Jump to content

Emergency Help - can't work until safe. Virus/Malware issues


Recommended Posts

Hi. I'm sorry to sound in a rush, but I work from home on this computer and have missed work today as I cannot safely log into work with these problems. I really need to work tomorrow :(

I first noticed something was wrong when Google Chrome gave me a blank blue screen. Did some digging, tried several fixes, nothing worked. Decided to run some scans, found a few problems. Realized that ALL my antivirus/tools etc were disabled and would not open due to "Windows cannot open this program because it's been prevented by a software restriction policy".. I created no groups, never had restrictions, never edited anything.

On some of the earlier scans, I found Ukash Virus, Exploit.Drop.GSA, and some B.Gen Viruses. I do think I took care of them, but there must be stragglers or something new. I tried restoring, but was unable to restore to any of the points. I also have ran ComboFix a few times, and it says that C:\Windows\explorer.exe is infected. I won't run it again, without further instruction.

I can usually take care of things on my own, but this one is driving me crazy. I obviously need help from the pros. Everything else is working normally, no popups, no redirects, just the software restriction policy blocking all of my antivirus/malware tools. I can run pretty much any scans from installation, except for Malwarebytes - I have to be in Safe Mode for that one. BTW, there are no issues at all in Safe Mode.

I also have scan logs from Malwarebytes (found nothing), Combofix, Hitman Pro (2 threats), TDSS Killer (found 1), and Rogue Killer (found 2). I didn't fix any issues with these scans, just got info. Please advise if you'd like to look at any of them. I SO appreciate a quick response.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 7.0.6000.17114 BrowserJavaVersion: 1.6.0_31

Run by Mom at 17:35:18 on 2013-03-28

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2228 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ================

.

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\AOL\1176508629\ee\AOLSoftware.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files\SeaMonkey\seamonkey.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\SeaMonkey\plugin-container.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://portal.arise.com/Login.aspx

mStart Page = hxxp://www.aol.com/?src=customie7

uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/redir.asp?affid=105-79&installtype=force&dtag=563psc1&langid=1&systempopup=true

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [HostManager] c:\program files\common files\aol\1176508629\ee\AOLSoftware.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

Trusted Zone: arise.com

Trusted Zone: intuit.com

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://asp23.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} - hxxp://i.dell.com/images/global/js/scanner/SYSSCANNER.cab

DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} - hxxp://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228867869953

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB

DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab

DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab

DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://ns.arise.com/dana-cached/setup/JuniperSetupSP1.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ns.arise.com/dana-cached/sc/JuniperSetupClient.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{6019A3D2-B279-468A-8732-A26A61A41680} : DHCPNameServer = 192.168.1.1

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-28 49248]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 193552]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-3-28 765736]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-3-28 368176]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]

R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [2007-10-3 63008]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-3-28 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-28 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-3-28 45248]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2012-9-12 1027792]

R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2012-9-12 68464]

S1 cvjbhgwe;cvjbhgwe;\??\c:\windows\system32\drivers\cvjbhgwe.sys --> c:\windows\system32\drivers\cvjbhgwe.sys [?]

S1 kolkgvvx;kolkgvvx;\??\c:\windows\system32\drivers\kolkgvvx.sys --> c:\windows\system32\drivers\kolkgvvx.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-28 164736]

S3 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]

S3 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2008-5-5 98984]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]

S3 Network ConnectorService;Network Connector Service;c:\program files\barracuda\network connector\bin\network-connectorserv.exe [2010-5-18 43416]

S4 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-14 266240]

S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-2 24652]

S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-03-28 15:43:55 -------- d-----w- C:\MGtools

2013-03-28 14:54:26 1898001 ----a-w- C:\MGtools.exe

2013-03-28 10:41:51 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-03-28 10:41:51 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-03-28 10:41:51 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-03-28 10:41:50 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-03-28 10:41:29 41664 ----a-w- c:\windows\avastSS.scr

2013-03-28 10:41:09 -------- d-----w- c:\program files\AVAST Software

2013-03-28 10:40:38 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2013-03-28 01:01:28 -------- d-sha-r- C:\cmdcons

2013-03-27 23:28:35 98816 ----a-w- c:\windows\sed.exe

2013-03-27 23:28:35 256000 ----a-w- c:\windows\PEV.exe

2013-03-27 23:28:35 208896 ----a-w- c:\windows\MBR.exe

2013-03-27 23:09:37 -------- d-----w- C:\8f60095d261204a9c8041a453db3610c

2013-03-27 21:50:40 7108640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6a8b268f-0e8c-4dd0-a815-6aef0c3b738e}\mpengine.dll

2013-03-27 21:48:44 6954968 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-03-17 19:52:17 -------- d-----w- c:\program files\ESET

.

==================== Find3M ====================

.

2013-03-28 16:55:37 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-28 16:55:36 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 17:37:58.96 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 4/13/2007 3:07:56 PM

System Uptime: 3/28/2013 1:04:55 PM (4 hours ago)

.

Motherboard: Dell Inc | | 0UW457

Processor: AMD Athlon 64 X2 Dual Core Processor 3800+ | Socket M2 | 2003/1000mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 146 GiB total, 24.103 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1038: 12/18/2012 7:29:02 AM - Software Distribution Service 3.0

RP1039: 12/19/2012 7:28:55 AM - Software Distribution Service 3.0

RP1040: 12/20/2012 7:28:47 AM - Software Distribution Service 3.0

RP1041: 12/21/2012 7:27:12 PM - System Checkpoint

RP1042: 12/22/2012 3:44:35 AM - Software Distribution Service 3.0

RP1043: 12/23/2012 2:28:59 AM - Software Distribution Service 3.0

RP1044: 12/24/2012 3:40:34 AM - Software Distribution Service 3.0

RP1045: 12/25/2012 3:44:18 AM - Software Distribution Service 3.0

RP1046: 12/26/2012 3:44:21 AM - Software Distribution Service 3.0

RP1047: 12/27/2012 3:44:32 AM - Software Distribution Service 3.0

RP1048: 12/28/2012 3:44:19 AM - Software Distribution Service 3.0

RP1049: 12/29/2012 5:45:31 AM - System Checkpoint

RP1050: 12/29/2012 8:27:10 AM - Software Distribution Service 3.0

RP1051: 12/30/2012 2:08:42 AM - Software Distribution Service 3.0

RP1052: 12/30/2012 8:26:49 AM - Software Distribution Service 3.0

RP1053: 12/30/2012 6:18:53 PM - Software Distribution Service 3.0

RP1054: 12/31/2012 6:39:03 PM - Software Distribution Service 3.0

RP1055: 1/1/2013 6:38:27 PM - Software Distribution Service 3.0

RP1056: 1/2/2013 10:15:46 AM - Installed TurboTax 2012 wrapper

RP1057: 1/3/2013 11:18:42 AM - Software Distribution Service 3.0

RP1058: 1/4/2013 1:07:05 PM - System Checkpoint

RP1059: 1/4/2013 7:00:48 PM - Software Distribution Service 3.0

RP1060: 1/5/2013 7:00:02 PM - Software Distribution Service 3.0

RP1061: 1/6/2013 2:23:01 AM - Software Distribution Service 3.0

RP1062: 1/6/2013 7:00:24 PM - Software Distribution Service 3.0

RP1063: 1/7/2013 7:01:01 PM - Software Distribution Service 3.0

RP1064: 1/8/2013 8:44:49 PM - System Checkpoint

RP1065: 1/9/2013 4:05:26 PM - Software Distribution Service 3.0

RP1066: 1/10/2013 6:42:25 PM - System Checkpoint

RP1067: 1/11/2013 5:42:59 AM - Installed TurboTax 2012 winiper

RP1068: 1/11/2013 3:35:36 PM - Software Distribution Service 3.0

RP1069: 1/12/2013 3:35:17 PM - Software Distribution Service 3.0

RP1070: 1/13/2013 1:51:07 AM - Software Distribution Service 3.0

RP1071: 1/14/2013 2:13:14 AM - System Checkpoint

RP1072: 1/14/2013 9:57:09 AM - Software Distribution Service 3.0

RP1073: 1/15/2013 9:52:57 AM - Software Distribution Service 3.0

RP1074: 1/16/2013 9:56:32 AM - Software Distribution Service 3.0

RP1075: 1/18/2013 5:16:52 AM - Software Distribution Service 3.0

RP1076: 1/19/2013 5:15:58 AM - Software Distribution Service 3.0

RP1077: 1/20/2013 2:19:36 AM - Software Distribution Service 3.0

RP1078: 1/21/2013 3:05:46 AM - System Checkpoint

RP1079: 1/22/2013 4:05:21 AM - System Checkpoint

RP1080: 1/22/2013 11:18:31 AM - Software Distribution Service 3.0

RP1081: 1/23/2013 11:18:24 AM - Software Distribution Service 3.0

RP1082: 1/24/2013 11:17:52 AM - Software Distribution Service 3.0

RP1083: 1/25/2013 11:17:52 AM - Software Distribution Service 3.0

RP1084: 1/26/2013 11:46:11 PM - Software Distribution Service 3.0

RP1085: 1/27/2013 2:01:21 AM - Software Distribution Service 3.0

RP1086: 1/27/2013 11:42:48 PM - Software Distribution Service 3.0

RP1087: 1/28/2013 11:42:57 PM - Software Distribution Service 3.0

RP1088: 1/29/2013 11:42:57 PM - Software Distribution Service 3.0

RP1089: 1/30/2013 11:45:15 PM - Software Distribution Service 3.0

RP1090: 1/31/2013 11:42:55 PM - Software Distribution Service 3.0

RP1091: 2/1/2013 11:42:57 PM - Software Distribution Service 3.0

RP1092: 2/3/2013 12:35:43 AM - System Checkpoint

RP1093: 2/3/2013 2:11:55 AM - Software Distribution Service 3.0

RP1094: 2/3/2013 7:46:49 PM - Software Distribution Service 3.0

RP1095: 2/4/2013 7:46:49 PM - Software Distribution Service 3.0

RP1096: 2/5/2013 7:46:53 PM - Software Distribution Service 3.0

RP1097: 2/6/2013 7:46:55 PM - Software Distribution Service 3.0

RP1098: 2/7/2013 7:46:59 PM - Software Distribution Service 3.0

RP1099: 2/8/2013 8:07:54 PM - System Checkpoint

RP1100: 2/9/2013 8:19:27 AM - Software Distribution Service 3.0

RP1101: 2/10/2013 2:03:02 AM - Software Distribution Service 3.0

RP1102: 2/10/2013 8:20:21 AM - Software Distribution Service 3.0

RP1103: 2/11/2013 8:20:25 AM - Software Distribution Service 3.0

RP1104: 2/12/2013 8:19:44 AM - Software Distribution Service 3.0

RP1105: 2/13/2013 8:20:36 AM - Software Distribution Service 3.0

RP1106: 2/14/2013 11:28:25 AM - Software Distribution Service 3.0

RP1107: 2/15/2013 8:48:55 AM - Installed VirtualDJ Home FREE

RP1108: 2/15/2013 11:32:03 AM - Software Distribution Service 3.0

RP1109: 2/16/2013 11:28:49 AM - Software Distribution Service 3.0

RP1110: 2/17/2013 2:26:52 AM - Software Distribution Service 3.0

RP1111: 2/17/2013 11:23:17 AM - Software Distribution Service 3.0

RP1112: 2/18/2013 11:28:07 AM - Software Distribution Service 3.0

RP1113: 2/19/2013 11:28:00 AM - Software Distribution Service 3.0

RP1114: 2/20/2013 11:28:06 AM - Software Distribution Service 3.0

RP1115: 2/21/2013 11:54:24 AM - System Checkpoint

RP1116: 2/22/2013 5:51:38 AM - Software Distribution Service 3.0

RP1117: 2/23/2013 5:51:08 AM - Software Distribution Service 3.0

RP1118: 2/24/2013 1:57:45 AM - Software Distribution Service 3.0

RP1119: 2/24/2013 6:41:52 AM - Software Distribution Service 3.0

RP1120: 2/25/2013 6:41:40 AM - Software Distribution Service 3.0

RP1121: 2/26/2013 7:56:07 AM - System Checkpoint

RP1122: 2/26/2013 8:03:55 AM - Software Distribution Service 3.0

RP1123: 2/27/2013 7:57:33 AM - Software Distribution Service 3.0

RP1124: 2/28/2013 10:02:50 AM - System Checkpoint

RP1125: 2/28/2013 12:39:33 PM - Software Distribution Service 3.0

RP1126: 3/1/2013 12:33:24 PM - Software Distribution Service 3.0

RP1127: 3/2/2013 1:24:43 PM - System Checkpoint

RP1128: 3/3/2013 2:05:06 AM - Software Distribution Service 3.0

RP1129: 3/3/2013 6:37:03 AM - Software Distribution Service 3.0

RP1130: 3/4/2013 6:35:18 AM - Software Distribution Service 3.0

RP1131: 3/5/2013 6:34:55 AM - Software Distribution Service 3.0

RP1132: 3/6/2013 7:53:47 AM - Software Distribution Service 3.0

RP1133: 3/7/2013 7:53:22 AM - Software Distribution Service 3.0

RP1134: 3/8/2013 8:35:25 AM - Software Distribution Service 3.0

RP1135: 3/9/2013 6:16:13 PM - System Checkpoint

RP1136: 3/10/2013 6:39:42 AM - Software Distribution Service 3.0

RP1137: 3/11/2013 6:38:31 AM - Software Distribution Service 3.0

RP1138: 3/12/2013 6:38:26 AM - Software Distribution Service 3.0

RP1139: 3/13/2013 8:53:42 AM - Software Distribution Service 3.0

RP1140: 3/14/2013 9:47:51 AM - System Checkpoint

RP1141: 3/15/2013 7:56:34 AM - Software Distribution Service 3.0

RP1142: 3/16/2013 11:14:51 AM - System Checkpoint

RP1143: 3/17/2013 2:25:11 AM - Software Distribution Service 3.0

RP1144: 3/17/2013 5:41:07 AM - Software Distribution Service 3.0

RP1145: 3/17/2013 1:54:26 PM - Removed Google Earth Plug-in.

RP1146: 3/27/2013 4:37:55 PM - Software Distribution Service 3.0

RP1147: 3/27/2013 5:49:29 PM - Restore Operation

RP1148: 3/27/2013 5:49:57 PM - Software Distribution Service 3.0

RP1149: 3/27/2013 5:58:41 PM - Restore Operation

RP1150: 3/27/2013 6:02:38 PM - Restore Operation

RP1151: 3/27/2013 7:05:47 PM - Removed B3V Viewer

RP1152: 3/27/2013 7:06:15 PM - Removed BBViewer

RP1153: 3/28/2013 7:58:55 AM - Removed VirtualDJ Home FREE

RP1154: 3/28/2013 8:00:34 AM - Removed WAH System Verification

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

802.11 Wireless LAN

A820_doccd

Adobe Acrobat Connect Add-in

Adobe AIR

Adobe Community Help

Adobe Connect Add-in

Adobe Download Assistant

Adobe Flash Player 11 Plugin

Adobe Flash Professional CS5.5

Adobe Photoshop CS6

Adobe Reader 8.1.4

AOL Uninstaller (Choose which Products to Remove)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Arachnophilia version 4.0

Athlon 64 Processor Driver

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

AusLogics System Information

avast! Free Antivirus

Broadcom 440x 10/100 Integrated Controller

Broadcom Management Programs

BufferChm

CCleaner

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Compatibility Pack for the 2007 Office system

Conexant D850 56K V.9x DFVc Modem

Convergys Health Checker

Critical Update for Windows Media Player 11 (KB959772)

Dell Driver Download Manager

Dell System Restore

Desktop Doctor

Digital Content Portal

Digital Line Detect

DiskAid 4.72

FileZilla Client 3.5.3

FitDay PC version 1.0

GEAR 32bit Driver Installer

Google Chrome

Google Update Helper

High Definition Audio Driver Package - KB835221

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB979306)

HP Deskjet 1050 J410 series Basic Device Software

HP Deskjet 1050 J410 series Help

HP Photo and Imaging 2.0 - All-in-One

HP Photo and Imaging 2.0 - All-in-One Drivers

HP Photo Creations

HP Update

iolo technologies' System Mechanic

iPhone Configuration Utility

iPod for Windows 2006-03-23

iTunes

Java Auto Updater

Java 6 Update 31

Juniper Networks Host Checker

Juniper Networks Network Connect 6.0.0

Juniper Networks Network Connect 6.1.0

Juniper Networks Network Connect 6.5.0

Juniper Networks Secure Application Manager

Juniper Networks Setup Client

Juniper Terminal Services Client

Lexmark 5600-6600 Series

Malwarebytes Anti-Malware version 1.70.0.1100

MCU

MetaFrame Presentation Server Web Client for Win32

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Expression Design 4

Microsoft Expression Encoder 4

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft Expression Web 4

Microsoft Expression Web 4 Service Pack 2

Microsoft IntelliPoint 7.1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel Viewer 2003

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2003

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office Word Viewer 2003

Microsoft Security Client

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.5

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Web Platform Installer 3.0

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MobileMe Control Panel

Modem Diagnostic Tool

MSVC80_x86

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 6 Service Pack 2 (KB954459)

Nero 7 Ultra Edition

Network Connector 2.1_rc20

NVIDIA Control Panel 275.33

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA Graphics Driver 275.33

NVIDIA Install Application

NVIDIA nView 135.85

NVIDIA PhysX

NVIDIA Update 1.3.5

NVIDIA Update Components

Octoshape add-in for Adobe Flash Player

Office Animation Runtime

OpenMG AAC Add-on Module 1.0.00

OpenMG Limited Patch 4.5-06-05-12-01

OpenMG Secure Module 4.5.01

OPN System XT (Client)

OPSWAT AntiVirus and Firewall Integration Libraries

PDF Settings CS5

PDF Settings CS6

RapidPlayer v5.0 ActiveX Control

RealNetworks - Microsoft Visual C++ 2005 Runtime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

RSA SecurID Software Token

RTC Client API v1.2 Setup

SamsungConnectivityCableDriver

SeaMonkey (2.2)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Expression Design 4 (KB2667730)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2722913)

Security Update for Windows Internet Explorer 7 (KB2744842)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SigmaTel Audio

Sonic Activation Module

Sothink SWF Decompiler

Sound Blaster ADVANCED MB Drivers

SUPERAntiSpyware

System Checkup 3.4

System Requirements Lab

TouchCopy 11

TuneAid 3.76

TurboTax 2009

TurboTax 2009 waliper

TurboTax 2009 wariper

TurboTax 2009 waziper

TurboTax 2009 wcaiper

TurboTax 2009 wcoiper

TurboTax 2009 wctiper

TurboTax 2009 wdciper

TurboTax 2009 wdeiper

TurboTax 2009 wfliper

TurboTax 2009 wgaiper

TurboTax 2009 whiiper

TurboTax 2009 wiaiper

TurboTax 2009 widiper

TurboTax 2009 wiliper

TurboTax 2009 winiper

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wksiper

TurboTax 2009 wkyiper

TurboTax 2009 wlaiper

TurboTax 2009 wmaiper

TurboTax 2009 wmdiper

TurboTax 2009 wmeiper

TurboTax 2009 wmiiper

TurboTax 2009 wmniper

TurboTax 2009 wmoiper

TurboTax 2009 wmsiper

TurboTax 2009 wmtiper

TurboTax 2009 wnciper

TurboTax 2009 wndiper

TurboTax 2009 wneiper

TurboTax 2009 wnhiper

TurboTax 2009 wnjiper

TurboTax 2009 wnmiper

TurboTax 2009 wnyiper

TurboTax 2009 wohiper

TurboTax 2009 wokiper

TurboTax 2009 woriper

TurboTax 2009 wpaiper

TurboTax 2009 wrapper

TurboTax 2009 wriiper

TurboTax 2009 wsciper

TurboTax 2009 wtniper

TurboTax 2009 wutiper

TurboTax 2009 wvaiper

TurboTax 2009 wvtiper

TurboTax 2009 wwiiper

TurboTax 2009 wwviper

TurboTax 2010

TurboTax 2010 waliper

TurboTax 2010 waziper

TurboTax 2010 wcaiper

TurboTax 2010 wcoiper

TurboTax 2010 wiaiper

TurboTax 2010 widiper

TurboTax 2010 wiliper

TurboTax 2010 winiper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wksiper

TurboTax 2010 wmdiper

TurboTax 2010 wmiiper

TurboTax 2010 wmniper

TurboTax 2010 wmsiper

TurboTax 2010 wmtiper

TurboTax 2010 wnjiper

TurboTax 2010 wnyiper

TurboTax 2010 wohiper

TurboTax 2010 woriper

TurboTax 2010 wpaiper

TurboTax 2010 wrapper

TurboTax 2010 wsciper

TurboTax 2010 wutiper

TurboTax 2010 wvaiper

TurboTax 2010 wwiiper

TurboTax 2011

TurboTax 2011 winiper

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

TurboTax 2012

TurboTax 2012 winiper

TurboTax 2012 WinPerFedFormset

TurboTax 2012 WinPerReleaseEngine

TurboTax 2012 WinPerTaxSupport

TurboTax 2012 wrapper

Type Fonts

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

USB Wireless LAN Card

VC 9.0 Runtime

VideoLAN VLC media player 0.8.6b

Viewpoint Media Player

VisualLightBox

WebFldrs XP

Windows Defender

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows XP Service Pack 3

WinRAR archiver

WinZip 11.1

XML Paper Specification Shared Components Pack 1.0

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

3/28/2013 7:41:26 AM, error: Service Control Manager [7034] - The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).

