EC979B157D1AA075330362ACB5424E5 ] vncdrv C:\WINDOWS\system32\DRIVERS\vncdrv.sys

18:55:57.0398 2004 vncdrv - ok

18:55:57.0438 2004 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

18:55:57.0438 2004 VolSnap - ok

18:55:57.0498 2004 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

18:55:57.0508 2004 VSS - ok

18:55:57.0679 2004 [ A22ABD73E0D6BA666CBA4E86EEB001B3 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys

18:55:57.0819 2004 w29n51 - ok

18:55:57.0889 2004 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

18:55:57.0889 2004 W32Time - ok

18:55:57.0919 2004 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:55:57.0919 2004 Wanarp - ok

18:55:57.0999 2004 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys

18:55:58.0009 2004 Wdf01000 - ok

18:55:58.0019 2004 WDICA - ok

18:55:58.0049 2004 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

18:55:58.0049 2004 wdmaud - ok

18:55:58.0109 2004 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

18:55:58.0109 2004 WebClient - ok

18:55:58.0179 2004 [ E17D31CD52DCB7745AC5330EEA062D0B ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

18:55:58.0199 2004 winachsf - ok

18:55:58.0309 2004 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

18:55:58.0309 2004 winmgmt - ok

18:55:58.0410 2004 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll

18:55:58.0440 2004 WinRM - ok

18:55:58.0500 2004 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

18:55:58.0500 2004 WmdmPmSN - ok

18:55:58.0570 2004 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

18:55:58.0580 2004 Wmi - ok

18:55:58.0630 2004 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:55:58.0640 2004 WmiApSrv - ok

18:55:58.0750 2004 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

18:55:58.0770 2004 WMPNetworkSvc - ok

18:55:58.0800 2004 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys

18:55:58.0800 2004 WpdUsb - ok

18:55:58.0950 2004 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

18:55:58.0960 2004 WPFFontCache_v0400 - ok

18:55:59.0010 2004 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:55:59.0010 2004 WSTCODEC - ok

18:55:59.0061 2004 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

18:55:59.0061 2004 wuauserv - ok

18:55:59.0121 2004 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:55:59.0121 2004 WudfPf - ok

18:55:59.0161 2004 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:55:59.0161 2004 WudfRd - ok

18:55:59.0191 2004 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

18:55:59.0191 2004 WudfSvc - ok

18:55:59.0281 2004 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

18:55:59.0301 2004 WZCSVC - ok

18:55:59.0351 2004 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

18:55:59.0351 2004 xmlprov - ok

18:55:59.0371 2004 ================ Scan global ===============================

18:55:59.0431 2004 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

18:55:59.0491 2004 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll

18:55:59.0501 2004 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll

18:55:59.0531 2004 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

18:55:59.0541 2004 [Global] - ok

18:55:59.0541 2004 ================ Scan MBR ==================================

18:55:59.0571 2004 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

18:55:59.0742 2004 \Device\Harddisk0\DR0 - ok

18:55:59.0742 2004 ================ Scan VBR ==================================

18:55:59.0752 2004 [ 068664A72BE9BC4968C14C4FA6136D28 ] \Device\Harddisk0\DR0\Partition1

18:55:59.0752 2004 \Device\Harddisk0\DR0\Partition1 - ok

18:55:59.0752 2004 ============================================================

18:55:59.0752 2004 Scan finished

18:55:59.0752 2004 ============================================================

18:55:59.0762 3412 Detected object count: 0

18:55:59.0762 3412 Actual detected object count: 0

Link to post
Share on other sites

Incidentally, this:

Error - 11/17/2012 1:27:50 PM | Computer Name = MYLAPTOP1 | Source = Application Error | ID = 1000

Description = Faulting application crimson wind by diana pharaoh francis.exe, version

0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x0000eef7.

and this:

Error - 11/17/2012 1:27:50 PM | Computer Name = MYLAPTOP1 | Source = Application Error | ID = 1000

Description = Faulting application crimson wind by diana pharaoh francis.exe, version

0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x0000eef7.

is where I picked up the viruses. I'm sure I installed the darn things myself. The subsequent errors were, I think, the trojans doing their evil deeds.

But I defer to your expertise.

Link to post
Share on other sites

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)

----------

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

----------

Link to post
Share on other sites

Well, Jeff, it's been running for about 40 minutes and the cursor is still blinking and I still have control of the mouse, although I have made sure not to click anything as it runs so I can't say whether anything is working or not. I haven't gotten another round of warnings about the rootkit beyond the first time. However, I have to step away from the computer for the remainder of the night. I will check in again in the morning and report here as soon as I have completed this scan.

Good night. Thank you for your trouble, Jeff. I hope to talk to you again tomorrow and that you have a wonderful interim.

Suz

Link to post
Share on other sites

Ok, two attempts to run the Combofix in normal mode and two attempts in safe mode and the result is the same. It initializes, can't connect to the internet to update and run Recovery Console so aborts that and continues the scan. Notifies me once that I have a deep infection of the ZeroAccess rootkit in the tcp/ip stack, appears to continue the scan for many minutes although I never actually hear the hard drive turn again, and then freezes the entire computer requiring a cold restart.

Link to post
Share on other sites

Let's try a different route...

Download RogueKiller (by tigzy) and save direct to your Desktop.

On the web page click on this: RogueKillericon.png

  • Quit all running programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished.
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
  • NOTE: DO NOT attempt to remove anything that the scan detects. Not everything is bad!

RogueKillerstart.png

==========

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.