3/28/2013 7:39:54 AM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

3/28/2013 7:39:14 AM, error: Service Control Manager [7034] - The iolo System Service service terminated unexpectedly. It has done this 1 time(s).

3/28/2013 12:09:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 aswSnx aswSP aswTdi ctxusbm Fips MpFilter nvatabus nvraid SASDIFSV SASKUTIL

3/27/2013 7:21:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

3/27/2013 6:53:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid

3/27/2013 6:53:35 PM, error: Service Control Manager [7023] - The 6to4 service terminated with the following error: The system cannot find the file specified.

3/27/2013 6:53:35 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

3/27/2013 6:52:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/27/2013 6:23:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

3/27/2013 6:22:58 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

3/27/2013 6:21:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

3/27/2013 6:07:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 ctxusbm Fips MpFilter nvatabus nvraid SASDIFSV SASKUTIL

3/27/2013 5:48:44 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.147.594.0;1.147.594.0 Engine version: 1.1.9302.0

.

==== End Of File ===========================

Link to post
Share on other sites
  • Replies 219
  • Created
  • Last Reply

Hy there.

I understand that you are in rush but we are all volunters here and I found --> https://forums.majorgeeks.com/showthread.php?p=1812075

Choose only one forum. There wont be any reason to get help from 2 helpers and waisting their time as well it is very dangerous, different helpers uses different tools and ways and can cause a systemcrash.

Link to post
Share on other sites

I do understand you are all volunteers, and I appreciate all you do. As you can see, I posted that thread 13 hours ago, wasn't getting a response, and don't know how to delete the thread. I am desperate and missing work. Sorry for the inconvenience.

Link to post
Share on other sites

Hello kstmommy,

IF you wish to continue here, you need to post back into your majorgeeks post and ask them to close that.

I'd urge you to copy & paste copies of contents of the Roguekiller log & the TDSSKILLER log as well, for review.

Meantime do not do any further self-medication, as that will often over-complicate the chance of a diagnosys.

This pc has two active antivirus apps. Uninstall 1 of either Avast or MS Security Essentials and restart the system.

Having more than 1 active antivirus monitor will lead to deadlocks and conflicts.

Understand that squashing an infection is often not a 1-2-3 quick fix. They often take several sessions over many days.

Do you have a system backup from before the infection ?

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the otlDesktopIcon.png icon (for Vista, or Windows 7 / 8 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Thank you so much for replying. I have posted in the other thread to close or delete it. I will do every step you tell me.

Before we begin, I'm having a problem getting rid of Microsoft Security Essentials. Originally, it was the protection I chose, but when this all started happening, it was being blocked and not running. That's when I downloaded Avast, so I had at least something. Apparently, my system still says MSE is running, but it's not. It's not in Add/Remove Programs, it's not listed as a process that I can find, it's not in CCCleaner for me to unistall there either. I have the MSE folder with the applications and files inside, but I can't start it to disable it. I'm not sure what to do. Should I just unistall Avast for now?

Link to post
Share on other sites

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Safe mode with network support

User : Mom [Admin rights]

Mode : Scan -- Date : 03/29/2013 09:32:06

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160812AS +++++

--- User ---

[MBR] 19498f46cdfec176c7c058875603e389

[bSP] 26fe7d691f9edb5d824e85e8f49dc627 : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 149464 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 306198900 | Size: 3074 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[7]_S_03292013_02d0932.txt >>

RKreport[1]_S_03282013_02d1100.txt ; RKreport[2]_S_03282013_02d2337.txt ; RKreport[3]_D_03282013_02d2340.txt ; RKreport[4]_S_03282013_02d2343.txt ; RKreport[5]_S_03292013_02d0929.txt ;

RKreport[6]_D_03292013_02d0930.txt ; RKreport[7]_S_03292013_02d0932.txt

-------------------------------------------------------------------------------------------------------------------------

09:27:39.0171 0832 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

09:27:39.0531 0832 ============================================================

09:27:39.0531 0832 Current date / time: 2013/03/29 09:27:39.0531

09:27:39.0531 0832 SystemInfo:

09:27:39.0531 0832

09:27:39.0531 0832 OS Version: 5.1.2600 ServicePack: 3.0

09:27:39.0531 0832 Product type: Workstation

09:27:39.0531 0832 ComputerName: D563PSC1

09:27:39.0531 0832 UserName: Mom

09:27:39.0531 0832 Windows directory: C:\WINDOWS

09:27:39.0531 0832 System windows directory: C:\WINDOWS

09:27:39.0531 0832 Processor architecture: Intel x86

09:27:39.0531 0832 Number of processors: 2

09:27:39.0531 0832 Page size: 0x1000

09:27:39.0531 0832 Boot type: Safe boot with network

09:27:39.0531 0832 ============================================================

09:27:39.0906 0832 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

09:27:39.0906 0832 ============================================================

09:27:39.0906 0832 \Device\Harddisk0\DR0:

09:27:39.0906 0832 MBR partitions:

09:27:39.0906 0832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x123EC0EE

09:27:39.0906 0832 ============================================================

09:27:39.0937 0832 C: <-> \Device\Harddisk0\DR0\Partition1

09:27:39.0937 0832 ============================================================

09:27:39.0937 0832 Initialize success

09:27:39.0937 0832 ============================================================

09:27:51.0593 0532 ============================================================

09:27:51.0593 0532 Scan started

09:27:51.0593 0532 Mode: Manual;

09:27:51.0593 0532 ============================================================

09:27:53.0968 0532 ================ Scan system memory ========================

09:27:53.0968 0532 System memory - ok

09:27:53.0968 0532 ================ Scan services =============================

09:27:54.0062 0532 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

09:27:54.0062 0532 !SASCORE - ok

09:27:54.0187 0532 Abiosdsk - ok

09:27:54.0218 0532 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

09:27:54.0218 0532 abp480n5 - ok

09:27:54.0250 0532 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:27:54.0250 0532 ACPI - ok

09:27:54.0265 0532 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

09:27:54.0265 0532 ACPIEC - ok

09:27:54.0281 0532 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys

09:27:54.0281 0532 adpu160m - ok

09:27:54.0312 0532 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

09:27:54.0312 0532 aec - ok

09:27:54.0343 0532 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

09:27:54.0343 0532 AFD - ok

09:27:54.0375 0532 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys

09:27:54.0375 0532 agp440 - ok

09:27:54.0390 0532 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

09:27:54.0390 0532 agpCPQ - ok

09:27:54.0390 0532 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys

09:27:54.0390 0532 Aha154x - ok

09:27:54.0406 0532 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys

09:27:54.0406 0532 aic78u2 - ok

09:27:54.0406 0532 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys

09:27:54.0406 0532 aic78xx - ok

09:27:54.0453 0532 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

09:27:54.0453 0532 Alerter - ok

09:27:54.0468 0532 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

09:27:54.0468 0532 ALG - ok

09:27:54.0484 0532 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys

09:27:54.0484 0532 AliIde - ok

09:27:54.0484 0532 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys

09:27:54.0484 0532 alim1541 - ok

09:27:54.0500 0532 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys

09:27:54.0500 0532 amdagp - ok

09:27:54.0515 0532 [ 0A4D13B388C814560BD69C3A496ECFA8 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys

09:27:54.0515 0532 AmdK8 - ok

09:27:54.0531 0532 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys

09:27:54.0531 0532 amsint - ok

09:27:54.0609 0532 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

09:27:54.0609 0532 AOL ACS - ok

09:27:54.0671 0532 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:27:54.0671 0532 Apple Mobile Device - ok

09:27:54.0671 0532 AppMgmt - ok

09:27:54.0703 0532 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys

09:27:54.0703 0532 asc - ok

09:27:54.0703 0532 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys

09:27:54.0703 0532 asc3350p - ok

09:27:54.0718 0532 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys

09:27:54.0718 0532 asc3550 - ok

09:27:54.0843 0532 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

09:27:54.0843 0532 aspnet_state - ok

09:27:54.0875 0532 [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys

09:27:54.0875 0532 aswFsBlk - ok

09:27:54.0906 0532 [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys

09:27:54.0906 0532 aswMonFlt - ok

09:27:54.0921 0532 [ C1A411B7CCD604554D96EFDAC2F83617 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys

09:27:54.0921 0532 AswRdr - ok

09:27:54.0921 0532 [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys

09:27:54.0921 0532 aswRvrt - ok

09:27:54.0968 0532 [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys

09:27:54.0968 0532 aswSnx - ok

09:27:55.0000 0532 [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys

09:27:55.0000 0532 aswSP - ok

09:27:55.0031 0532 [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys

09:27:55.0031 0532 aswTdi - ok

09:27:55.0046 0532 [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys

09:27:55.0046 0532 aswVmm - ok

09:27:55.0078 0532 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:27:55.0078 0532 AsyncMac - ok

09:27:55.0093 0532 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

09:27:55.0109 0532 atapi - ok

09:27:55.0109 0532 Atdisk - ok

09:27:55.0156 0532 [ A2EAEB497CA29ECAEAF0DF66AD85C57D ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

09:27:55.0156 0532 Ati HotKey Poller - ok

09:27:55.0187 0532 [ 312A17DFF710A0F4E6D4DD1D52EAD1A8 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe

09:27:55.0187 0532 ATI Smart - ok

09:27:55.0250 0532 [ 492BD2A5F65F218D4EDE5764A3BB67E9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

09:27:55.0265 0532 ati2mtag - ok

09:27:55.0281 0532 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:27:55.0281 0532 Atmarpc - ok

09:27:55.0328 0532 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

09:27:55.0328 0532 AudioSrv - ok

09:27:55.0359 0532 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

09:27:55.0359 0532 audstub - ok

09:27:55.0421 0532 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

09:27:55.0421 0532 avast! Antivirus - ok

09:27:55.0453 0532 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

09:27:55.0453 0532 bcm4sbxp - ok

09:27:55.0468 0532 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

09:27:55.0468 0532 Beep - ok

09:27:55.0515 0532 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

09:27:55.0515 0532 BITS - ok

09:27:55.0562 0532 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

09:27:55.0562 0532 Browser - ok

09:27:55.0562 0532 btaudio - ok

09:27:55.0578 0532 BTDriver - ok

09:27:55.0593 0532 BTKRNL - ok

09:27:55.0609 0532 BTWDNDIS - ok

09:27:55.0625 0532 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

09:27:55.0625 0532 BVRPMPR5 - ok

09:27:55.0703 0532 catchme - ok

09:27:55.0734 0532 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

09:27:55.0750 0532 cbidf - ok

09:27:55.0750 0532 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

09:27:55.0750 0532 cbidf2k - ok

09:27:55.0781 0532 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

09:27:55.0781 0532 CCDECODE - ok

09:27:55.0781 0532 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

09:27:55.0781 0532 cd20xrnt - ok

09:27:55.0812 0532 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

09:27:55.0812 0532 Cdaudio - ok

09:27:55.0828 0532 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

09:27:55.0828 0532 Cdfs - ok

09:27:55.0859 0532 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:27:55.0875 0532 Cdrom - ok

09:27:55.0875 0532 Changer - ok

09:27:55.0906 0532 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

09:27:55.0906 0532 CiSvc - ok

09:27:55.0921 0532 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

09:27:55.0921 0532 ClipSrv - ok

09:27:55.0984 0532 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:27:55.0984 0532 clr_optimization_v2.0.50727_32 - ok

09:27:56.0015 0532 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:27:56.0015 0532 clr_optimization_v4.0.30319_32 - ok

09:27:56.0031 0532 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys

09:27:56.0031 0532 CmdIde - ok

09:27:56.0031 0532 COMSysApp - ok

09:27:56.0062 0532 [ CA8EB7B73AC3BAB1F8760A7583122A00 ] CO_Mon C:\WINDOWS\system32\Drivers\CO_Mon.sys

09:27:56.0062 0532 CO_Mon - ok

09:27:56.0078 0532 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys

09:27:56.0078 0532 Cpqarray - ok

09:27:56.0109 0532 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

09:27:56.0109 0532 CryptSvc - ok

09:27:56.0140 0532 [ AEFB8558199BD5212B268B09BFA1D71A ] CSHelper C:\WINDOWS\system32\CSHelper.exe

09:27:56.0140 0532 CSHelper - ok

09:27:56.0171 0532 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

09:27:56.0171 0532 ctsfm2k - ok

09:27:56.0187 0532 [ 4EE8822ADB764EDD28CE44E808097995 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys

09:27:56.0187 0532 CTUSFSYN - ok

09:27:56.0203 0532 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

09:27:56.0203 0532 ctxusbm - ok

09:27:56.0234 0532 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys

09:27:56.0234 0532 CVirtA - ok

09:27:56.0250 0532 cvjbhgwe - ok

09:27:56.0265 0532 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

09:27:56.0265 0532 dac2w2k - ok

09:27:56.0281 0532 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys

09:27:56.0281 0532 dac960nt - ok

09:27:56.0312 0532 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

09:27:56.0312 0532 DcomLaunch - ok

09:27:56.0343 0532 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

09:27:56.0343 0532 Dhcp - ok

09:27:56.0359 0532 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

09:27:56.0359 0532 Disk - ok

09:27:56.0359 0532 dmadmin - ok

09:27:56.0390 0532 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

09:27:56.0406 0532 dmboot - ok

09:27:56.0421 0532 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

09:27:56.0421 0532 dmio - ok

09:27:56.0453 0532 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

09:27:56.0453 0532 dmload - ok

09:27:56.0468 0532 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

09:27:56.0468 0532 dmserver - ok

09:27:56.0484 0532 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

09:27:56.0484 0532 DMusic - ok

09:27:56.0515 0532 [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys

09:27:56.0515 0532 DNE - ok

09:27:56.0531 0532 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

09:27:56.0531 0532 Dnscache - ok

09:27:56.0562 0532 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

09:27:56.0562 0532 Dot3svc - ok

09:27:56.0562 0532 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys

09:27:56.0562 0532 dpti2o - ok

09:27:56.0593 0532 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

09:27:56.0593 0532 drmkaud - ok

09:27:56.0609 0532 [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys

09:27:56.0609 0532 dsNcAdpt - ok

09:27:56.0703 0532 [ 824C188936FDC1B20FB32192B57CDEBA ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

09:27:56.0703 0532 dsNcService - ok

09:27:56.0718 0532 DSproct - ok

09:27:56.0718 0532 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys

09:27:56.0718 0532 E100B - ok

09:27:56.0765 0532 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

09:27:56.0765 0532 EapHost - ok

09:27:56.0781 0532 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

09:27:56.0781 0532 ERSvc - ok

09:27:56.0828 0532 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

09:27:56.0828 0532 Eventlog - ok

09:27:56.0859 0532 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

09:27:56.0859 0532 EventSystem - ok

09:27:56.0875 0532 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

09:27:56.0875 0532 Fastfat - ok

09:27:56.0906 0532 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

09:27:56.0921 0532 FastUserSwitchingCompatibility - ok

09:27:56.0937 0532 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe

09:27:56.0937 0532 Fax - ok

09:27:56.0968 0532 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

09:27:56.0968 0532 Fdc - ok

09:27:56.0984 0532 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

09:27:56.0984 0532 Fips - ok

09:27:56.0984 0532 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

09:27:56.0984 0532 Flpydisk - ok

09:27:57.0015 0532 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

09:27:57.0015 0532 FltMgr - ok

09:27:57.0078 0532 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

09:27:57.0078 0532 FontCache3.0.0.0 - ok

09:27:57.0093 0532 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:27:57.0093 0532 Fs_Rec - ok

09:27:57.0125 0532 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:27:57.0125 0532 Ftdisk - ok

09:27:57.0156 0532 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

09:27:57.0156 0532 GEARAspiWDM - ok

09:27:57.0156 0532 getPlusHelper - ok

09:27:57.0187 0532 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:27:57.0187 0532 Gpc - ok

09:27:57.0265 0532 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

09:27:57.0281 0532 gupdate - ok

09:27:57.0296 0532 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

09:27:57.0296 0532 gupdatem - ok

09:27:57.0312 0532 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:27:57.0312 0532 HDAudBus - ok

09:27:57.0375 0532 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

09:27:57.0375 0532 helpsvc - ok

09:27:57.0406 0532 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

09:27:57.0406 0532 HidServ - ok

09:27:57.0421 0532 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:27:57.0421 0532 HidUsb - ok

09:27:57.0453 0532 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

09:27:57.0453 0532 hkmsvc - ok

09:27:57.0468 0532 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys

09:27:57.0468 0532 hpn - ok

09:27:57.0484 0532 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys

09:27:57.0484 0532 HPZid412 - ok

09:27:57.0484 0532 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

09:27:57.0484 0532 HPZipr12 - ok

09:27:57.0500 0532 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys

09:27:57.0500 0532 HPZius12 - ok

09:27:57.0515 0532 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

09:27:57.0531 0532 HSFHWBS2 - ok

09:27:57.0562 0532 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

09:27:57.0562 0532 HSF_DP - ok

09:27:57.0609 0532 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

09:27:57.0609 0532 HTTP - ok

09:27:57.0640 0532 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

09:27:57.0640 0532 HTTPFilter - ok

09:27:57.0656 0532 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys

09:27:57.0656 0532 i2omgmt - ok

09:27:57.0671 0532 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys

09:27:57.0671 0532 i2omp - ok

09:27:57.0703 0532 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:27:57.0703 0532 i8042prt - ok

09:27:57.0765 0532 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

09:27:57.0765 0532 IDriverT - ok

09:27:57.0843 0532 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:27:57.0843 0532 idsvc - ok

09:27:57.0875 0532 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

09:27:57.0875 0532 Imapi - ok

09:27:57.0906 0532 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

09:27:57.0906 0532 ImapiService - ok

09:27:57.0921 0532 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys

09:27:57.0921 0532 ini910u - ok

09:27:57.0921 0532 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

09:27:57.0921 0532 IntelIde - ok

09:27:57.0968 0532 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:27:57.0968 0532 intelppm - ok

09:27:58.0046 0532 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

09:27:58.0046 0532 IntuitUpdateService - ok

09:27:58.0093 0532 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

09:27:58.0093 0532 IntuitUpdateServiceV4 - ok

09:27:58.0187 0532 [ 893597337906307471D816B2712D5AA8 ] ioloSystemService C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

09:27:58.0187 0532 ioloSystemService - ok

09:27:58.0203 0532 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

09:27:58.0203 0532 Ip6Fw - ok

09:27:58.0218 0532 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:27:58.0218 0532 IpFilterDriver - ok

09:27:58.0234 0532 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:27:58.0234 0532 IpInIp - ok

09:27:58.0265 0532 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:27:58.0265 0532 IpNat - ok

09:27:58.0328 0532 [ CE004777B92DEA56FE14EC900D20BAA4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

09:27:58.0328 0532 iPod Service - ok

09:27:58.0343 0532 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:27:58.0343 0532 IPSec - ok

09:27:58.0359 0532 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

09:27:58.0359 0532 IRENUM - ok

09:27:58.0390 0532 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:27:58.0390 0532 isapnp - ok

09:27:58.0468 0532 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

09:27:58.0468 0532 JavaQuickStarterService - ok

09:27:58.0500 0532 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:27:58.0500 0532 Kbdclass - ok

09:27:58.0500 0532 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:27:58.0500 0532 kbdhid - ok

09:27:58.0531 0532 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

09:27:58.0531 0532 kmixer - ok

09:27:58.0531 0532 kolkgvvx - ok

09:27:58.0562 0532 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

09:27:58.0562 0532 KSecDD - ok

09:27:58.0593 0532 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

09:27:58.0593 0532 lanmanserver - ok

09:27:58.0625 0532 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

09:27:58.0625 0532 lanmanworkstation - ok

09:27:58.0640 0532 lbrtfdc - ok

09:27:58.0687 0532 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

09:27:58.0687 0532 LmHosts - ok

09:27:58.0750 0532 [ 235EB9D126BC1095E7FD6B97C43051FF ] lxduCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe

09:27:58.0750 0532 lxduCATSCustConnectService - ok

09:27:58.0765 0532 lxdu_device - ok

09:27:58.0765 0532 MCSTRM - ok

09:27:58.0781 0532 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

09:27:58.0781 0532 mdmxsdk - ok

09:27:58.0796 0532 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

09:27:58.0796 0532 Messenger - ok

09:27:58.0890 0532 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

09:27:58.0890 0532 Microsoft Office Groove Audit Service - ok

09:27:58.0921 0532 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

09:27:58.0921 0532 mnmdd - ok

09:27:58.0953 0532 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

09:27:58.0953 0532 mnmsrvc - ok

09:27:58.0968 0532 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

09:27:58.0968 0532 Modem - ok

09:27:58.0984 0532 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys

09:27:58.0984 0532 MODEMCSA - ok

09:27:59.0046 0532 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys

09:27:59.0046 0532 monfilt - ok

09:27:59.0062 0532 motccgp - ok

09:27:59.0062 0532 motccgpfl - ok

09:27:59.0078 0532 MotDev - ok

09:27:59.0109 0532 [ FE80C18BA448DDD76B7BEAD9EB203D37 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys

09:27:59.0109 0532 motmodem - ok

09:27:59.0125 0532 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:27:59.0125 0532 Mouclass - ok

09:27:59.0140 0532 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:27:59.0140 0532 mouhid - ok

09:27:59.0171 0532 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

09:27:59.0171 0532 MountMgr - ok

09:27:59.0203 0532 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys

09:27:59.0203 0532 MpFilter - ok

09:27:59.0312 0532 [ A69630D039C38018689190234F866D77 ] MpKsl76fba216 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FF1D7E2-9E7B-48DC-9094-627BA69C21A9}\MpKsl76fba216.sys

09:27:59.0312 0532 MpKsl76fba216 - ok

09:27:59.0328 0532 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys

09:27:59.0328 0532 mraid35x - ok

09:27:59.0343 0532 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:27:59.0343 0532 MRxDAV - ok

09:27:59.0390 0532 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:27:59.0390 0532 MRxSmb - ok

09:27:59.0453 0532 [ F1534ACA143CA86CD57672953754FAB0 ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

09:27:59.0453 0532 MSCSPTISRV - ok

09:27:59.0484 0532 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

09:27:59.0484 0532 MSDTC - ok

09:27:59.0515 0532 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

09:27:59.0515 0532 Msfs - ok

09:27:59.0515 0532 MSIServer - ok

09:27:59.0546 0532 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:27:59.0546 0532 MSKSSRV - ok

09:27:59.0593 0532 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

09:27:59.0593 0532 MsMpSvc - ok

09:27:59.0609 0532 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:27:59.0609 0532 MSPCLOCK - ok

09:27:59.0609 0532 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

09:27:59.0609 0532 MSPQM - ok

09:27:59.0640 0532 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:27:59.0640 0532 mssmbios - ok

09:27:59.0656 0532 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

09:27:59.0656 0532 MSTEE - ok

09:27:59.0656 0532 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

09:27:59.0656 0532 Mup - ok

09:27:59.0671 0532 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

09:27:59.0671 0532 NABTSFEC - ok

09:27:59.0703 0532 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

09:27:59.0718 0532 napagent - ok

09:27:59.0812 0532 [ 89844C3D3A7AAE8999E229C88E452633 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

09:27:59.0828 0532 NBService - ok

09:27:59.0828 0532 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

09:27:59.0828 0532 NDIS - ok

09:27:59.0843 0532 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

09:27:59.0843 0532 NdisIP - ok

09:27:59.0859 0532 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:27:59.0859 0532 NdisTapi - ok

09:27:59.0875 0532 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:27:59.0875 0532 Ndisuio - ok

09:27:59.0890 0532 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:27:59.0890 0532 NdisWan - ok

09:27:59.0906 0532 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

09:27:59.0906 0532 NDProxy - ok

09:27:59.0937 0532 [ 756E220A8F085406D7C39D17891D04DA ] NEOFLTR_550_12129 C:\WINDOWS\system32\Drivers\NEOFLTR_550_12129.SYS

09:27:59.0937 0532 NEOFLTR_550_12129 - ok

09:27:59.0968 0532 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll

09:27:59.0968 0532 Net Driver HPZ12 - ok

09:27:59.0984 0532 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

09:27:59.0984 0532 NetBIOS - ok

09:28:00.0015 0532 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

09:28:00.0015 0532 NetBT - ok

09:28:00.0046 0532 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

09:28:00.0046 0532 NetDDE - ok

09:28:00.0046 0532 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

09:28:00.0046 0532 NetDDEdsdm - ok

09:28:00.0078 0532 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

09:28:00.0078 0532 Netlogon - ok

09:28:00.0093 0532 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

09:28:00.0109 0532 Netman - ok

09:28:00.0140 0532 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:28:00.0140 0532 NetTcpPortSharing - ok

09:28:00.0203 0532 [ D81104382162CA98481304216CEE3891 ] Network ConnectorService C:\Program Files\Barracuda\Network Connector\bin\network-connectorserv.exe

09:28:00.0203 0532 Network ConnectorService - ok

09:28:00.0234 0532 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll

09:28:00.0250 0532 Nla - ok

09:28:00.0281 0532 [ 8DD0CDB0C700992D10169D8769EF5F43 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

09:28:00.0281 0532 NMIndexingService - ok

09:28:00.0312 0532 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

09:28:00.0312 0532 Npfs - ok

09:28:00.0328 0532 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

09:28:00.0343 0532 Ntfs - ok

09:28:00.0359 0532 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

09:28:00.0359 0532 NtLmSsp - ok

09:28:00.0390 0532 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

09:28:00.0390 0532 NtmsSvc - ok

09:28:00.0406 0532 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

09:28:00.0406 0532 Null - ok

09:28:00.0656 0532 [ 9F30A816039FD2167918E33263E54FE9 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

09:28:00.0718 0532 nv - ok

09:28:00.0765 0532 [ 6B37162E91A7005BAA753CB611ACEA2D ] nvata C:\WINDOWS\system32\drivers\nvata.sys

09:28:00.0765 0532 nvata - ok

09:28:00.0781 0532 [ 75562456AA672BB5FE56D3C64C6D1C7D ] nvatabus C:\WINDOWS\system32\drivers\nvatabus.sys

09:28:00.0781 0532 nvatabus - ok

09:28:00.0828 0532 [ 049AA7021E5406E77F3535BE66635B74 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys

09:28:00.0828 0532 NVHDA - ok

09:28:00.0843 0532 [ 1D4781A5957300DC81B91161B45704BB ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys

09:28:00.0843 0532 nvraid - ok

09:28:00.0859 0532 [ C26920B25ADB94A81DFF7FB5992F7118 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe

09:28:00.0875 0532 NVSvc - ok

09:28:00.0984 0532 [ 2CC4E45B0EB4C48392CEC9C83B5B8E3B ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

09:28:01.0000 0532 nvUpdatusService - ok

09:28:01.0031 0532 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:28:01.0031 0532 NwlnkFlt - ok

09:28:01.0046 0532 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:28:01.0046 0532 NwlnkFwd - ok

09:28:01.0140 0532 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:28:01.0140 0532 odserv - ok

09:28:01.0171 0532 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:28:01.0171 0532 ose - ok

09:28:01.0187 0532 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

09:28:01.0187 0532 ossrv - ok

09:28:01.0218 0532 [ 17BB6B38DE8C2BDA692CA1DB0CEA7325 ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

09:28:01.0218 0532 PACSPTISVR - ok

09:28:01.0265 0532 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

09:28:01.0265 0532 Parport - ok

09:28:01.0281 0532 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

09:28:01.0281 0532 PartMgr - ok

09:28:01.0296 0532 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

09:28:01.0296 0532 ParVdm - ok

09:28:01.0328 0532 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

09:28:01.0328 0532 pccsmcfd - ok

09:28:01.0343 0532 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

09:28:01.0343 0532 PCI - ok

09:28:01.0359 0532 PCIDump - ok

09:28:01.0359 0532 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

09:28:01.0359 0532 PCIIde - ok

09:28:01.0390 0532 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

09:28:01.0390 0532 Pcmcia - ok

09:28:01.0390 0532 PDCOMP - ok

09:28:01.0406 0532 PDFRAME - ok

09:28:01.0437 0532 [ 40C611622882C3FCAFEB845C1E12A10F ] PDFsFilter C:\WINDOWS\system32\DRIVERS\PDFsFilter.sys

09:28:01.0437 0532 PDFsFilter - ok

09:28:01.0437 0532 PDRELI - ok

09:28:01.0453 0532 PDRFRAME - ok

09:28:01.0453 0532 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys

09:28:01.0453 0532 perc2 - ok

09:28:01.0484 0532 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys

09:28:01.0484 0532 perc2hib - ok

09:28:01.0515 0532 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

09:28:01.0515 0532 PlugPlay - ok

09:28:01.0531 0532 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll

09:28:01.0531 0532 Pml Driver HPZ12 - ok

09:28:01.0562 0532 [ 2E3394C8EBF31A9B4F0A531EB5CC7BC7 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys

09:28:01.0562 0532 Point32 - ok

09:28:01.0562 0532 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

09:28:01.0578 0532 PolicyAgent - ok

09:28:01.0593 0532 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:28:01.0593 0532 PptpMiniport - ok

09:28:01.0609 0532 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

09:28:01.0609 0532 Processor - ok

09:28:01.0625 0532 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

09:28:01.0625 0532 ProtectedStorage - ok

09:28:01.0640 0532 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

09:28:01.0640 0532 PSched - ok

09:28:01.0671 0532 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:28:01.0671 0532 Ptilink - ok

09:28:01.0718 0532 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:28:01.0718 0532 PxHelp20 - ok

09:28:01.0750 0532 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys

09:28:01.0750 0532 ql1080 - ok

09:28:01.0765 0532 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

09:28:01.0765 0532 Ql10wnt - ok

09:28:01.0781 0532 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys

09:28:01.0781 0532 ql12160 - ok

09:28:01.0781 0532 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys

09:28:01.0781 0532 ql1240 - ok

09:28:01.0796 0532 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys

09:28:01.0796 0532 ql1280 - ok

09:28:01.0796 0532 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:28:01.0796 0532 RasAcd - ok

09:28:01.0843 0532 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

09:28:01.0843 0532 RasAuto - ok

09:28:01.0859 0532 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:28:01.0859 0532 Rasl2tp - ok

09:28:01.0890 0532 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

09:28:01.0906 0532 RasMan - ok

09:28:01.0921 0532 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:28:01.0921 0532 RasPppoe - ok

09:28:01.0921 0532 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

09:28:01.0921 0532 Raspti - ok

09:28:01.0937 0532 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:28:01.0937 0532 Rdbss - ok

09:28:01.0953 0532 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:28:01.0953 0532 RDPCDD - ok

09:28:01.0968 0532 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

09:28:01.0984 0532 rdpdr - ok

09:28:02.0031 0532 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

09:28:02.0031 0532 RDPWD - ok

09:28:02.0046 0532 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

09:28:02.0046 0532 RDSessMgr - ok

09:28:02.0062 0532 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

09:28:02.0062 0532 redbook - ok

09:28:02.0093 0532 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

09:28:02.0109 0532 RemoteAccess - ok

09:28:02.0125 0532 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

09:28:02.0125 0532 RpcLocator - ok

09:28:02.0140 0532 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll

09:28:02.0156 0532 RpcSs - ok

09:28:02.0187 0532 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

09:28:02.0187 0532 RSVP - ok

09:28:02.0203 0532 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

09:28:02.0203 0532 SamSs - ok

09:28:02.0250 0532 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

09:28:02.0250 0532 SASDIFSV - ok

09:28:02.0265 0532 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

09:28:02.0265 0532 SASKUTIL - ok

09:28:02.0296 0532 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

09:28:02.0296 0532 SCardSvr - ok

09:28:02.0343 0532 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

09:28:02.0343 0532 Schedule - ok

09:28:02.0375 0532 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:28:02.0375 0532 Secdrv - ok

09:28:02.0406 0532 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

09:28:02.0406 0532 seclogon - ok

09:28:02.0421 0532 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

09:28:02.0421 0532 SENS - ok

09:28:02.0421 0532 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

09:28:02.0421 0532 serenum - ok

09:28:02.0453 0532 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

09:28:02.0453 0532 Serial - ok

09:28:02.0484 0532 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

09:28:02.0484 0532 Sfloppy - ok

09:28:02.0515 0532 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

09:28:02.0515 0532 SharedAccess - ok

09:28:02.0531 0532 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

09:28:02.0531 0532 ShellHWDetection - ok

09:28:02.0546 0532 Simbad - ok

09:28:02.0562 0532 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys

09:28:02.0562 0532 sisagp - ok

09:28:02.0562 0532 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

09:28:02.0562 0532 SLIP - ok

09:28:02.0609 0532 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys

09:28:02.0609 0532 Sparrow - ok

09:28:02.0625 0532 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

09:28:02.0625 0532 splitter - ok

09:28:02.0656 0532 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

09:28:02.0656 0532 Spooler - ok

09:28:02.0734 0532 [ C3716EC0D36AD924B6888D794563E647 ] sprtsvc_ddoctorv2 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

09:28:02.0734 0532 sprtsvc_ddoctorv2 - ok

09:28:02.0781 0532 [ D15DA1BA189770D93EEA2D7E18F95AF9 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys

09:28:02.0781 0532 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: D15DA1BA189770D93EEA2D7E18F95AF9

09:28:02.0781 0532 sptd ( LockedFile.Multi.Generic ) - warning

09:28:02.0781 0532 sptd - detected LockedFile.Multi.Generic (1)

09:28:02.0828 0532 [ 3980B48DFF300A7E4139F5C64DA65F5C ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

09:28:02.0828 0532 SPTISRV - ok

09:28:02.0875 0532 [ FBF835125B84567F4B932C77465F923C ] SQTECH905C C:\WINDOWS\system32\Drivers\Capt905c.sys

09:28:02.0875 0532 SQTECH905C - ok

09:28:02.0906 0532 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

09:28:02.0906 0532 sr - ok

09:28:02.0937 0532 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

09:28:02.0937 0532 srservice - ok

09:28:02.0984 0532 [ 0F6AEFAD3641A657E18081F52D0C15AF ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

09:28:02.0984 0532 Srv - ok

09:28:03.0000 0532 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

09:28:03.0000 0532 SSDPSRV - ok

09:28:03.0046 0532 [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA C:\WINDOWS\system32\drivers\sthda.sys

09:28:03.0062 0532 STHDA - ok

09:28:03.0093 0532 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

09:28:03.0093 0532 stisvc - ok

09:28:03.0125 0532 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

09:28:03.0125 0532 streamip - ok

09:28:03.0140 0532 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

09:28:03.0140 0532 swenum - ok

09:28:03.0234 0532 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

09:28:03.0234 0532 SwitchBoard - ok

09:28:03.0250 0532 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

09:28:03.0250 0532 swmidi - ok

09:28:03.0250 0532 SwPrv - ok

09:28:03.0265 0532 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys

09:28:03.0265 0532 symc810 - ok

09:28:03.0281 0532 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys

09:28:03.0281 0532 symc8xx - ok

09:28:03.0296 0532 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys

09:28:03.0296 0532 sym_hi - ok

09:28:03.0296 0532 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys

09:28:03.0296 0532 sym_u3 - ok

09:28:03.0312 0532 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

09:28:03.0312 0532 sysaudio - ok

09:28:03.0343 0532 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

09:28:03.0359 0532 SysmonLog - ok

09:28:03.0359 0532 [ 3B45D2674414D1F5400B9C452A7A293F ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys

09:28:03.0359 0532 tap0901 - ok

09:28:03.0390 0532 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

09:28:03.0390 0532 TapiSrv - ok

09:28:03.0453 0532 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:28:03.0453 0532 Tcpip - ok

09:28:03.0484 0532 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

09:28:03.0484 0532 TDPIPE - ok

09:28:03.0500 0532 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

09:28:03.0500 0532 TDTCP - ok

09:28:03.0515 0532 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

09:28:03.0515 0532 TermDD - ok

09:28:03.0546 0532 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

09:28:03.0546 0532 TermService - ok

09:28:03.0562 0532 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll

09:28:03.0562 0532 Themes - ok

09:28:03.0578 0532 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys

09:28:03.0578 0532 TosIde - ok

09:28:03.0609 0532 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

09:28:03.0609 0532 TrkWks - ok

09:28:03.0625 0532 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

09:28:03.0625 0532 Udfs - ok

09:28:03.0640 0532 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys

09:28:03.0640 0532 ultra - ok

09:28:03.0687 0532 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

09:28:03.0703 0532 Update - ok

09:28:03.0718 0532 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

09:28:03.0718 0532 upnphost - ok

09:28:03.0734 0532 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

09:28:03.0734 0532 UPS - ok

09:28:03.0765 0532 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

09:28:03.0765 0532 USBAAPL - ok

09:28:03.0781 0532 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

09:28:03.0781 0532 usbaudio - ok

09:28:03.0796 0532 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:28:03.0812 0532 usbccgp - ok

09:28:03.0812 0532 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:28:03.0812 0532 usbehci - ok

09:28:03.0828 0532 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:28:03.0828 0532 usbhub - ok

09:28:03.0843 0532 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys

09:28:03.0843 0532 usbohci - ok

09:28:03.0859 0532 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

09:28:03.0859 0532 usbprint - ok

09:28:03.0859 0532 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:28:03.0875 0532 usbscan - ok

09:28:03.0875 0532 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:28:03.0875 0532 USBSTOR - ok

09:28:03.0890 0532 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:28:03.0890 0532 usbuhci - ok

09:28:03.0906 0532 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

09:28:03.0906 0532 VgaSave - ok

09:28:03.0921 0532 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys

09:28:03.0921 0532 viaagp - ok

09:28:03.0937 0532 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

09:28:03.0937 0532 ViaIde - ok

09:28:03.0953 0532 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

09:28:03.0953 0532 VolSnap - ok

09:28:03.0984 0532 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

09:28:03.0984 0532 VSS - ok

09:28:04.0000 0532 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll

09:28:04.0000 0532 w32time - ok

09:28:04.0015 0532 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:28:04.0015 0532 Wanarp - ok

09:28:04.0062 0532 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys

09:28:04.0062 0532 wanatw - ok

09:28:04.0109 0532 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

09:28:04.0109 0532 Wdf01000 - ok

09:28:04.0109 0532 WDICA - ok

09:28:04.0125 0532 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

09:28:04.0125 0532 wdmaud - ok

09:28:04.0156 0532 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

09:28:04.0156 0532 WebClient - ok

09:28:04.0203 0532 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

09:28:04.0203 0532 winachsf - ok

09:28:04.0250 0532 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe

09:28:04.0250 0532 WinDefend - ok

09:28:04.0296 0532 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

09:28:04.0296 0532 winmgmt - ok

09:28:04.0343 0532 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

09:28:04.0343 0532 WmdmPmSN - ok

09:28:04.0375 0532 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

09:28:04.0375 0532 WmiApSrv - ok

09:28:04.0453 0532 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

09:28:04.0453 0532 WMPNetworkSvc - ok

09:28:04.0484 0532 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys

09:28:04.0484 0532 WpdUsb - ok

09:28:04.0578 0532 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:28:04.0578 0532 WPFFontCache_v0400 - ok

09:28:04.0593 0532 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

09:28:04.0593 0532 WS2IFSL - ok

09:28:04.0625 0532 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

09:28:04.0625 0532 wscsvc - ok

09:28:04.0640 0532 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

09:28:04.0640 0532 WSTCODEC - ok

09:28:04.0671 0532 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

09:28:04.0671 0532 wuauserv - ok

09:28:04.0703 0532 [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:28:04.0703 0532 WudfPf - ok

09:28:04.0718 0532 [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:28:04.0718 0532 WudfRd - ok

09:28:04.0734 0532 [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

09:28:04.0750 0532 WudfSvc - ok

09:28:04.0796 0532 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

09:28:04.0796 0532 WZCSVC - ok

09:28:04.0812 0532 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

09:28:04.0812 0532 xmlprov - ok

09:28:04.0828 0532 ================ Scan global ===============================

09:28:04.0875 0532 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

09:28:04.0921 0532 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

09:28:04.0937 0532 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

09:28:04.0953 0532 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

09:28:04.0953 0532 [Global] - ok

09:28:04.0953 0532 ================ Scan MBR ==================================

09:28:04.0984 0532 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0

09:28:05.0093 0532 \Device\Harddisk0\DR0 - ok

09:28:05.0093 0532 ================ Scan VBR ==================================

09:28:05.0109 0532 [ 8E90A276096A832F5CC16F358FD6FEA4 ] \Device\Harddisk0\DR0\Partition1

09:28:05.0109 0532 \Device\Harddisk0\DR0\Partition1 - ok

09:28:05.0109 0532 ============================================================

09:28:05.0109 0532 Scan finished

09:28:05.0109 0532 ============================================================

09:28:05.0125 0268 Detected object count: 1

09:28:05.0125 0268 Actual detected object count: 1

09:28:09.0875 0268 sptd ( LockedFile.Multi.Generic ) - skipped by user

09:28:09.0875 0268 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

09:28:11.0750 1504 Deinitialize success

Link to post
Share on other sites

OTL logfile created on: 3/29/2013 10:45:21 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mom\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 70.67% Memory free

4.25 Gb Paging File | 3.58 Gb Available in Paging File | 84.38% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 145.96 Gb Total Space | 24.60 Gb Free Space | 16.86% Space Free | Partition Type: NTFS

Computer Name: D563PSC1 | User Name: Mom | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/29 10:41:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe

PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/09/12 06:23:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

PRC - [2010/11/10 14:10:54 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1176508629\ee\aolsoftware.exe

PRC - [2010/01/01 04:00:00 | 000,040,960 | ---- | M] (mozilla.org) -- C:\Program Files\SeaMonkey\seamonkey.exe

PRC - [2010/01/01 04:00:00 | 000,009,728 | ---- | M] (Mozilla Corporation) -- C:\Program Files\SeaMonkey\plugin-container.exe

PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/29 03:51:29 | 002,084,352 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13032900\algo.dll

MOD - [2013/03/28 12:55:35 | 014,717,144 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

MOD - [2010/01/01 04:00:00 | 001,843,200 | ---- | M] () -- C:\Program Files\SeaMonkey\mozjs.dll

MOD - [2010/01/01 04:00:00 | 000,155,648 | ---- | M] () -- C:\Program Files\SeaMonkey\nsldap32v60.dll

MOD - [2010/01/01 04:00:00 | 000,015,360 | ---- | M] () -- C:\Program Files\SeaMonkey\nsldappr32v60.dll

MOD - [2008/03/18 20:37:00 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdudrpp.dll

MOD - [2008/03/04 01:54:54 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXDUPMON.DLL

MOD - [2008/03/04 01:53:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll

MOD - [2007/11/17 08:01:32 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\lxduoem.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/09/12 06:23:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2012/08/03 16:15:16 | 001,027,792 | ---- | M] (iolo technologies, LLC) [On_Demand | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2010/11/17 16:38:50 | 000,628,080 | ---- | M] (Juniper Networks) [Disabled | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2010/05/18 04:28:12 | 000,043,416 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Barracuda\Network Connector\bin\network-connectorserv.exe -- (Network ConnectorService)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/02/14 08:33:30 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)

SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2)

SRV - [2008/03/20 07:25:27 | 000,594,600 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\system32\lxducoms.exe -- (lxdu_device)

SRV - [2008/03/20 07:25:17 | 000,098,984 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)

SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)

SRV - [2006/04/27 17:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2006/04/27 17:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2006/04/27 17:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)

DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kolkgvvx.sys -- (kolkgvvx)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cvjbhgwe.sys -- (cvjbhgwe)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mom\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btkrnl.sys -- (BTKRNL)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)

DRV - [2013/03/29 08:57:25 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FF1D7E2-9E7B-48DC-9094-627BA69C21A9}\MpKsl76fba216.sys -- (MpKsl76fba216)

DRV - [2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2013/03/06 18:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2013/03/06 18:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2013/03/06 18:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/08/03 15:59:46 | 000,068,464 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFsFilter)

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/06/21 22:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2010/06/21 18:07:39 | 000,091,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2010/05/18 04:28:30 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)

DRV - [2010/02/18 20:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)

DRV - [2009/09/19 16:36:07 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2009/09/08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)

DRV - [2008/10/27 15:47:10 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)

DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007/10/03 16:20:32 | 000,063,008 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_550_12129.sys -- (NEOFLTR_550_12129)

DRV - [2007/06/20 14:57:46 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)

DRV - [2007/05/15 17:25:00 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)

DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006/08/05 07:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)

DRV - [2006/07/27 15:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2006/06/18 21:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006/05/12 10:44:56 | 000,647,498 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)

DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2005/05/25 17:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)

DRV - [2005/01/10 18:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2005/01/10 18:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://my.aol.com/?ncid=aolmas00050000000002 [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://my.aol.com/?ncid=aolmas00050000000002 [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=customie7

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50ie7customie7

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://my.aol.com/?ncid=aolmas00050000000002 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://portal.arise.com/Login.aspx

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50ie7customie7

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{C9E9AB05-CB63-449A-B01F-B7E86DEA44F0}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS_en

IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()

FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: C:\Program Files\Mozilla Firefox\plugins\ [2012/05/11 13:02:03 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/03 21:11:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.2\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/04/12 08:12:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.2\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2012/04/05 08:15:37 | 000,000,000 | ---D | M]

[2012/09/06 10:58:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions

[2009/12/31 20:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}

[2009/05/18 14:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2012/04/05 08:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\SeaMonkey\Profiles\jamcjcz4.default\extensions

[2012/04/05 08:31:56 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Mom\Application Data\Mozilla\SeaMonkey\Profiles\jamcjcz4.default\extensions\inspector@mozilla.org

[2012/09/06 10:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/04/05 08:44:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2012/04/05 08:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)

[2012/04/05 08:19:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)

[2010/05/12 17:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll

[2010/05/12 17:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

[2010/05/12 17:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

[2010/05/12 17:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

[2011/08/15 17:13:21 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll

[2012/04/05 08:44:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/05/12 18:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll

[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

[2010/05/12 17:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

[2007/10/27 13:44:58 | 000,002,275 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\aolsearch.xml

[2010/11/11 11:11:35 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dieckmbeafcedhihaiadnaanclccfihd\1.23.8_0\crossrider

CHR - Extension: No name found = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dieckmbeafcedhihaiadnaanclccfihd\1.23.8_0\

CHR - Extension: No name found = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\

O1 HOSTS File: ([2013/03/27 22:29:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1176508629\ee\aolsoftware.exe (AOL Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O15 - HKCU\..Trusted Domains: arise.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: carnival.com ([citrix] http in Local intranet)

O15 - HKCU\..Trusted Domains: intuit.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (Reg Error: Key error.)

O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://asp23.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)

O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab (Reg Error: Key error.)

O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB (CTAdjust Class)

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228867869953 (MUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)

O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)

O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab (InetDownload Class)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://ns.arise.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ns.arise.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6019A3D2-B279-468A-8732-A26A61A41680}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/29 10:41:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe

[2013/03/29 10:28:33 | 003,795,288 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Mom\Desktop\SecurityScan_Release.exe

[2013/03/29 09:59:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2013/03/29 09:50:30 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Mom\Desktop\esetsmartinstaller_enu.exe

[2013/03/29 09:49:15 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mom\Desktop\amwmb.exe

[2013/03/29 09:26:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2013/03/29 08:55:22 | 005,044,813 | R--- | C] (Swearware) -- C:\ComboFix.exe

[2013/03/29 08:46:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mom\Recent

[2013/03/29 08:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2013/03/29 08:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Updater26276

[2013/03/29 08:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Deal Spy

[2013/03/28 23:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Strongvault

[2013/03/28 23:18:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin

[2013/03/28 23:18:18 | 000,000,000 | ---D | C] -- C:\AI_RecycleBin

[2013/03/28 17:32:02 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Mom\Desktop\dds.com

[2013/03/28 11:43:55 | 000,000,000 | ---D | C] -- C:\MGtools

[2013/03/28 10:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\RK_Quarantine

[2013/03/28 10:52:13 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\tdsskiller.exe

[2013/03/28 10:51:24 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mom\Desktop\mb.exe

[2013/03/28 06:41:52 | 000,368,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2013/03/28 06:41:52 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2013/03/28 06:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus

[2013/03/28 06:41:51 | 000,765,736 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2013/03/28 06:41:51 | 000,062,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2013/03/28 06:41:51 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2013/03/28 06:41:50 | 000,228,600 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2013/03/28 06:41:50 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys

[2013/03/28 06:41:29 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2013/03/28 06:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2013/03/28 06:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2013/03/27 21:01:28 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013/03/27 19:28:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/03/27 19:28:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/03/27 19:28:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/03/27 19:28:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/03/27 19:09:37 | 000,000,000 | ---D | C] -- C:\8f60095d261204a9c8041a453db3610c

[2013/03/27 17:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

[2013/03/27 17:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2013/03/17 22:39:01 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/03/17 22:38:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/03/17 15:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[4 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/29 10:48:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013/03/29 10:42:52 | 000,843,908 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\SecurityCheck.exe.part

[2013/03/29 10:41:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe

[2013/03/29 10:29:25 | 003,795,288 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Mom\Desktop\SecurityScan_Release.exe

[2013/03/29 10:26:33 | 013,786,977 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\mbar-1.01.0.1021.zip

[2013/03/29 09:58:43 | 161,545,632 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\setup_11.0.0.1245.x01_2013_03_29_16_35.exe

[2013/03/29 09:50:39 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Mom\Desktop\esetsmartinstaller_enu.exe

[2013/03/29 09:49:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/29 09:49:18 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mom\Desktop\amwmb.exe

[2013/03/29 09:44:42 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2013/03/29 09:34:37 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/03/29 09:34:37 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2013/03/29 09:34:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/03/29 09:34:22 | 3219,640,320 | -HS- | M] () -- C:\hiberfil.sys

[2013/03/29 09:07:21 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2013/03/29 08:55:32 | 005,044,813 | R--- | M] (Swearware) -- C:\ComboFix.exe

[2013/03/29 08:43:40 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe

[2013/03/29 08:17:04 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk

[2013/03/29 07:59:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/03/28 23:19:34 | 020,480,000 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\store-pp.jbs

[2013/03/28 23:17:38 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite

[2013/03/28 23:14:03 | 000,585,064 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\cbsidlm-tr1_12-HitmanPro_3_32bit-ORG-10895604.exe

[2013/03/28 17:32:30 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Mom\Desktop\dds.com

[2013/03/28 17:15:36 | 000,609,993 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\adwcleaner.exe

[2013/03/28 17:13:58 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\HiJackThis.lnk

[2013/03/28 12:55:37 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/03/28 12:55:36 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/03/28 12:05:47 | 000,000,395 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to MGlogs.zip.lnk

[2013/03/28 11:58:39 | 000,388,084 | ---- | M] () -- C:\MGlogs.zip

[2013/03/28 11:58:39 | 000,388,084 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\MGlogs.zip

[2013/03/28 10:54:27 | 001,898,001 | ---- | M] () -- C:\MGtools.exe

[2013/03/28 10:52:33 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\tdsskiller.exe

[2013/03/28 10:51:35 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mom\Desktop\mb.exe

[2013/03/28 10:48:13 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe

[2013/03/28 09:44:44 | 003,730,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/03/28 09:39:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2013/03/28 08:02:49 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-706684962-979399936-124493050-1006.job

[2013/03/28 08:02:46 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-706684962-979399936-124493050-1006.job

[2013/03/28 06:41:52 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2013/03/28 06:41:50 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2013/03/27 22:29:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/03/27 21:01:52 | 000,000,339 | RHS- | M] () -- C:\boot.ini

[2013/03/27 19:31:04 | 000,000,339 | ---- | M] () -- C:\Boot.bak

[2013/03/13 06:56:52 | 000,081,806 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\156038_10200602886892871_1580318341_n.jpg

[2013/03/13 06:54:14 | 000,076,413 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\644343_10200622507183366_1314037004_n.jpg

[2013/03/10 06:25:49 | 000,504,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/03/10 06:25:48 | 000,089,126 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/03/09 17:17:41 | 000,042,182 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\81_508227616203_2157_n.jpg

[2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2013/03/06 18:33:24 | 000,164,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2013/03/06 18:33:24 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2013/03/06 18:33:24 | 000,049,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys

[2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2013/03/06 18:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2013/03/06 18:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[4 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/29 10:42:43 | 000,843,908 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\SecurityCheck.exe.part

[2013/03/29 10:26:14 | 013,786,977 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\mbar-1.01.0.1021.zip

[2013/03/29 09:57:27 | 161,545,632 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\setup_11.0.0.1245.x01_2013_03_29_16_35.exe

[2013/03/29 09:34:22 | 3219,640,320 | -HS- | C] () -- C:\hiberfil.sys

[2013/03/29 08:17:04 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk

[2013/03/28 23:19:34 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\store-pp.jbs

[2013/03/28 23:17:38 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite

[2013/03/28 23:13:57 | 000,585,064 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\cbsidlm-tr1_12-HitmanPro_3_32bit-ORG-10895604.exe

[2013/03/28 17:14:27 | 000,609,993 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\adwcleaner.exe

[2013/03/28 12:05:47 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to MGlogs.zip.lnk

[2013/03/28 11:58:39 | 000,388,084 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\MGlogs.zip

[2013/03/28 11:44:19 | 000,388,084 | ---- | C] () -- C:\MGlogs.zip

[2013/03/28 10:54:26 | 001,898,001 | ---- | C] () -- C:\MGtools.exe

[2013/03/28 10:47:43 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe

[2013/03/28 06:41:52 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2013/03/28 06:41:51 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2013/03/28 06:41:51 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2013/03/28 06:41:51 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2013/03/27 19:28:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/03/27 19:28:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/03/27 19:28:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/03/27 19:28:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/03/27 19:28:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013/03/17 22:41:25 | 000,000,339 | ---- | C] () -- C:\Boot.bak

[2013/03/17 22:41:19 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2013/03/17 22:35:58 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2013/03/17 21:12:18 | 000,000,876 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/03/16 05:24:37 | 000,275,880 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2013/03/13 06:54:13 | 000,076,413 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\644343_10200622507183366_1314037004_n.jpg

[2013/03/09 23:49:17 | 000,081,806 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\156038_10200602886892871_1580318341_n.jpg

[2013/03/09 17:17:40 | 000,042,182 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\81_508227616203_2157_n.jpg

[2012/09/12 18:16:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/09/12 14:13:51 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dat

[2012/09/12 13:39:46 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

[2012/09/05 16:23:22 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\d3d9caps.dat

[2012/01/07 06:30:00 | 003,216,605 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-706684962-979399936-124493050-1006-0.dat

[2012/01/07 06:29:59 | 000,440,558 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2012/01/06 12:00:01 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc

[2011/12/27 17:05:15 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/23 14:02:19 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011/09/02 12:24:39 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2011/09/02 12:16:21 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/09/02 12:16:21 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/09/02 12:16:21 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/05/21 06:01:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2009/09/18 08:24:11 | 001,513,982 | ---- | C] () -- C:\Program Files\Malwarebytes' Anti-Malware.zip

[2008/04/21 14:28:10 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2008/02/01 07:09:46 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

[2007/06/29 21:45:05 | 000,000,253 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.tif

[2007/06/29 21:45:05 | 000,000,164 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.dat

[2007/04/19 18:30:03 | 000,189,440 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/04/14 07:17:25 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/10 13:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2008/05/05 16:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5600-6600 Series

[2008/01/19 19:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica

[2008/09/04 16:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications

[2013/03/28 06:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2010/03/16 14:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSVideoBurner

[2011/02/08 20:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2009/09/19 16:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2013/03/29 08:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2008/04/09 14:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HumanClick

[2008/04/25 10:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software

[2007/09/20 22:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions

[2011/09/14 18:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2013/03/17 15:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

[2010/10/21 10:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks

[2009/04/09 00:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 5600-6600 Series

[2007/11/29 16:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier

[2008/02/23 10:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2008/05/09 17:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2012/05/11 15:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2007/05/27 13:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm

[2011/04/29 12:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2010/11/12 19:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R

[2011/11/28 20:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan

[2007/04/18 15:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/07/31 20:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner

[2010/04/13 14:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/26 19:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/04/21 13:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2008/05/05 17:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\5600-6600 Series

[2009/08/25 12:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\AbleFaxTifView

[2008/01/19 19:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Acoustica

[2013/03/28 17:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Amazon

[2008/02/18 20:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Antepo-ACCEPT

[2008/08/04 12:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Auslogics

[2010/07/14 19:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\BBLite.1C8FCB66D507A5DBA729DC95068F311B51E8F16C.1

[2012/08/11 14:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\BBViewer

[2011/07/06 01:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\BigBrotherLite

[2011/09/03 21:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Catalina Marketing Corp

[2012/04/28 14:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011/08/29 07:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\DAEMON Tools Lite

[2007/08/29 09:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\DialogCoach

[2012/04/08 12:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\DiskAid

[2012/09/06 09:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\FileZilla

[2008/04/25 07:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\flashpaste

[2009/11/20 20:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GetRightToGo

[2010/04/23 17:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GrabPro

[2008/01/23 06:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\ICAClient

[2010/04/23 17:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\IEPro

[2010/05/05 06:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Inbit

[2008/08/13 20:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Interactive Intelligence

[2012/09/12 17:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\iolo

[2011/03/31 08:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Juniper Networks

[2012/12/30 18:58:49 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mom\Application Data\KB936782_WMP11

[2013/01/02 12:03:31 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mom\Application Data\KB954154_WM11

[2013/01/02 12:04:11 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mom\Application Data\KB961371

[2012/12/30 19:24:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mom\Application Data\KB981852

[2007/04/18 16:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech

[2008/05/05 16:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Lexmark Productivity Studio

[2008/04/27 19:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\NCH Swift Sound

[2008/05/09 17:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Nokia

[2008/05/09 17:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\PC Suite

[2008/09/03 19:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Pogo Games

[2009/10/07 18:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Red Kawa

[2008/11/24 09:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Saba

[2011/09/03 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Sammsoft

[2007/04/17 05:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Snapfish

[2012/05/13 12:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2009/10/09 11:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Stamps.com Internet Postage

[2013/03/29 06:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Strongvault

[2013/02/15 10:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\SynthMaker

[2008/02/02 18:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\System Tweaker

[2011/10/31 23:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\TuneAid

[2008/02/02 15:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Uniblue

[2008/10/07 18:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Unreal Streaming

[2013/03/28 09:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\uTorrent

[2011/11/28 20:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Visan

[2007/05/03 06:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Visicom Media

[2011/01/25 17:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\webex

[2012/12/30 18:58:50 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mom\Application Data\Windows XP Service Pack

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 564 bytes -> C:\cookies.txt:1296059898.txt

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 3/29/2013 10:45:21 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mom\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 70.67% Memory free

4.25 Gb Paging File | 3.58 Gb Available in Paging File | 84.38% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 145.96 Gb Total Space | 24.60 Gb Free Space | 16.86% Space Free | Partition Type: NTFS

Computer Name: D563PSC1 | User Name: Mom | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

"53:UDP" = 53:UDP:*:Enabled:Promo

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

"8939:TCP" = 8939:TCP:*:Enabled:Remote Assistance Local

"6948:TCP" = 6948:TCP:*:Enabled:Remote Assistance Remote

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (America Online)

"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)

"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (AOL, LLC.)

"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL Inc.)

"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)

"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL Inc.)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Common Files\aol\1176508629\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1176508629\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL Inc.)

"C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL -- (AOL, LLC.)

"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)

"C:\Documents and Settings\Mom\taw\winvnc.exe" = C:\Documents and Settings\Mom\taw\winvnc.exe:*:Enabled:VNC server for Win32 -- (RealVNC Ltd.)

"C:\WINDOWS\system32\lxducoms.exe" = C:\WINDOWS\system32\lxducoms.exe:*:Enabled:Lexmark Communications System -- ( )

"C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe" = C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe:*:Enabled:Lexmark Device Monitor -- ()

"C:\Program Files\Lexmark 5600-6600 Series\frun.exe" = C:\Program Files\Lexmark 5600-6600 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- ()

"C:\Program Files\Lexmark 5600-6600 Series\lxdufax.exe" = C:\Program Files\Lexmark 5600-6600 Series\lxdufax.exe:*:Enabled:Fax software -- ()

"C:\Documents and Settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)

"C:\Program Files\AOL 9.1a\waol.exe" = C:\Program Files\AOL 9.1a\waol.exe:*:Enabled:AOL -- (AOL, LLC.)

"C:\Documents and Settings\Mom\My Documents\bbviewerv11beta\BBViewer.exe" = C:\Documents and Settings\Mom\My Documents\bbviewerv11beta\BBViewer.exe:*:Enabled:BB Viewer -- ()

"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\SeaMonkey\seamonkey.exe" = C:\Program Files\SeaMonkey\seamonkey.exe:*:Enabled:SeaMonkey -- (mozilla.org)

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)

"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- (Juniper Networks)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" = C:\Program Files\Microsoft Office\Office12\WINWORD.EXE:*:Enabled:Microsoft Office Word -- (Microsoft Corporation)

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)

"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)

"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper

"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport

"{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0E794924-17AC-4565-96C7-960D40F8B61E}" = TurboTax 2010 wcoiper

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F894917-79EE-4BC3-9C3A-E267BF40F524}" = RSA SecurID Software Token

"{113AC946-0CEB-49C7-828A-230FF9EB1DBB}" = TurboTax 2010 wmdiper

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}" = HP Deskjet 1050 J410 series Basic Device Software

"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00

"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5

"{250F2B64-1729-4A6F-A3A4-17B478C03431}" = TurboTax 2010 woriper

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{27FBE6D3-F96E-44AA-A07B-2A51EE626635}" = TurboTax 2010 wsciper

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2C045D2C-667D-4494-9684-E4B071C2C7FF}" = TurboTax 2010 wohiper

"{31C2F32D-C5DD-4583-8181-B48591CA231C}" = RapidPlayer v5.0 ActiveX Control

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{35599970-EAA2-012B-ACE9-000000000000}" = TurboTax 2009 waliper

"{359C6ED0-EAA2-012B-ACF9-000000000000}" = TurboTax 2009 wariper

"{35D5A740-EAA2-012B-AD08-000000000000}" = TurboTax 2009 waziper

"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper

"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01

"{36518E00-EAA2-012B-AD27-000000000000}" = TurboTax 2009 wcoiper

"{368AC670-EAA2-012B-AD34-000000000000}" = TurboTax 2009 wctiper

"{36B81800-EAA2-012B-AD3F-000000000000}" = TurboTax 2009 wdciper

"{36DBCCA0-EAA2-012B-AD48-000000000000}" = TurboTax 2009 wdeiper

"{3712BB20-EAA2-012B-AD56-000000000000}" = TurboTax 2009 wfliper

"{374256A0-EAA2-012B-AD60-000000000000}" = TurboTax 2009 wgaiper

"{376FA830-EAA2-012B-AD6B-000000000000}" = TurboTax 2009 whiiper

"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset

"{37A66FA0-EAA2-012B-AD79-000000000000}" = TurboTax 2009 wiaiper

"{37CA4B50-EAA2-012B-AD81-000000000000}" = TurboTax 2009 widiper

"{37EBB600-EAA2-012B-AD89-000000000000}" = TurboTax 2009 wiliper

"{385E26E0-EAA2-012B-ADA5-000000000000}" = TurboTax 2009 winiper

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{38D097C0-EAA2-012B-ADC2-000000000000}" = TurboTax 2009 wksiper

"{39003340-EAA2-012B-ADCD-000000000000}" = TurboTax 2009 wkyiper

"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client

"{392D84D0-EAA2-012B-ADD8-000000000000}" = TurboTax 2009 wlaiper

"{395AD660-EAA2-012B-ADE3-000000000000}" = TurboTax 2009 wmaiper

"{39940ED0-EAA2-012B-ADF1-000000000000}" = TurboTax 2009 wmdiper

"{39A96B90-EAA2-012B-ADF7-000000000000}" = TurboTax 2009 wmeiper

"{39C16060-EAA2-012B-ADFC-000000000000}" = TurboTax 2009 wmiiper

"{39E2A400-EAA2-012B-AE04-000000000000}" = TurboTax 2009 wmniper

"{3A2EEF40-EAA2-012B-AE15-000000000000}" = TurboTax 2009 wmoiper

"{3A59F6E0-EAA2-012B-AE20-000000000000}" = TurboTax 2009 wmsiper

"{3A7B3A80-EAA2-012B-AE28-000000000000}" = TurboTax 2009 wmtiper

"{3A90BE50-EAA2-012B-AE2D-000000000000}" = TurboTax 2009 wnciper

"{3AB22900-EAA2-012B-AE35-000000000000}" = TurboTax 2009 wndiper

"{3AC785C0-EAA2-012B-AE3B-000000000000}" = TurboTax 2009 wneiper

"{3AF28D60-EAA2-012B-AE46-000000000000}" = TurboTax 2009 wnhiper

"{3B1D6DF0-EAA2-012B-AE51-000000000000}" = TurboTax 2009 wnjiper

"{3B4ABF80-EAA2-012B-AE5C-000000000000}" = TurboTax 2009 wnmiper

"{3B8186F0-EAA2-012B-AE69-000000000000}" = TurboTax 2009 wnyiper

"{3BAC6780-EAA2-012B-AE74-000000000000}" = TurboTax 2009 wohiper

"{3BD76F20-EAA2-012B-AE7F-000000000000}" = TurboTax 2009 wokiper

"{3C024FB0-EAA2-012B-AE8A-000000000000}" = TurboTax 2009 woriper

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C391720-EAA2-012B-AE98-000000000000}" = TurboTax 2009 wpaiper

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{3C7005A0-EAA2-012B-AEA5-000000000000}" = TurboTax 2009 wriiper

"{3C9AE630-EAA2-012B-AEB0-000000000000}" = TurboTax 2009 wsciper

"{3CD1ADA0-EAA2-012B-AEBD-000000000000}" = TurboTax 2009 wtniper

"{3CF31850-EAA2-012B-AEC5-000000000000}" = TurboTax 2009 wutiper

"{3D29DFC0-EAA2-012B-AED3-000000000000}" = TurboTax 2009 wvaiper

"{3D4B4A70-EAA2-012B-AEDB-000000000000}" = TurboTax 2009 wvtiper

"{3D6A4420-EAA2-012B-AEE4-000000000000}" = TurboTax 2009 wwiiper

"{3D9795B0-EAA2-012B-AEEE-000000000000}" = TurboTax 2009 wwviper

"{44432BD5-D968-460E-8DA4-1FFCC29DC692}" = TurboTax 2011 winiper

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4647B1E4-9907-4A58-963C-E785DF674C3E}" = TurboTax 2010 wpaiper

"{48990BE7-BA87-4DFA-B7F5-31396CD72E9A}" = TurboTax 2010 wiaiper

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.4

"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper

"{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix online plug-in (USB)

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{551F657B-9D5A-4499-845E-9924AB5232D2}" = TurboTax 2010 wmtiper

"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic

"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR

"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module

"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help

"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4

"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers

"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1

"{70632C41-BDAC-4128-9FBF-287F9FF53DE5}" = TurboTax 2010 wiliper

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries

"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver

"{84BC4E89-97BB-41A3-9254-06E7C675B945}" = TurboTax 2010 wmsiper

"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper

"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX

"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes

"{8EA5860B-9027-4864-81D0-2A5B82D41821}" = TurboTax 2010 wmniper

"{8F3F7032-E5FB-42B4-8443-A569F381726C}" = USB Wireless LAN Card

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant

"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D041488-CAE1-4F6C-92A2-44A9E8EEF00B}" = OPN System XT (Client)

"{9D459B94-7E90-46A5-B76B-5A712E7A3529}" = TurboTax 2010 waliper

"{9E5AE5C0-423C-4F4F-823B-57781C2B77F5}" = RTC Client API v1.2 Setup

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4

"{AE29CC62-C835-40FD-99C6-292F90D58DF8}" = TurboTax 2010 widiper

"{AEE512CE-2D5B-4E87-B729-2FBD7718EED7}" = TurboTax 2010 wksiper

"{AEEB3643-71DE-414d-9E3F-1159177FE211}" = Office Animation Runtime

"{AF5A39FE-51FB-4BA3-B399-2D1F0C65D617}_is1" = AusLogics System Information

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal

"{B94F6A6A-56CB-465E-885E-CB099331E456}" = Convergys Health Checker

"{BB830F9E-53B3-492F-B39C-2DF615D1C9E1}" = TurboTax 2010 wvaiper

"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler

"{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec

"{BFCA7375-81A2-44F8-BFC1-0DC5A3D23405}" = TurboTax 2010 wutiper

"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C14201FD-245D-4CA9-A582-47D842C6AC59}" = TurboTax 2010 wmiiper

"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver

"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool

"{C7010632-E5EE-4263-B80E-BC9D45439EB0}" = TurboTax 2010 winiper

"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs

"{CA19AEA3-B949-41DA-AFBA-692356230F6E}" = TurboTax 2010 wnjiper

"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU

"{D3F8356E-E6AD-43B0-BEDB-A760C4C318E6}" = TouchCopy 11

"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor

"{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix online plug-in (HDX)

"{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix online plug-in (DV)

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DDEEA588-FE34-495F-B974-66EACAB93678}" = TurboTax 2012 winiper

"{E1B617EF-2DBF-45A0-9359-774031FEA769}" = TurboTax 2010 wwiiper

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper

"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer

"{E90F8E55-A3EE-41AF-88E3-ED2EA0ECE46C}" = TurboTax 2010 waziper

"{E9C455CC-57C4-4c1b-9A55-46C5BA21D9D9}" = A820_doccd

"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2

"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility

"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset

"{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7 Ultra Edition

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"All ATI Software" = ATI - Software Uninstall Utility

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)

"Arachnophilia version 4.0_is1" = Arachnophilia version 4.0

"ATI Display Driver" = ATI Display Driver

"avast" = avast! Free Antivirus

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"Deal Spy" = Deal Spy

"Design_7.0.20516.0" = Microsoft Expression Design 4

"DiskAid_is1" = DiskAid 4.72

"Encoder_4.0.1639.0" = Microsoft Expression Encoder 4

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"FileZilla Client" = FileZilla Client 3.5.3

"FitDay_is1" = FitDay PC version 1.0

"Google Chrome" = Google Chrome

"HitmanPro37" = HitmanPro 3.7

"HP Photo Creations" = HP Photo Creations

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23

"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00

"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01

"InstallShield_{8F3F7032-E5FB-42B4-8443-A569F381726C}" = 802.11 Wireless LAN

"Juniper Network Connect 6.0.0" = Juniper Networks Network Connect 6.0.0

"Juniper Network Connect 6.1.0" = Juniper Networks Network Connect 6.1.0

"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0

"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager

"Network Connector" = Network Connector 2.1_rc20

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01

"OPSWAT AV Libraries" = OPSWAT AntiVirus and Firewall Integration Libraries

"RealPlayer 12.0" = RealPlayer

"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers

"SeaMonkey (2.2)" = SeaMonkey (2.2)

"SystemRequirementsLab" = System Requirements Lab

"TuneAid_is1" = TuneAid 3.76

"TurboTax 2009" = TurboTax 2009

"TurboTax 2010" = TurboTax 2010

"TurboTax 2011" = TurboTax 2011

"TurboTax 2012" = TurboTax 2012

"Type Fonts" = Type Fonts

"VisualLightBox" = VisualLightBox

"VLC media player" = VideoLAN VLC media player 0.8.6b

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Web_4.0.1303.0" = Microsoft Expression Web 4

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in

"Adobe Connect Add-in" = Adobe Connect Add-in

"f031ef6ac137efc5" = Dell Driver Download Manager

"Juniper_Setup_Client" = Juniper Networks Setup Client

"Juniper_Term_Services" = Juniper Terminal Services Client

"Neoteris_Host_Checker" = Juniper Networks Host Checker

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/24/2012 9:36:34 AM | Computer Name = D563PSC1 | Source = Application Error | ID = 1000

Description = Faulting application paint shop pro.exe, version 8.0.0.0, faulting

module paint shop pro.exe, version 8.0.0.0, fault address 0x00011f7a.

Error - 10/24/2012 9:55:05 AM | Computer Name = D563PSC1 | Source = Application Error | ID = 1000

Description = Faulting application paint shop pro.exe, version 8.0.0.0, faulting

module paint shop pro.exe, version 8.0.0.0, fault address 0x00011f7a.

Error - 11/16/2012 9:59:04 AM | Computer Name = D563PSC1 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd,

P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials,

P8 NIL, P9 NIL, P10 NIL.

Error - 12/30/2012 7:18:34 PM | Computer Name = D563PSC1 | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting

module ntdll.dll, version 5.1.2600.5755, fault address 0x00011689.

Error - 12/30/2012 7:18:44 PM | Computer Name = D563PSC1 | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 1/6/2013 11:04:43 PM | Computer Name = D563PSC1 | Source = Application Error | ID = 1000

Description = Faulting application paint shop pro.exe, version 8.0.0.0, faulting

module paint shop pro.exe, version 8.0.0.0, fault address 0x00011f7a.

Error - 2/22/2013 12:03:25 PM | Computer Name = D563PSC1 | Source = Microsoft Office 12 | ID = 1000

Description = Faulting application winword.exe, version 12.0.6661.5000, stamp 4f7cd9da,

faulting module mso.dll, version 12.0.6662.5000, stamp 4fd67dd1, debug? 0, fault

address 0x00208953.

Error - 3/17/2013 10:26:06 PM | Computer Name = D563PSC1 | Source = Microsoft Security Client | ID = 5000

Description =

Error - 3/27/2013 11:25:04 PM | Computer Name = D563PSC1 | Source = Application Error | ID = 1000

Description = Faulting application i4gxdtvj.exe, version 2.1.19155.0, faulting module

i4gxdtvj.exe, version 2.1.19155.0, fault address 0x00012288.

Error - 3/29/2013 12:02:06 AM | Computer Name = D563PSC1 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd,

P4 11.1.4289.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials,

P8 NIL, P9 NIL, P10 NIL.

[ OSession Events ]

Error - 2/22/2013 12:03:05 PM | Computer Name = D563PSC1 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 156

seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 3/29/2013 9:03:20 AM | Computer Name = D563PSC1 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/29/2013 9:04:15 AM | Computer Name = D563PSC1 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AmdK8 aswSnx aswSP aswTdi ctxusbm Fips MpFilter nvatabus nvraid SASDIFSV SASKUTIL

Error - 3/29/2013 9:04:31 AM | Computer Name = D563PSC1 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/29/2013 9:06:43 AM | Computer Name = D563PSC1 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/29/2013 9:08:37 AM | Computer Name = D563PSC1 | Source = Service Control Manager | ID = 7031

Description = The Microsoft Antimalware Service service terminated unexpectedly.

It has done this 1 time(s). The following corrective action will be taken in

15000 milliseconds: Restart the service.

Error - 3/29/2013 9:09:01 AM | Computer Name = D563PSC1 | Source = Service Control Manager | ID = 7031

Description = The Microsoft Antimalware Service service terminated unexpectedly.

It has done this 2 time(s). The following corrective action will be taken in

15000 milliseconds: Restart the service.

Error - 3/29/2013 9:33:35 AM | Computer Name = D563PSC1 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/29/2013 9:35:01 AM | Computer Name = D563PSC1 | Source = Service Control Manager | ID = 7023

Description = The 6to4 service terminated with the following error: %%2

Error - 3/29/2013 9:35:01 AM | Computer Name = D563PSC1 | Source = Service Control Manager | ID = 7000

Description = The MCSTRM service failed to start due to the following error: %%2

Error - 3/29/2013 9:35:03 AM | Computer Name = D563PSC1 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

nvatabus nvraid

< End of report >

Results of screen317's Security Check version 0.99.61

Windows XP Service Pack 3 x86

Internet Explorer 7 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Free Antivirus

ESET Online Scanner v3

OPSWAT AntiVirus and Firewall Integration Libraries

iolo technologies' System Mechanic

`````````Anti-malware/Other Utilities Check:`````````

Deal Spy

SUPERAntiSpyware

Windows Defender

Malwarebytes Anti-Malware version 1.70.0.1100

CCleaner

Java 6 Update 31

Java version out of Date!

Adobe Flash Player 11.6.602.180

Adobe Reader 8 Adobe Reader out of Date!

Google Chrome 25.0.1364.152

Google Chrome 25.0.1364.172

Google Chrome plugins...

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Before we begin, I'm having a problem getting rid of Microsoft Security Essentials. Originally, it was the protection I chose, but when this all started happening, it was being blocked and not running. That's when I downloaded Avast, so I had at least something. Apparently, my system still says MSE is running, but it's not. It's not in Add/Remove Programs, it's not listed as a process that I can find, it's not in CCCleaner for me to unistall there either. I have the MSE folder with the applications and files inside, but I can't start it to disable it. I'm not sure what to do. Should I just unistall Avast for now?

See this Microsoft article http://support.microsoft.com/kb/2483120

To remove MS Security Essentials, click on the Fix it button for Fix it # 50692

You will see it just under the title "Fix It for me".

When all completed, 1) logoff and restart the system fresh and 2) report back here with result and for further help to follow.

Link to post
Share on other sites

You noted at the top

I also have ran ComboFix a few times,....

You could well have turned this system into an unbootable "brick". That tool is never intended to be run without the active guidance from a trained expert :excl:

I need for you to Copy / Paste the contents of C:\Combofix.txt for my review.

Also a copy of the last MBAM scan log.

The "Ukash" infection is not a virus but more in the nature of a trojan. That is one of a family of "ransomware" and is also a risk for identity theft.

You are strongly advised to do the following immediately.

1. Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo.com/2007/10/03/what-is-a-backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft.com/technet/security/alerts/info/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/index.html

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Tell me, what is the main use of this system?

Does it have financial or personal data of other people? Do you do any financial or hospital or medical related work for outside firms?

Link to post
Share on other sites

Did the above. I checked taskmgr, gone. Regedit, gone. Services, gone. However, it's folder is still there, and so is the icon on my desktop. Do you want me to run a scan to see if it's still being picked up?

Link to post
Share on other sites

No. But read and do what I listed in my very last reply (just up from here).

btw, please do not use Regedit. And let me guide you going forward. We'll have a lot more to do after this.

Link to post
Share on other sites

Noted about Combofix. Won't run again without proper instruction.

I haven't seen mention of Ukash in a long time, just referenced it from some older notes I took. Will do all that you suggested asap, just in case. I do use this PC for work and I deal with sensitive information, including my own financials, and other people's as well. I have years of taxes on here also.

Will add last log from Combofix and MBAM. I can't open MBAM anymore even in Safe Mode, but will post the last log (I think it's from yesterday)

ComboFix 13-03-28.01 - Mom 03/29/2013 9:11.1.2 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2685 [GMT -4:00]

Running from: C:\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\explorer.exe . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-29 )))))))))))))))))))))))))))))))

.

.

2013-03-29 12:57 . 2013-03-29 12:57 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FF1D7E2-9E7B-48DC-9094-627BA69C21A9}\MpKsl76fba216.sys

2013-03-29 12:16 . 2013-03-29 12:17 -------- d-----w- c:\program files\HitmanPro

2013-03-29 12:12 . 2013-03-29 12:12 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Updater26276

2013-03-29 12:12 . 2013-03-29 12:12 -------- d-----w- c:\program files\Deal Spy

2013-03-29 04:01 . 2013-03-15 07:21 7108640 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FF1D7E2-9E7B-48DC-9094-627BA69C21A9}\mpengine.dll

2013-03-29 03:20 . 2013-03-29 10:30 -------- d-----w- c:\documents and settings\Mom\Application Data\Strongvault

2013-03-29 03:18 . 2013-03-29 10:31 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2013-03-29 03:18 . 2013-03-29 10:31 -------- d-----w- C:\AI_RecycleBin

2013-03-28 15:43 . 2013-03-28 15:58 -------- d-----w- C:\MGtools

2013-03-28 10:41 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-03-28 10:41 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-03-28 10:41 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-03-28 10:41 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-03-28 10:41 . 2013-03-06 22:33 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-03-28 10:41 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-03-28 10:41 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-03-28 10:41 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-03-28 10:41 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe

2013-03-28 10:41 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr

2013-03-28 10:41 . 2013-03-28 10:41 -------- d-----w- c:\program files\AVAST Software

2013-03-28 10:40 . 2013-03-28 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2013-03-27 23:09 . 2013-03-27 23:19 -------- d-----w- C:\8f60095d261204a9c8041a453db3610c

2013-03-27 22:06 . 2013-03-27 22:07 -------- d-----w- c:\documents and settings\Administrator

2013-03-27 21:50 . 2013-03-15 07:21 7108640 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-03-17 19:52 . 2013-03-17 19:52 -------- d-----w- c:\program files\ESET

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-29 12:43 . 2010-11-12 02:52 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-03-28 16:55 . 2012-06-09 07:34 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-28 16:55 . 2011-07-07 21:49 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-28 15:58 . 2013-03-28 15:44 388084 ----a-w- C:\MGlogs.zip

2013-01-30 10:53 . 2009-10-03 00:36 232336 ------w- c:\windows\system32\MpSigStub.exe

2010-05-12 21:42 . 2010-05-12 21:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2010-05-12 22:22 . 2010-05-12 22:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2010-05-12 21:43 . 2010-05-12 21:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2010-05-12 21:42 . 2010-05-12 21:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2010-05-12 21:42 . 2010-05-12 21:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2010-05-12 21:41 . 2010-05-12 21:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2010-05-12 21:42 . 2010-05-12 21:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2010-05-12 21:42 . 2010-05-12 21:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2010-04-14 18:55 . 2010-04-14 18:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2010-05-12 21:43 . 2010-05-12 21:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2010-11-10 . B4F4369FD47354807F2F83CA54D6F335 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-08-09 13925480]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]

"HostManager"="c:\program files\Common Files\AOL\1176508629\ee\AOLSoftware.exe" [2010-03-08 41800]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]

backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]

backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]

backup=c:\windows\pss\Workspace Macro Pro Hotkeys.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^Antimalware Doctor.lnk]

backup=c:\windows\pss\Antimalware Doctor.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^Configuration & Monitor Utility.lnk]

backup=c:\windows\pss\Configuration & Monitor Utility.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^LivePerson.lnk]

backup=c:\windows\pss\LivePerson.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUninstallURL]

start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0ANAAzADMANAAxADMAMAAzADgALQBUADUALQBVADgANQArADEALQBLAFYAMwArADcALQBCAEEAKwAxAC0AWABMACsAMQAtAEYAUAA5ACsANgAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADIA∏=90&ver=9.0.872 [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2012-04-04 10:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]

2011-01-12 11:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]

2012-03-09 20:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]

2011-01-13 11:19 42320 ----a-w- c:\program files\AOL Desktop 9.6\aol.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2006-01-02 20:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-01-15 20:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]

2010-05-12 22:03 300472 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]

2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\aol\1176508629\ee\aolsoftware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-06-10 01:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-07-27 20:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2004-07-27 20:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5600-6600 Series Fax Server]

2008-03-20 11:24 311976 ----a-w- c:\program files\Lexmark 5600-6600 Series\fm3032.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxduamon]

2008-03-20 11:24 16040 ----a-w- c:\program files\Lexmark 5600-6600 Series\lxduamon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdumon.exe]

2008-03-20 11:24 672424 ----a-w- c:\program files\Lexmark 5600-6600 Series\lxdumon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2012-12-14 20:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-03-18 22:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2012-09-12 21:19 947176 ----a-w- c:\program files\Microsoft Security Client\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2010-08-09 03:07 13925480 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2010-08-09 03:07 110696 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2006-07-27 19:19 282624 ----a-w- c:\windows\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]

2006-05-08 09:17 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-07-07 03:03 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Common Files\\aol\\1176508629\\ee\\aolsoftware.exe"=

"c:\\Program Files\\AOL 9.0a\\waol.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Documents and Settings\\Mom\\taw\\winvnc.exe"=

"c:\\WINDOWS\\system32\\lxducoms.exe"=

"c:\\Program Files\\Lexmark 5600-6600 Series\\lxduamon.exe"=

"c:\\Program Files\\Lexmark 5600-6600 Series\\frun.exe"=

"c:\\Program Files\\Lexmark 5600-6600 Series\\lxdufax.exe"=

"c:\\Documents and Settings\\Mom\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\AOL 9.1a\\waol.exe"=

"c:\\Documents and Settings\\Mom\\My Documents\\bbviewerv11beta\\BBViewer.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\SeaMonkey\\seamonkey.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Documents and Settings\\Mom\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=

"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

"53:UDP"= 53:UDP:Promo

"8939:TCP"= 8939:TCP:Remote Assistance Local

"6948:TCP"= 6948:TCP:Remote Assistance Remote

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/28/2013 6:41 AM 49248]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/19/2009 4:36 PM 721904]

R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [10/3/2007 4:20 PM 63008]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 7:38 PM 116608]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/28/2013 6:41 AM 765736]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/28/2013 6:41 AM 368176]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 7:13 PM 65584]

S1 cvjbhgwe;cvjbhgwe;\??\c:\windows\system32\drivers\cvjbhgwe.sys --> c:\windows\system32\drivers\cvjbhgwe.sys [?]

S1 kolkgvvx;kolkgvvx;\??\c:\windows\system32\drivers\kolkgvvx.sys --> c:\windows\system32\drivers\kolkgvvx.sys [?]

S1 MpKsl76fba216;MpKsl76fba216;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FF1D7E2-9E7B-48DC-9094-627BA69C21A9}\MpKsl76fba216.sys [3/29/2013 8:57 AM 29904]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/28/2013 6:41 AM 29816]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/28/2013 6:41 AM 66336]

S2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [9/12/2012 2:15 PM 68464]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]

S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/28/2013 6:41 AM 164736]

S3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672]

S3 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/12/2012 2:15 PM 1027792]

S3 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]

S3 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [5/5/2008 4:39 PM 98984]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]

S3 Network ConnectorService;Network Connector Service;c:\program files\Barracuda\Network Connector\bin\network-connectorserv.exe [5/18/2010 4:28 AM 43416]

S4 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2/14/2009 8:33 AM 266240]

S4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-14 21:46 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-29 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-28 22:32]

.

2007-10-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8183164567.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 04:52]

.

2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 13:18]

.

2013-03-29 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 21:25]

.

2013-03-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-706684962-979399936-124493050-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2013-03-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-706684962-979399936-124493050-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

.

------- Supplementary Scan -------

.

uStart Page = https://portal.arise.com/Login.aspx

mStart Page = hxxp://www.aol.com/?src=customie7

uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/redir.asp?affid=105-79&installtype=force&dtag=563psc1&langid=1&systempopup=true

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

Trusted Zone: arise.com

Trusted Zone: intuit.com

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1

DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{663B1A9B-97A5-4BF9-A4A5-3B60732A452B} - c:\documents and settings\Mom\Local Settings\Application Data\getsavin\ie\getsavin_1364526601.dll

AddRemove-GetSavin - c:\documents and settings\Mom\Local Settings\Application Data\getsavin\uninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-03-29 09:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(628)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\l3codeca.acm

.

- - - - - - - > 'explorer.exe'(1124)

c:\windows\system32\WININET.dll

.

Completion time: 2013-03-29 09:26:51

ComboFix-quarantined-files.txt 2013-03-29 13:26

ComboFix2.txt 2013-03-28 02:54

ComboFix3.txt 2013-03-28 00:03

ComboFix4.txt 2013-03-18 10:24

.

Pre-Run: 29,972,193,280 bytes free

Post-Run: 30,019,915,776 bytes free

.

- - End Of File - - F313A265E85037CB405664E08C1D4492

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.28.08

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 7.0.5730.13

Mom :: D563PSC1 [administrator]

3/28/2013 12:09:58 PM

mbam-log-2013-03-28 (12-09-58).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 288410

Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Please close any of your open windows/programs and exit; saving any open work you have.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %APPDATA%\*.dll /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    /md5stop
    c:|services.ex;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt

Link to post
Share on other sites

OTL logfile created on: 3/29/2013 12:19:46 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mom\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 81.45% Memory free

4.25 Gb Paging File | 3.89 Gb Available in Paging File | 91.55% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 145.96 Gb Total Space | 24.54 Gb Free Space | 16.81% Space Free | Partition Type: NTFS

Computer Name: D563PSC1 | User Name: Mom | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/29 12:18:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe

PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/09/12 06:23:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

PRC - [2010/11/10 14:10:54 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1176508629\ee\aolsoftware.exe

PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/29 03:51:29 | 002,084,352 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13032900\algo.dll

MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

MOD - [2008/03/18 20:37:00 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdudrpp.dll

MOD - [2008/03/04 01:54:54 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXDUPMON.DLL

MOD - [2008/03/04 01:53:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll

MOD - [2007/11/17 08:01:32 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\lxduoem.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/09/12 06:23:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2012/08/03 16:15:16 | 001,027,792 | ---- | M] (iolo technologies, LLC) [On_Demand | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2010/11/17 16:38:50 | 000,628,080 | ---- | M] (Juniper Networks) [Disabled | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2010/05/18 04:28:12 | 000,043,416 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Barracuda\Network Connector\bin\network-connectorserv.exe -- (Network ConnectorService)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/02/14 08:33:30 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)

SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2)

SRV - [2008/03/20 07:25:27 | 000,594,600 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\system32\lxducoms.exe -- (lxdu_device)

SRV - [2008/03/20 07:25:17 | 000,098,984 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)

SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)

SRV - [2006/04/27 17:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2006/04/27 17:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2006/04/27 17:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)

DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kolkgvvx.sys -- (kolkgvvx)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cvjbhgwe.sys -- (cvjbhgwe)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mom\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btkrnl.sys -- (BTKRNL)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)

DRV - [2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2013/03/06 18:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2013/03/06 18:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2013/03/06 18:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/08/03 15:59:46 | 000,068,464 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFsFilter)

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/06/21 22:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2010/06/21 18:07:39 | 000,091,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2010/05/18 04:28:30 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)

DRV - [2010/02/18 20:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)

DRV - [2009/09/19 16:36:07 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2009/09/08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)

DRV - [2008/10/27 15:47:10 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)

DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007/10/03 16:20:32 | 000,063,008 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_550_12129.sys -- (NEOFLTR_550_12129)

DRV - [2007/06/20 14:57:46 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)

DRV - [2007/05/15 17:25:00 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)

DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006/08/05 07:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)

DRV - [2006/07/27 15:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2006/06/18 21:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006/05/12 10:44:56 | 000,647,498 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)

DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2005/05/25 17:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)

DRV - [2005/01/10 18:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2005/01/10 18:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://my.aol.com/?ncid=aolmas00050000000002 [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://my.aol.com/?ncid=aolmas00050000000002 [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=customie7

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50ie7customie7

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://my.aol.com/?ncid=aolmas00050000000002 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://portal.arise.com/Login.aspx

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50ie7customie7

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{C9E9AB05-CB63-449A-B01F-B7E86DEA44F0}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS_en

IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()

FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: C:\Program Files\Mozilla Firefox\plugins\ [2012/05/11 13:02:03 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/03 21:11:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.2\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/04/12 08:12:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.2\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2012/04/05 08:15:37 | 000,000,000 | ---D | M]

[2012/09/06 10:58:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions

[2009/12/31 20:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}

[2009/05/18 14:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2012/04/05 08:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\SeaMonkey\Profiles\jamcjcz4.default\extensions

[2012/04/05 08:31:56 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Mom\Application Data\Mozilla\SeaMonkey\Profiles\jamcjcz4.default\extensions\inspector@mozilla.org

[2012/09/06 10:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/04/05 08:44:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2012/04/05 08:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)

[2012/04/05 08:19:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)

[2010/05/12 17:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll

[2010/05/12 17:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

[2010/05/12 17:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

[2010/05/12 17:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

[2011/08/15 17:13:21 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll

[2012/04/05 08:44:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/05/12 18:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll

[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

[2010/05/12 17:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

[2007/10/27 13:44:58 | 000,002,275 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\aolsearch.xml

[2010/11/11 11:11:35 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dieckmbeafcedhihaiadnaanclccfihd\1.23.8_0\crossrider

CHR - Extension: No name found = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dieckmbeafcedhihaiadnaanclccfihd\1.23.8_0\

CHR - Extension: No name found = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\

O1 HOSTS File: ([2013/03/27 22:29:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1176508629\ee\aolsoftware.exe (AOL Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O15 - HKCU\..Trusted Domains: arise.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: carnival.com ([citrix] http in Local intranet)

O15 - HKCU\..Trusted Domains: intuit.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (Reg Error: Key error.)

O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://asp23.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)

O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab (Reg Error: Key error.)

O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB (CTAdjust Class)

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228867869953 (MUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)

O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)

O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab (InetDownload Class)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://ns.arise.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ns.arise.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6019A3D2-B279-468A-8732-A26A61A41680}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - Reg Error: Value error. - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk - Reg Error: Value error. - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - Reg Error: Value error. - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe - (Hewlett-Packard Co.)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - Reg Error: Value error. - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk - Reg Error: Value error. - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Mom^Start Menu^Programs^Startup^Antimalware Doctor.lnk - Reg Error: Value error. - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Mom^Start Menu^Programs^Startup^Configuration & Monitor Utility.lnk - C:\Program Files\WLAN\802.11 Wireless LAN\WlanMonitor.exe - (ATMEL)

MsConfig - StartUpFolder: C:^Documents and Settings^Mom^Start Menu^Programs^Startup^LimeWire On Startup.lnk - Reg Error: Value error. - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Mom^Start Menu^Programs^Startup^LivePerson.lnk - Reg Error: Value error. - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Mom^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found

MsConfig - StartUpReg: AdobeCS6ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: AOL Fast Start - hkey= - key= - C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)

MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig - StartUpReg: ATICCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

MsConfig - StartUpReg: AvgUninstallURL - hkey= - key= - File not found

MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

MsConfig - StartUpReg: ConnectionCenter - hkey= - key= - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found

MsConfig - StartUpReg: ddoctorv2 - hkey= - key= - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)

MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\aol\1176508629\ee\aolsoftware.exe (AOL Inc.)

MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)

MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: Lexmark 5600-6600 Series Fax Server - hkey= - key= - C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe ()

MsConfig - StartUpReg: lxduamon - hkey= - key= - C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()

MsConfig - StartUpReg: lxdumon.exe - hkey= - key= - C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()

MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

MsConfig - StartUpReg: MSC - hkey= - key= - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found

MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found

MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

MsConfig - StartUpReg: SsAAD.exe - hkey= - key= - C:\Program Files\Sony\SonicStage\SSAAD.exe ()

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

MsConfig - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: hitmanpro37 - Reg Error: Value error.

SafeBootMin: hitmanpro37.sys - Reg Error: Value error.

SafeBootMin: HitmanPro37Crusader - Reg Error: Value error.

SafeBootMin: HitmanPro37CrusaderBoot - Reg Error: Value error.

SafeBootMin: ioloSystemService - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)

SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: hitmanpro35 - Reg Error: Value error.

SafeBootNet: hitmanpro35.sys - Reg Error: Value error.

SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.

SafeBootNet: hitmanpro37 - Reg Error: Value error.

SafeBootNet: hitmanpro37.sys - Reg Error: Value error.

SafeBootNet: HitmanPro37Crusader - Reg Error: Value error.

SafeBootNet: HitmanPro37CrusaderBoot - Reg Error: Value error.

SafeBootNet: ioloSystemService - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)

SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: vsmon - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EC8D18CA-BC7C-4F71-ACCE-2BD701C00F7E} - AOL Toolbar

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/03/29 10:41:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe

[2013/03/29 10:28:33 | 003,795,288 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Mom\Desktop\SecurityScan_Release.exe

[2013/03/29 09:50:30 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Mom\Desktop\esetsmartinstaller_enu.exe

[2013/03/29 09:49:15 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mom\Desktop\amwmb.exe

[2013/03/29 09:26:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2013/03/29 08:55:22 | 005,044,813 | R--- | C] (Swearware) -- C:\ComboFix.exe

[2013/03/29 08:46:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mom\Recent

[2013/03/29 08:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2013/03/29 08:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Updater26276

[2013/03/29 08:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Deal Spy

[2013/03/28 23:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Strongvault

[2013/03/28 23:18:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin

[2013/03/28 23:18:18 | 000,000,000 | ---D | C] -- C:\AI_RecycleBin

[2013/03/28 17:32:02 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Mom\Desktop\dds.com

[2013/03/28 11:43:55 | 000,000,000 | ---D | C] -- C:\MGtools

[2013/03/28 10:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\RK_Quarantine

[2013/03/28 10:52:13 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\tdsskiller.exe

[2013/03/28 10:51:24 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mom\Desktop\mb.exe

[2013/03/28 06:41:52 | 000,368,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2013/03/28 06:41:52 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2013/03/28 06:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus

[2013/03/28 06:41:51 | 000,765,736 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2013/03/28 06:41:51 | 000,062,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2013/03/28 06:41:51 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2013/03/28 06:41:50 | 000,228,600 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2013/03/28 06:41:50 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys

[2013/03/28 06:41:29 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2013/03/28 06:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2013/03/28 06:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2013/03/27 21:01:28 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013/03/27 19:28:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/03/27 19:28:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/03/27 19:28:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/03/27 19:28:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/03/27 19:09:37 | 000,000,000 | ---D | C] -- C:\8f60095d261204a9c8041a453db3610c

[2013/03/27 17:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

[2013/03/27 17:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2013/03/17 22:39:01 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/03/17 22:38:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/03/17 15:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[4 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/29 12:18:46 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013/03/29 12:18:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe

[2013/03/29 11:50:37 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2013/03/29 11:40:43 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/03/29 11:40:43 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2013/03/29 11:40:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/03/29 11:40:26 | 3219,640,320 | -HS- | M] () -- C:\hiberfil.sys

[2013/03/29 11:39:02 | 000,015,048 | ---- | M] () -- C:\FixitRegBackup.reg

[2013/03/29 11:38:17 | 000,806,400 | ---- | M] () -- C:\MicrosoftFixit50692.msi

[2013/03/29 10:53:51 | 000,890,798 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\SecurityCheck.exe

[2013/03/29 10:42:52 | 000,843,908 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\SecurityCheck.exe.part

[2013/03/29 10:29:25 | 003,795,288 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Mom\Desktop\SecurityScan_Release.exe

[2013/03/29 10:26:33 | 013,786,977 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\mbar-1.01.0.1021.zip

[2013/03/29 09:58:43 | 161,545,632 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\setup_11.0.0.1245.x01_2013_03_29_16_35.exe

[2013/03/29 09:50:39 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Mom\Desktop\esetsmartinstaller_enu.exe

[2013/03/29 09:49:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/29 09:49:18 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mom\Desktop\amwmb.exe

[2013/03/29 09:07:21 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2013/03/29 08:55:32 | 005,044,813 | R--- | M] (Swearware) -- C:\ComboFix.exe

[2013/03/29 08:43:40 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe

[2013/03/29 08:17:04 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk

[2013/03/29 07:59:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/03/28 23:19:34 | 020,480,000 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\store-pp.jbs

[2013/03/28 23:17:38 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite

[2013/03/28 23:14:03 | 000,585,064 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\cbsidlm-tr1_12-HitmanPro_3_32bit-ORG-10895604.exe

[2013/03/28 17:32:30 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Mom\Desktop\dds.com

[2013/03/28 17:15:36 | 000,609,993 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\adwcleaner.exe

[2013/03/28 17:13:58 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\HiJackThis.lnk

[2013/03/28 12:55:37 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/03/28 12:55:36 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/03/28 12:05:47 | 000,000,395 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to MGlogs.zip.lnk

[2013/03/28 11:58:39 | 000,388,084 | ---- | M] () -- C:\MGlogs.zip

[2013/03/28 11:58:39 | 000,388,084 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\MGlogs.zip

[2013/03/28 10:54:27 | 001,898,001 | ---- | M] () -- C:\MGtools.exe

[2013/03/28 10:52:33 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\tdsskiller.exe

[2013/03/28 10:51:35 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mom\Desktop\mb.exe

[2013/03/28 10:48:13 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe

[2013/03/28 09:44:44 | 003,730,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/03/28 09:39:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2013/03/28 08:02:49 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-706684962-979399936-124493050-1006.job

[2013/03/28 08:02:46 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-706684962-979399936-124493050-1006.job

[2013/03/28 06:41:52 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2013/03/28 06:41:50 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2013/03/27 22:29:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/03/27 21:01:52 | 000,000,339 | RHS- | M] () -- C:\boot.ini

[2013/03/27 19:31:04 | 000,000,339 | ---- | M] () -- C:\Boot.bak

[2013/03/13 06:56:52 | 000,081,806 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\156038_10200602886892871_1580318341_n.jpg

[2013/03/13 06:54:14 | 000,076,413 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\644343_10200622507183366_1314037004_n.jpg

[2013/03/10 06:25:49 | 000,504,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/03/10 06:25:48 | 000,089,126 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/03/09 17:17:41 | 000,042,182 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\81_508227616203_2157_n.jpg

[2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2013/03/06 18:33:24 | 000,164,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2013/03/06 18:33:24 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2013/03/06 18:33:24 | 000,049,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys

[2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2013/03/06 18:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2013/03/06 18:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[4 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

Link to post
Share on other sites

========== Files Created - No Company Name ==========

[2013/03/29 11:50:37 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2013/03/29 11:39:01 | 000,015,048 | ---- | C] () -- C:\FixitRegBackup.reg

[2013/03/29 11:38:17 | 000,806,400 | ---- | C] () -- C:\MicrosoftFixit50692.msi

[2013/03/29 10:53:47 | 000,890,798 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\SecurityCheck.exe

[2013/03/29 10:42:43 | 000,843,908 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\SecurityCheck.exe.part

[2013/03/29 10:26:14 | 013,786,977 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\mbar-1.01.0.1021.zip

[2013/03/29 09:57:27 | 161,545,632 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\setup_11.0.0.1245.x01_2013_03_29_16_35.exe

[2013/03/29 09:34:22 | 3219,640,320 | -HS- | C] () -- C:\hiberfil.sys

[2013/03/29 08:17:04 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk

[2013/03/28 23:19:34 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\store-pp.jbs

[2013/03/28 23:17:38 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite

[2013/03/28 23:13:57 | 000,585,064 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\cbsidlm-tr1_12-HitmanPro_3_32bit-ORG-10895604.exe

[2013/03/28 17:14:27 | 000,609,993 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\adwcleaner.exe

[2013/03/28 12:05:47 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to MGlogs.zip.lnk

[2013/03/28 11:58:39 | 000,388,084 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\MGlogs.zip

[2013/03/28 11:44:19 | 000,388,084 | ---- | C] () -- C:\MGlogs.zip

[2013/03/28 10:54:26 | 001,898,001 | ---- | C] () -- C:\MGtools.exe

[2013/03/28 10:47:43 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe

[2013/03/28 06:41:52 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2013/03/28 06:41:51 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2013/03/28 06:41:51 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2013/03/28 06:41:51 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2013/03/27 19:28:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/03/27 19:28:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/03/27 19:28:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/03/27 19:28:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/03/27 19:28:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013/03/17 22:41:25 | 000,000,339 | ---- | C] () -- C:\Boot.bak

[2013/03/17 22:41:19 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2013/03/17 21:12:18 | 000,000,876 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/03/16 05:24:37 | 000,275,880 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2013/03/13 06:54:13 | 000,076,413 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\644343_10200622507183366_1314037004_n.jpg

[2013/03/09 23:49:17 | 000,081,806 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\156038_10200602886892871_1580318341_n.jpg

[2013/03/09 17:17:40 | 000,042,182 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\81_508227616203_2157_n.jpg

[2012/09/12 18:16:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/09/12 14:13:51 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dat

[2012/09/12 13:39:46 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

[2012/09/05 16:23:22 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\d3d9caps.dat

[2012/01/07 06:30:00 | 003,216,605 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-706684962-979399936-124493050-1006-0.dat

[2012/01/07 06:29:59 | 000,440,558 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2012/01/06 12:00:01 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc

[2011/12/27 17:05:15 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/23 14:02:19 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011/09/02 12:24:39 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2011/09/02 12:16:21 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/09/02 12:16:21 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/09/02 12:16:21 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/05/21 06:01:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2009/09/18 08:24:11 | 001,513,982 | ---- | C] () -- C:\Program Files\Malwarebytes' Anti-Malware.zip

[2008/04/21 14:28:10 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2008/02/01 07:09:46 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

[2007/06/29 21:45:05 | 000,000,253 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.tif

[2007/06/29 21:45:05 | 000,000,164 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.dat

[2007/04/19 18:30:03 | 000,189,440 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/04/14 07:17:25 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/10 13:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

[2008/05/05 16:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5600-6600 Series

[2008/01/19 19:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica

[2012/05/11 15:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2011/03/25 06:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL

[2011/03/24 08:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads

[2007/12/25 13:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP

[2009/06/29 13:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2007/04/14 11:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2008/09/04 16:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications

[2013/03/28 06:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2009/07/19 13:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU

[2010/03/16 14:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSVideoBurner

[2011/02/08 20:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2007/04/11 08:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel

[2009/09/19 16:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2010/11/18 07:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2007/06/29 21:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard

[2013/03/29 08:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2013/02/24 13:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP

[2012/11/26 12:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations

[2008/04/09 14:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HumanClick

[2008/04/25 10:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software

[2007/09/20 22:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions

[2011/09/14 18:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2007/04/11 08:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield

[2010/11/30 20:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit

[2013/03/17 15:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

[2010/10/21 10:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks

[2008/02/05 19:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Knowledge Adventure

[2008/02/02 14:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/04/09 00:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 5600-6600 Series

[2007/04/13 19:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia

[2007/11/29 16:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier

[2008/11/21 16:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2013/03/29 10:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2007/04/13 16:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com

[2012/09/06 13:30:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2012/09/14 06:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2008/02/23 10:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2007/04/19 19:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero

[2010/06/24 11:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton

[2010/06/24 04:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2011/02/18 14:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS

[2011/09/03 21:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA

[2011/09/02 12:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2007/04/14 08:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles

[2008/05/09 17:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2009/04/20 14:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Protexis

[2011/07/08 05:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks

[2010/11/22 00:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real

[2012/05/11 15:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2007/05/27 13:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm

[2004/08/10 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2011/02/21 11:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2007/04/11 08:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic

[2007/09/17 14:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation

[2011/04/14 10:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2012/09/06 18:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2011/04/29 12:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2010/06/24 04:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2010/11/12 19:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R

[2011/11/28 20:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan

[2007/06/29 21:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG

[2007/04/13 16:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2007/04/18 15:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/07/31 20:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner

[2008/11/12 08:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!

[2010/04/13 14:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/26 19:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/04/21 13:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe

[2010/03/01 23:44:10 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\java-rmi.exe

[2010/03/01 23:44:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\java.exe

[2010/03/01 23:44:10 | 000,059,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\javacpl.exe

[2010/03/01 23:44:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\javaw.exe

[2010/03/01 23:44:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\javaws.exe

[2010/03/01 23:44:12 | 000,079,648 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jbroker.exe

[2010/03/01 23:44:12 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jp2launcher.exe

[2010/03/01 23:44:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jqs.exe

[2010/03/01 23:44:12 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jqsnotify.exe

[2010/03/01 23:44:12 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jucheck.exe

[2010/03/01 23:44:12 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jureg.exe

[2010/03/01 23:44:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jusched.exe

[2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\keytool.exe

[2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\kinit.exe

[2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\klist.exe

[2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\ktab.exe

[2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\orbd.exe

[2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\pack200.exe

[2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\policytool.exe

[2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\rmid.exe

[2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\rmiregistry.exe

[2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\servertool.exe

[2010/03/01 23:44:14 | 000,030,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\ssvagent.exe

[2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\tnameserv.exe

[2010/03/01 23:44:14 | 000,132,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\unpack200.exe

[2008/05/02 06:30:40 | 001,144,952 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aimtunes\AIMTunes.exe

[2007/04/25 13:32:04 | 000,854,576 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\waol-0.4327.165.1.exe

[2007/04/25 13:15:04 | 014,972,808 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\acs\acssetup.exe

[2007/04/25 13:15:14 | 000,343,392 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\afix\afixinst.exe

[2007/04/25 13:15:14 | 000,120,112 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\afix\afixlang.exe

[2007/04/25 13:15:14 | 000,390,704 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\afix\WinsockFix.exe

[2007/04/25 13:15:14 | 000,223,152 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\afix\wsfinst.exe

[2007/04/25 13:15:14 | 000,142,608 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\aolload\alsetup.exe

[2007/04/25 13:15:18 | 001,134,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\flash\flash9ex.exe

[2007/04/25 13:15:20 | 000,573,690 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\muinst\muinst.exe

[2007/04/25 13:15:20 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\ocp\ocpgc.exe

[2007/04/25 13:15:20 | 001,387,568 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\ocp\ocpinst.exe

[2007/04/25 13:15:20 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\parcon\AOLParconLink.exe

[2007/04/25 13:15:20 | 000,099,464 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\sm\sminstlp.exe

[2007/04/25 13:15:20 | 000,175,488 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\sm\stmninst.exe

[2007/04/25 13:15:22 | 000,686,928 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\sysinfo\SinfInst.exe

[2007/04/25 13:15:22 | 000,357,768 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\tb\tbsetup.exe

[2007/04/25 13:15:22 | 001,104,960 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\toolbar\toolbar.exe

[2007/04/25 13:15:22 | 000,607,392 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\tpspd\wbsetup.exe

[2007/04/25 13:15:22 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\vwpt\VPPrePop.exe

[2007/04/25 13:15:22 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\vwpt\Vwpt.exe

[2007/10/27 13:33:22 | 001,892,192 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\waol-0.4334.34.1.exe

[2007/10/27 13:33:28 | 008,139,800 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\acs\acssetup.exe

[2007/10/27 13:33:28 | 000,260,040 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\acs\ecuinst.exe

[2007/10/27 13:33:28 | 000,355,592 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\afix\afixinst.exe

[2007/10/27 13:33:28 | 000,127,224 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\afix\afixlang.exe

[2007/10/27 13:33:28 | 000,390,704 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\afix\WinsockFix.exe

[2007/10/27 13:33:28 | 000,223,152 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\afix\wsfinst.exe

[2007/10/27 13:33:32 | 000,142,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\aolload\alsetup.exe

[2007/10/27 13:33:28 | 002,439,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\ccu\ocpinsti.exe

[2007/10/27 13:33:32 | 001,134,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\flash\flash9ex.exe

[2007/10/27 13:33:28 | 000,586,815 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\muinst\muinst.exe

[2007/10/27 13:33:28 | 000,062,816 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\ocp\ocpgc.exe

[2007/10/27 13:33:28 | 001,475,416 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\ocp\ocpinst.exe

[2007/10/27 13:33:30 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\parcon\AOLParconLink.exe

[2007/10/27 13:33:32 | 000,099,256 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\sm\sminstlp.exe

[2007/10/27 13:33:30 | 000,175,280 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\sm\stmninst.exe

[2007/10/27 13:33:28 | 000,711,392 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\sysinfo\SinfInst.exe

[2007/10/27 13:33:28 | 000,359,184 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\tb\tbsetup.exe

[2007/10/27 13:33:28 | 001,104,960 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\toolbar\toolbar.exe

[2007/10/27 13:33:28 | 000,607,392 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\tpspd\wbsetup.exe

[2007/10/27 13:33:28 | 000,601,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\unagi\ampx.english.exe

[2007/10/27 13:33:28 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\vwpt\VPPrePop.exe

[2007/10/27 13:33:28 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\vwpt\Vwpt.exe

[2011/01/13 17:37:42 | 000,922,960 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\waol-0.4340.130.1.exe

[2011/01/13 17:37:56 | 000,260,120 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\ecuinst.exe

[2011/01/13 17:37:56 | 000,035,664 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\postproc.exe

[2011/01/13 17:37:56 | 000,169,288 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\setup.exe

[2011/01/13 17:37:52 | 001,480,288 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\acscore.exe

[2011/01/13 17:37:52 | 000,972,896 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\acslaeu.exe

[2011/01/13 17:37:54 | 001,662,632 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\acslang.exe

[2011/01/13 17:37:54 | 000,148,736 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\acsrollb.exe

[2011/01/13 17:37:54 | 000,021,832 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\acsshutd.exe

[2011/01/13 17:37:58 | 000,062,248 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\ocpgc.exe

[2011/01/13 17:37:58 | 004,020,768 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\ocpinst.exe

[2011/01/13 17:38:00 | 001,048,160 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\browser\aolbwsrinst.exe

[2011/01/13 17:38:02 | 000,106,112 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\browser\aolbwsrlp.exe

[2011/01/13 17:38:02 | 002,605,008 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\flash\flashax.exe

[2011/01/13 17:38:00 | 001,113,240 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\msvcr9\msvc9rt.exe

[2011/01/13 17:37:56 | 000,849,235 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\muinst\muinst.exe

[2011/01/13 17:38:02 | 000,058,696 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\parcon\AOLParconLink.exe

[2011/01/13 17:38:00 | 000,711,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\sysinfo\SinfInst.exe

[2011/01/13 17:37:56 | 000,417,240 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\tb\tbsetup.exe

[2011/01/13 17:38:02 | 002,195,440 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\toolbar\aol_toolbar.exe

[2011/01/13 17:37:58 | 000,557,024 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\tpspd\wbsetup.exe

[2011/01/13 17:37:50 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\vwpt\VPPrePop.exe

[2011/01/13 17:37:50 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\vwpt\Vwpt.exe

[2009/07/08 13:45:12 | 035,387,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\noneCodesignFilesBundle.exe

[2009/07/08 13:46:40 | 001,895,720 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\waol-0.4334.34.14.exe

[2009/07/08 13:46:27 | 008,139,800 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\acs\acssetup.exe

[2009/07/08 13:46:01 | 000,260,040 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\acs\ecuinst.exe

[2009/07/08 13:45:51 | 000,355,592 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\afix\afixinst.exe

[2009/07/08 13:45:33 | 000,127,224 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\afix\afixlang.exe

[2009/07/08 13:43:11 | 000,390,704 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\afix\WinsockFix.exe

[2009/07/08 13:43:24 | 000,223,152 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\afix\wsfinst.exe

[2009/07/08 13:46:31 | 000,142,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\aolload\alsetup.exe

[2009/07/08 13:45:29 | 002,439,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ccu\ocpinsti.exe

[2008/11/06 07:47:12 | 001,134,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\flash\flash9ex.exe

[2008/11/06 07:47:03 | 000,586,815 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\muinst\muinst.exe

[2009/07/08 13:45:16 | 000,062,816 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ocp\ocpgc.exe

[2009/07/08 13:43:17 | 001,475,416 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ocp\ocpinst.exe

[2009/07/08 13:45:50 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\parcon\AOLParconLink.exe

[2009/07/08 13:46:41 | 000,099,200 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\sm\sminstlp.exe

[2009/07/08 13:43:21 | 000,175,224 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\sm\stmninst.exe

[2009/07/08 13:45:19 | 000,711,520 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\sysinfo\SinfInst.exe

[2009/07/08 13:43:28 | 000,359,184 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\tb\tbsetup.exe

[2009/07/08 13:45:41 | 002,100,784 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\toolbar\aol_toolbar_dual.exe

[2009/07/08 13:45:47 | 000,607,392 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\tpspd\wbsetup.exe

[2009/07/08 13:45:57 | 000,601,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\unagi\ampx.english.exe

[2008/11/06 07:47:02 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\vwpt\VPPrePop.exe

[2008/11/06 07:47:02 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\vwpt\Vwpt.exe

[2007/04/13 19:38:08 | 000,848,944 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\waol-us-0.1.3.1.exe

[2007/04/13 19:36:24 | 014,617,616 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\acs\acssetup.exe

[2007/04/13 19:29:13 | 000,343,472 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\afix\afixinst.exe

[2007/04/13 19:31:43 | 000,120,016 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\afix\afixlang.exe

[2007/04/13 19:36:34 | 000,390,704 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\afix\WinsockFix.exe

[2007/04/13 19:33:25 | 000,223,152 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\afix\wsfinst.exe

[2007/04/13 19:33:36 | 000,142,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\aolload\alsetup.exe

[2007/04/13 19:33:48 | 001,134,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\flash\flash9ex.exe

[2007/04/13 19:29:57 | 000,573,690 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\muinst\muinst.exe

[2007/04/13 19:34:03 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\ocp\ocpgc.exe

[2007/04/13 19:29:05 | 001,353,312 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\ocp\ocpinst.exe

[2007/04/13 19:28:01 | 000,099,128 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\sm\sminstlp.exe

[2007/04/13 19:36:28 | 000,174,848 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\sm\stmninst.exe

[2007/04/13 19:38:32 | 000,686,736 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\sysinfo\SinfInst.exe

[2007/04/13 19:34:09 | 000,357,768 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\tb\tbsetup.exe

[2007/04/13 19:38:22 | 000,584,168 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\tpspd\wbsetup.exe

[2007/04/13 19:36:41 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\vwpt\VPPrePop.exe

[2007/04/13 19:29:47 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\vwpt\Vwpt.exe

[2007/04/13 20:01:14 | 000,010,752 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\OptScan.exe

[2005/08/09 14:43:04 | 000,601,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\AMP\ampx.exe

[2007/05/26 15:02:27 | 000,010,752 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\OptScan.exe

[2012/03/06 21:48:06 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.6.0.40\SetupAdmin.exe

[2010/05/12 17:55:30 | 001,050,040 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpress.exe

[2010/07/01 14:44:16 | 000,337,392 | ---- | M] (Visan / RocketLife) -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\PhotoProductCore.exe

[2007/07/02 05:56:06 | 023,573,368 | R--- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_rel_6_83_14_1_CI.exe

[2008/11/14 09:11:49 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe

[2008/11/14 09:11:49 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe

[2008/11/14 09:11:49 | 000,018,944 | ---- | M] (Nokia) -- C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSMsi.exe

[2011/09/14 18:36:30 | 056,982,041 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{AB6F6C80-1C35-4672-BDEF-F26FF214C409}\Samsung_PC_Studio_7.2.24.9.exe

[2013/02/08 09:17:48 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

[2011/05/21 06:01:00 | 000,194,152 | ---- | M] (NVIDIA Corporation) -- C:\Documents and Settings\All Users\Application Data\NVIDIA\Updatus\WLMerger.exe

[2010/07/31 10:15:33 | 027,591,840 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\yahoo!\YUpdater\msgup1000_1270_us_u2.exe

[2009/05/29 05:34:38 | 018,189,072 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\yahoo!\YUpdater\msgup900_2152_us.exe

[2009/06/09 10:38:16 | 018,184,984 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\yahoo!\YUpdater\msgup900_2162_us.exe

[2009/06/15 22:00:57 | 018,186,048 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\yahoo!\YUpdater\msgup900_2162_us_v2.exe

[2008/11/05 22:03:14 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe

Link to post
Share on other sites

< %ALLUSERSPROFILE%\Application Data\*.dll /s >

[2006/11/02 06:21:54 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DIFxAPI.dll

[2008/04/17 12:12:54 | 000,107,368 | ---- | M] (GEAR Software Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86\GEARAspi.dll

[2010/03/01 23:44:02 | 001,208,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\awt.dll

[2010/03/01 23:44:02 | 000,114,688 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\axbridge.dll

[2010/03/01 23:44:06 | 000,192,512 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\cmm.dll

[2010/03/01 23:44:06 | 000,143,360 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\dcpr.dll

[2010/03/01 23:44:06 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\deploy.dll

[2010/03/01 23:44:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\deploytk.dll

[2010/03/01 23:44:06 | 000,016,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\dt_shmem.dll

[2010/03/01 23:44:06 | 000,013,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\dt_socket.dll

[2010/03/01 23:44:06 | 000,069,632 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\eula.dll

[2010/03/01 23:44:06 | 000,339,968 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\fontmanager.dll

[2010/03/01 23:44:06 | 000,015,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\hpi.dll

[2010/03/01 23:44:06 | 000,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\hprof.dll

[2010/03/01 23:44:06 | 000,098,304 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\instrument.dll

[2010/03/01 23:44:06 | 000,012,800 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\ioser12.dll

[2010/03/01 23:44:06 | 000,007,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\j2pcsc.dll

[2010/03/01 23:44:06 | 000,041,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\j2pkcs11.dll

[2010/03/01 23:44:08 | 000,010,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jaas_nt.dll

[2010/03/01 23:44:10 | 000,126,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\java.dll

[2010/03/01 23:44:10 | 000,014,336 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\java_crw_demo.dll

[2010/03/01 23:44:12 | 000,005,120 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jawt.dll

[2010/03/01 23:44:02 | 000,036,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\JdbcOdbc.dll

[2010/03/01 23:44:12 | 000,167,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jdwp.dll

[2010/03/01 23:44:12 | 000,208,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jkernel.dll

[2010/03/01 23:44:12 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jli.dll

[2010/03/01 23:44:12 | 000,108,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jp2iexp.dll

[2010/03/01 23:44:12 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jp2native.dll

[2010/03/01 23:44:12 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jp2ssv.dll

[2010/03/01 23:44:12 | 000,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jpeg.dll

[2010/03/01 23:44:12 | 000,098,304 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jpicom.dll

[2010/03/01 23:44:12 | 000,110,592 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jpiexp.dll

[2010/03/01 23:44:12 | 000,098,304 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jpinscp.dll

[2010/03/01 23:44:12 | 000,065,536 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jpioji.dll

[2010/03/01 23:44:12 | 000,126,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jpishare.dll

[2010/03/01 23:44:12 | 000,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jsound.dll

[2010/03/01 23:44:12 | 000,018,432 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jsoundds.dll

[2010/03/01 23:44:14 | 000,018,432 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\management.dll

[2010/03/01 23:44:14 | 000,602,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\mlib_image.dll

[2010/03/01 23:44:14 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\msvcr71.dll

[2010/03/01 23:44:14 | 000,266,293 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\msvcrt.dll

[2010/03/01 23:44:14 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\net.dll

[2010/03/01 23:44:14 | 000,020,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\nio.dll

[2010/03/01 23:44:14 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\npdeploytk.dll

[2010/03/01 23:44:14 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\npjpi160_16.dll

[2010/03/01 23:44:14 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\npjpi160_18.dll

[2010/03/01 23:44:14 | 000,131,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\npoji610.dll

[2010/03/01 23:44:14 | 000,008,192 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\npt.dll

[2010/03/01 23:44:14 | 000,266,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\regutils.dll

[2010/03/01 23:44:14 | 000,005,120 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\rmi.dll

[2010/03/01 23:44:14 | 000,131,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\splashscreen.dll

[2010/03/01 23:44:14 | 000,321,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\ssv.dll

[2010/03/01 23:44:14 | 000,016,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\sunmscapi.dll

[2010/03/01 23:44:14 | 000,245,400 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\unicows.dll

[2010/03/01 23:44:14 | 000,061,440 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\unpack.dll

[2010/03/01 23:44:14 | 000,031,744 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\verify.dll

[2010/03/01 23:44:14 | 000,024,701 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\w2k_lsa_auth.dll

[2010/03/01 23:44:14 | 000,108,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\wsdetect.dll

[2010/03/01 23:44:14 | 000,047,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\zip.dll

[2010/03/01 23:44:06 | 002,641,920 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\client\jvm.dll

[2010/03/01 23:44:14 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\new_plugin\msvcr71.dll

[2010/03/01 23:44:14 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\new_plugin\npdeploytk.dll

[2010/03/01 23:44:14 | 000,065,536 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\new_plugin\npjp2.dll

[2010/03/01 23:44:16 | 000,152,576 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\lib\deploy\lzma.dll

[2010/03/01 23:44:16 | 000,079,648 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\lib\deploy\jqs\ie\jqs_plugin.dll

[2007/04/25 13:15:14 | 000,006,144 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\afix\ocfcheck.dll

[2007/04/25 13:15:14 | 000,010,800 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\afix\wsfixchk.dll

[2007/04/25 13:15:20 | 000,063,024 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\ocp\instSup.dll

[2007/04/25 13:15:20 | 000,015,920 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\ocp\ocpchk.dll

[2007/04/25 13:15:22 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\sysinfo\SiNdInst.dll

[2007/04/25 13:15:22 | 000,006,144 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\tb\tbinst.dll

[2007/04/25 13:15:22 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\tpspd\DaclDll.dll

[2007/04/25 13:15:22 | 000,057,344 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\tpspd\tsverchk.dll

[2007/04/25 13:15:22 | 000,049,152 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4080\comps\vwpt\AOLVPChk.dll

[2007/10/27 13:33:28 | 000,011,312 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\acs\ecuchk.dll

[2007/10/27 13:33:28 | 000,006,144 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\afix\ocfcheck.dll

[2007/10/27 13:33:28 | 000,010,800 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\afix\wsfixchk.dll

[2007/10/27 13:33:28 | 000,067,120 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\ccu\instSup.dll

[2007/10/27 13:33:28 | 000,015,920 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\ccu\ocpchk.dll

[2007/10/27 13:33:28 | 000,075,104 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\ocp\instSup.dll

[2007/10/27 13:33:28 | 000,015,712 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\ocp\ocpchk.dll

[2007/10/27 13:33:28 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\sysinfo\SiNdInst.dll

[2007/10/27 13:33:28 | 000,006,144 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\tb\tbinst.dll

[2007/10/27 13:33:28 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\tpspd\DaclDll.dll

[2007/10/27 13:33:28 | 000,057,344 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\tpspd\tsverchk.dll

[2007/10/27 13:33:28 | 000,049,152 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\vwpt\AOLVPChk.dll

[2011/01/13 17:37:56 | 000,046,408 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\AcsInstA.dll

[2011/01/13 17:37:56 | 000,011,080 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\ecuchk.dll

[2011/01/13 17:37:56 | 000,472,912 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\gui.dll

[2011/01/13 17:37:56 | 000,094,032 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\instph.dll

[2011/01/13 17:37:56 | 000,075,088 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\instSup.dll

[2011/01/13 17:37:52 | 000,046,408 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\AcsInstA.dll

[2011/01/13 17:37:52 | 000,038,216 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\AcsInstC.dll

[2011/01/13 17:37:58 | 000,074,536 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\instSup.dll

[2011/01/13 17:37:58 | 000,015,144 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\ocpchk.dll

[2011/01/13 17:38:00 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\sysinfo\SiNdInst.dll

[2011/01/13 17:37:56 | 000,048,640 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\tb\tbinst.dll

[2011/01/13 17:37:58 | 000,057,856 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\tpspd\Dacldll.dll

[2011/01/13 17:37:58 | 000,050,176 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\tpspd\tsverchk.dll

[2011/01/13 17:37:50 | 000,049,152 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\vwpt\AOLVPChk.dll

[2009/07/08 13:46:04 | 000,011,312 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\acs\ecuchk.dll

[2008/11/06 07:47:04 | 000,006,144 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\afix\ocfcheck.dll

[2009/07/08 13:45:54 | 000,010,800 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\afix\wsfixchk.dll

[2009/07/08 13:45:55 | 000,067,120 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ccu\instSup.dll

[2009/07/08 13:45:53 | 000,015,920 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ccu\ocpchk.dll

[2009/07/08 13:43:26 | 000,075,104 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ocp\instSup.dll

[2009/07/08 13:43:12 | 000,015,712 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ocp\ocpchk.dll

[2008/11/06 07:47:03 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\sysinfo\SiNdInst.dll

[2008/11/06 07:47:03 | 000,006,144 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\tb\tbinst.dll

[2008/11/06 07:47:03 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\tpspd\Dacldll.dll

[2008/11/06 07:47:03 | 000,057,344 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\tpspd\tsverchk.dll

[2008/11/06 07:47:02 | 000,049,152 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\vwpt\AOLVPChk.dll

[2007/04/13 19:37:55 | 000,006,144 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\afix\ocfcheck.dll

[2007/04/13 19:33:52 | 000,010,800 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\afix\wsfixchk.dll

[2007/04/13 19:38:13 | 000,063,024 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\ocp\instSup.dll

[2007/04/13 19:30:03 | 000,015,920 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\ocp\ocpchk.dll

[2007/04/13 19:33:50 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\sysinfo\SiNdInst.dll

[2007/04/13 19:29:49 | 000,006,144 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\tb\tbinst.dll

[2007/04/13 19:38:24 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\tpspd\DaclDll.dll

[2007/04/13 19:31:40 | 000,057,344 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\tpspd\tsverchk.dll

[2007/04/13 19:30:00 | 000,049,152 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_US_0.1.3.1\comps\vwpt\AOLVPChk.dll

[2010/03/05 17:06:56 | 000,083,792 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\TEMP\ProgUpd.dll

[2010/05/12 17:38:12 | 000,075,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_de.dll

[2010/05/12 17:38:16 | 000,075,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_en.dll

[2010/05/12 17:38:16 | 000,075,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_es.dll

[2010/05/12 17:38:20 | 000,075,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_fr.dll

[2010/05/12 17:38:18 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_ja.dll

[2010/05/12 17:38:22 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_ko.dll

[2010/05/12 17:38:16 | 000,075,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_ru.dll

[2010/05/12 17:38:16 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_zh-CN.dll

[2010/05/12 17:38:20 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_zh-TW.dll

[2010/07/01 11:59:28 | 000,255,472 | ---- | M] (RocketLife) -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\ContentMan.dll

[2010/07/01 11:59:28 | 000,140,784 | ---- | M] (RocketLife) -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\RLPNUpload.dll

[2010/07/01 11:59:26 | 001,148,400 | ---- | M] (RocketLife) -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\RocketEngine.dll

[2012/09/12 13:40:34 | 000,009,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iolo\fileinfo.dll

[2012/09/12 13:39:47 | 000,187,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iolo\SCU\config.dll

[2012/08/03 16:18:28 | 000,081,728 | ---- | M] (iolo technologies, LLC) -- C:\Documents and Settings\All Users\Application Data\iolo\TempResources\Corvus.dll

[2012/08/03 17:39:26 | 001,183,856 | ---- | M] (iolo technologies, LLC) -- C:\Documents and Settings\All Users\Application Data\iolo\TempResources\Res_55FD1D5A7AEF4DA38FAFA71B2A52FFC7.dll

[2013/03/15 03:21:32 | 007,108,640 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FF1D7E2-9E7B-48DC-9094-627BA69C21A9}\mpengine.dll

[2013/03/15 03:21:32 | 007,108,640 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

[2010/11/16 13:01:26 | 006,273,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{60DA00D6-E281-411C-84B1-A4C686E93A64}\mpengine.dll

[2010/03/10 00:47:42 | 005,283,152 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

[2007/03/09 12:25:14 | 002,321,288 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpEngine.dll

[2006/05/31 19:46:46 | 001,347,584 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll

[2011/07/06 23:03:35 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll

[2011/07/06 23:03:36 | 000,349,376 | ---- | M] (RealPlayer) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

[2011/07/06 23:03:36 | 000,046,080 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

[2011/07/06 23:03:36 | 000,046,592 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordlegacyext.dll

[2011/07/06 23:03:35 | 000,386,264 | ---- | M] (RealPlayer) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

[2011/07/06 23:03:36 | 000,029,184 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[2011/07/06 23:03:36 | 000,019,968 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[2011/07/06 23:03:36 | 000,046,592 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

[2011/07/06 23:03:36 | 000,046,592 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

[2011/07/06 23:03:37 | 000,046,592 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

[2011/07/06 23:03:37 | 000,046,592 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

[2012/09/06 18:48:41 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

[2013/02/08 09:28:14 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

[2013/02/08 09:28:14 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

[2012/09/06 18:48:41 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

[2010/07/31 19:43:36 | 000,532,480 | ---- | M] (WorldWinner) -- C:\Documents and Settings\All Users\Application Data\WorldWinner\bejeweled\bejeweled.dll

[2010/07/31 15:52:47 | 000,339,968 | ---- | M] (WorldWinner) -- C:\Documents and Settings\All Users\Application Data\WorldWinner\dealornodeal\dealornodeal.dll

[2010/07/31 20:00:49 | 000,618,496 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WorldWinner\familyfeud2\familyfeud2.dll

[2007/07/18 00:03:09 | 000,137,216 | ---- | M] (Firelight Firelight Technologies Pty, Ltd) -- C:\Documents and Settings\All Users\Application Data\WorldWinner\shared\fmod.dll

< %APPDATA%\*. >

[2008/05/05 17:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\5600-6600 Series

[2009/08/25 12:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\AbleFaxTifView

[2008/01/19 19:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Acoustica

[2012/05/13 12:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Adobe

[2007/04/13 21:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\AdobeUM

[2007/04/19 21:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Ahead

[2013/03/28 17:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Amazon

[2008/02/18 20:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Antepo-ACCEPT

[2011/03/25 06:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\AOL

[2012/03/13 21:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Apple Computer

[2007/12/26 13:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\ArcSoft

[2009/07/05 12:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\ATI

[2008/08/04 12:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Auslogics

[2009/07/19 13:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\AVS4YOU

[2010/07/14 19:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\BBLite.1C8FCB66D507A5DBA729DC95068F311B51E8F16C.1

[2012/08/11 14:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\BBViewer

[2011/07/06 01:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\BigBrotherLite

[2011/09/03 21:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Catalina Marketing Corp

[2012/04/28 14:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant

[2008/12/02 11:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Corel

[2011/08/29 07:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\DAEMON Tools Lite

[2007/08/29 09:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\DialogCoach

[2012/04/08 12:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\DiskAid

[2007/10/02 21:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\dvdcss

[2012/09/06 09:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\FileZilla

[2008/04/25 07:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\flashpaste

[2009/11/20 20:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GetRightToGo

[2008/10/21 12:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Google

[2010/04/23 17:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GrabPro

[2007/09/27 05:48:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Mom\Application Data\Gtek

[2007/08/28 13:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Help

[2007/04/14 19:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Hewlett-Packard

[2007/06/29 21:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\HP

[2012/11/26 12:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\HpUpdate

[2008/01/23 06:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\ICAClient

[2004/08/10 13:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Identities

[2010/04/23 17:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\IEPro

[2010/05/05 06:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Inbit

[2008/02/05 19:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\InstallShield

[2008/08/13 20:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Interactive Intelligence

[2010/11/30 20:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Intuit

[2012/09/12 17:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\iolo

[2007/05/03 08:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Jasc Software Inc

[2011/03/31 08:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Juniper Networks

[2012/12/30 18:58:49 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mom\Application Data\KB936782_WMP11

[2013/01/02 12:03:31 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mom\Application Data\KB954154_WM11

[2013/01/02 12:04:11 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mom\Application Data\KB961371

[2012/12/30 19:24:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mom\Application Data\KB981852

[2007/04/18 16:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech

[2008/05/05 16:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Lexmark Productivity Studio

[2011/02/18 14:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Macromedia

[2008/11/21 16:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Malwarebytes

[2013/03/27 19:09:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Mom\Application Data\Microsoft

[2010/12/02 16:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MixMeister Technology

[2012/09/06 10:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Mozilla

[2008/04/27 19:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\NCH Swift Sound

[2008/05/09 17:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Nokia

[2008/05/09 17:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\PC Suite

[2008/09/03 19:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Pogo Games

[2011/09/03 21:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Real

[2008/08/25 14:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Reallusion

[2009/10/07 18:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Red Kawa

[2008/11/24 09:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Saba

[2011/09/03 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Sammsoft

[2012/05/11 12:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Skype

[2011/02/21 12:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\skypePM

[2007/04/17 05:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Snapfish

[2007/04/20 19:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Sonic

[2007/09/17 14:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Sony Corporation

[2012/05/13 12:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2009/10/09 11:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Stamps.com Internet Postage

[2013/03/29 06:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Strongvault

[2007/04/13 16:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Sun

[2012/09/06 18:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\SUPERAntiSpyware.com

[2013/02/15 10:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\SynthMaker

[2008/02/02 18:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\System Tweaker

[2011/10/31 23:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\TuneAid

[2008/02/02 15:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Uniblue

[2008/10/07 18:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Unreal Streaming

[2013/03/28 09:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\uTorrent

[2010/05/05 06:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Ventrilo

[2011/11/28 20:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Visan

[2007/05/03 06:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Visicom Media

[2007/05/01 11:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\vlc

[2011/01/25 17:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\webex

[2012/12/30 18:58:50 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mom\Application Data\Windows XP Service Pack

[2007/11/29 16:50:18 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Mom\Application Data\yahoo!

< %APPDATA%\*.exe /s >

[2011/01/09 23:05:24 | 000,075,384 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\64bitProxy.exe

[2010/11/17 16:57:22 | 000,300,400 | ---- | M] (Juniper Networks") -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsHostChecker.exe

[2010/11/17 16:57:24 | 000,234,864 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsHostCheckerProxy.exe

[2010/11/17 16:57:24 | 000,157,040 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\InstallHelper.exe

[2010/11/17 16:57:34 | 000,056,072 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\uninstall.exe

[2010/02/18 20:28:32 | 000,263,536 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe

[2010/02/18 20:28:32 | 000,043,144 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\uninstall.exe

[2010/11/09 08:31:02 | 000,132,464 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\dsmmf.exe

[2010/11/09 08:31:00 | 000,497,008 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe

[2010/11/09 08:30:20 | 000,329,496 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe

[2010/11/09 08:28:56 | 000,217,976 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\JuniperSetupXP.exe

[2010/11/09 08:31:06 | 000,050,840 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\uninstall.exe

[2010/11/09 08:28:52 | 000,062,904 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\dsmmf.exe

[2010/11/09 08:28:52 | 000,042,432 | R--- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\JuniperSetupApp.exe

[2010/11/09 08:28:54 | 000,116,080 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\JuniperSetupClient.exe

[2011/03/31 08:13:36 | 000,037,464 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\uninstall.exe

[2013/03/28 07:30:27 | 000,054,776 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011/09/14 14:56:22 | 005,147,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe

[2011/08/08 15:45:12 | 003,124,384 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

[2011/07/07 17:49:18 | 003,085,984 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

[2009/02/10 10:39:21 | 000,319,488 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

[2011/08/29 22:28:26 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Mom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

[2008/04/09 13:18:58 | 000,034,304 | R--- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Installer\{AEEB3643-71DE-414d-9E3F-1159177FE211}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe

[2009/03/02 22:44:38 | 000,000,766 | R--- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Installer\{E89B484C-B913-49A0-959B-89E836001658}\ARPPRODUCTICON.exe

[2010/03/25 12:08:26 | 013,407,072 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Real\Update\setup3.14\chr\ChromeInstaller.exe

[2010/10/22 19:10:16 | 000,190,632 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Mom\Application Data\Real\Update\setup3.14\chr_helper\LaunchHelper.exe

[2010/05/13 13:09:52 | 000,220,272 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mom\Application Data\Real\Update\setup3.14\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe

[2010/10/22 19:10:16 | 000,190,632 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Mom\Application Data\Real\Update\setup3.14\gtb_helper\LaunchHelper.exe

[2010/12/17 08:18:11 | 025,810,064 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Mom\Application Data\Real\Update\setup3.14\rp\RealPlayer.exe

[2010/11/04 19:05:08 | 000,092,328 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Mom\Application Data\Real\Update\setup3.14\ui_data\vista.exe

[2011/11/30 01:10:22 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Mom\Application Data\Real\Update\UpgradeHelper\RealPlayer\9.01\rnupgagent.exe

[2011/12/14 05:48:48 | 026,927,552 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Mom\Application Data\Real\Update\UpgradeHelper\RealPlayer\9.01\stub_data\RealPlayer.exe

[2011/11/30 04:10:25 | 000,713,472 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Mom\Application Data\Real\Update\UpgradeHelper\RealPlayer\9.01\stub_exe\RealPlayer.exe

< %APPDATA%\*.dll /s >

[2011/08/15 17:13:21 | 000,540,648 | ---- | M] (Catalina Marketing Corp.) -- C:\Documents and Settings\Mom\Application Data\Catalina Marketing Corp\BSTIEPrintCtl1.dll

[2011/01/09 23:05:24 | 000,891,000 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\AVManagerUnified.dll

[2011/01/09 23:05:24 | 000,093,816 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\CAntiVirusCOM.dll

[2010/11/17 16:57:20 | 000,065,536 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\CertAuthIMC.dll

[2011/01/09 23:05:24 | 000,036,984 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\CFireWallCOM.dll

[2010/11/17 16:56:10 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_de.dll

[2010/11/17 16:56:08 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_en.dll

[2010/11/17 16:56:08 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_es.dll

[2010/11/17 16:56:08 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_fr.dll

[2010/11/17 16:56:06 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_ja.dll

[2010/11/17 16:56:46 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_ko.dll

[2010/11/17 16:56:06 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_zh.dll

[2010/11/17 16:56:04 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsHostCheckerResource_zh_cn.dll

[2010/11/09 08:15:38 | 000,290,816 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsInstallerClient.dll

[2010/11/17 16:56:06 | 000,003,072 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsnsisdll.dll

[2010/11/09 08:16:58 | 000,299,008 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsWinClient.dll

[2010/11/09 08:17:04 | 000,025,088 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsWinClientResource_DE.dll

[2010/11/09 08:16:58 | 000,024,576 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsWinClientResource_EN.dll

[2010/11/09 08:17:04 | 000,025,088 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsWinClientResource_ES.dll

[2010/11/09 08:17:04 | 000,025,088 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsWinClientResource_FR.dll

[2010/11/09 08:18:42 | 000,023,552 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsWinClientResource_JA.dll

[2010/11/09 08:17:02 | 000,023,040 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsWinClientResource_KO.dll

[2010/11/09 08:17:00 | 000,022,528 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsWinClientResource_ZH.dll

[2010/11/09 08:17:02 | 000,022,528 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\dsWinClientResource_ZH_CN.dll

[2010/11/17 16:55:58 | 000,446,464 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\EPCheck.dll

[2011/01/09 23:05:24 | 000,180,856 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\FWManager.dll

[2010/11/17 16:56:26 | 000,110,592 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\hcimc.dll

[2011/01/09 23:05:24 | 000,101,496 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\Impl_AntivirusLib.dll

[2011/01/09 23:05:24 | 000,017,016 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\Impl_FirewallLib.dll

[2011/01/09 23:05:24 | 000,036,984 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\Impl_SoftwareProductLib.dll

[2010/11/17 16:57:08 | 000,073,728 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\JSystemIMC.dll

[2010/11/17 16:12:48 | 000,401,462 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\msvcp60.dll

[2011/01/09 23:05:24 | 000,458,360 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\OESISCore.dll

[2011/01/09 23:05:24 | 000,040,568 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\OPSWATProcessesScanner.dll

[2010/11/17 16:55:10 | 000,163,840 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\PluginClient.dll

[2010/11/17 16:56:44 | 000,118,784 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\ShavlikIMC.dll

[2010/02/18 20:08:02 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\Microsoft.VC80.CRT\msvcp80.dll

[2009/11/12 21:15:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Host Checker\Microsoft.VC80.CRT\msvcr80.dll

[2010/02/18 20:28:12 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServDt.dll

[2010/02/18 20:28:14 | 000,188,416 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServProxy.dll

[2010/02/18 20:28:22 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_DE.dll

[2010/02/18 20:28:20 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_en.dll

[2010/02/18 20:28:20 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_ES.dll

[2010/02/18 20:28:20 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_FR.dll

[2010/02/18 20:28:20 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_JA.dll

[2010/02/18 20:28:20 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_KO.dll

[2010/02/18 20:28:20 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_ZH.dll

[2010/02/18 20:28:20 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_ZH_CN.dll

[2010/02/18 20:28:10 | 000,303,104 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsWinClient.dll

[2010/02/18 20:19:52 | 000,018,944 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsWinClientResource_DE.dll

[2010/02/18 20:28:10 | 000,024,576 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsWinClientResource_EN.dll

[2010/02/18 20:19:46 | 000,018,432 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsWinClientResource_ES.dll

[2010/02/18 20:19:58 | 000,018,944 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsWinClientResource_FR.dll

[2010/02/18 20:19:36 | 000,016,896 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsWinClientResource_JA.dll

[2010/02/18 20:19:48 | 000,016,896 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsWinClientResource_KO.dll

[2010/02/18 20:19:48 | 000,016,384 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsWinClientResource_ZH.dll

[2010/02/18 20:19:48 | 000,016,384 | ---- | M] (Juniper Networks, Inc) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\dsWinClientResource_ZH_CN.dll

[2009/11/12 21:15:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\Microsoft.VC80.CRT\msvcp80.dll

[2009/11/12 21:15:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Juniper Terminal Services Client\Microsoft.VC80.CRT\msvcr80.dll

[2010/11/09 08:29:56 | 000,002,560 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\dsmmfres_de.dll

[2010/11/09 08:29:54 | 000,002,560 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\dsmmfres_es.dll

[2010/11/09 08:29:54 | 000,003,072 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\dsmmfres_fr.dll

[2010/11/09 08:29:54 | 000,002,560 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\dsmmfres_ja.dll

[2010/11/09 08:29:52 | 000,002,560 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\dsmmfres_ko.dll

[2010/11/09 08:29:52 | 000,002,560 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\dsmmfres_zh.dll

[2010/11/09 08:29:52 | 000,002,560 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\dsmmfres_zh_cn.dll

[2010/11/09 08:30:58 | 000,230,768 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\JuniperSetupDLL.dll

[2010/11/09 08:30:08 | 000,029,696 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\setupResource_de.dll

[2010/11/09 08:29:12 | 000,028,160 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\setupResource_en.dll

[2010/11/09 08:29:10 | 000,028,672 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\setupResource_es.dll

[2010/11/09 08:29:10 | 000,029,184 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\setupResource_fr.dll

[2010/11/09 08:29:10 | 000,025,088 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\setupResource_ja.dll

[2010/11/09 08:29:12 | 000,025,088 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\setupResource_ko.dll

[2010/11/09 08:29:44 | 000,023,552 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\setupResource_zh.dll

[2010/11/09 08:29:46 | 000,023,552 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup Client\setupResource_zh_cn.dll

[2010/11/09 08:27:44 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\dsmmfres_de.dll

[2010/11/09 08:27:46 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\dsmmfres_es.dll

[2010/11/09 08:27:46 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\dsmmfres_fr.dll

[2010/11/09 08:27:48 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\dsmmfres_ja.dll

[2010/11/09 08:27:48 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\dsmmfres_ko.dll

[2010/11/09 08:27:50 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\dsmmfres_zh.dll

[2010/11/09 08:27:50 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\dsmmfres_zh_cn.dll

[2010/11/09 08:28:50 | 000,116,160 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\JuniperSetupDLL.dll

[2010/11/09 08:27:52 | 000,032,768 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\setupResource_de.dll

[2010/11/09 08:27:52 | 000,032,768 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\setupResource_en.dll

[2010/11/09 08:27:54 | 000,032,768 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\setupResource_es.dll

[2010/11/09 08:27:54 | 000,032,768 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\setupResource_fr.dll

[2010/11/09 08:27:56 | 000,028,672 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\setupResource_ja.dll

[2010/11/09 08:27:56 | 000,028,672 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\setupResource_ko.dll

[2010/11/09 08:27:58 | 000,028,672 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\setupResource_zh.dll

[2010/11/09 08:27:58 | 000,028,672 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\Mom\Application Data\Juniper Networks\Setup\setupResource_zh_cn.dll

[2012/03/22 10:21:07 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connecthook.dll

[2009/10/28 17:54:56 | 000,190,976 | ---- | M] (SPIRIT) -- C:\Documents and Settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectsprd.dll

[2012/03/22 10:21:08 | 000,086,016 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\meetingconvertor.dll

[2011/02/10 11:00:00 | 000,713,728 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv307hw-1102100-0-main.dll

[2011/07/21 04:11:09 | 000,760,832 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv308cdna-1107210-0-main.dll

[2011/09/13 03:18:05 | 000,771,584 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv309a-1109130-0-main.dll

[2013/01/23 12:17:49 | 000,880,128 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv311-1301230-0-main.dll

[2010/12/27 12:58:13 | 000,371,712 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\sua-1012030-0-main.dll

[2008/10/12 14:12:54 | 000,083,464 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Mom\Application Data\Real\Update\setup\data\RUP\control.dll

[2008/10/12 14:12:54 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Real\Update\setup\data\RUP\inst_config\compat.dll

[2010/11/04 18:59:44 | 000,417,792 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Real\Update\setup3.14\ui_data\inst_config\compat.dll

[2009/11/18 16:48:10 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Real\Update\setup3.14\ui_data\inst_config\gcapi_dll.dll

[2010/11/02 16:55:34 | 000,073,344 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Real\Update\setup3.14\ui_data\inst_config\gtapi_v6.dll

[2010/11/03 16:32:22 | 000,073,408 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Real\Update\setup3.14\ui_data\inst_config\gtapi_v6_1.dll

[2003/06/19 12:05:04 | 001,015,859 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mom\Application Data\Reallusion\TTSComponent\mfc42.dll

[2003/06/19 12:05:04 | 000,286,773 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mom\Application Data\Reallusion\TTSComponent\msvcrt.dll

[2006/02/10 14:51:42 | 000,065,536 | ---- | M] (Reallusion Inc.) -- C:\Documents and Settings\Mom\Application Data\Reallusion\TTSComponent\TTSComponentCT4Res.dll

[2006/02/10 16:20:18 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Reallusion\TTSComponent\TTSEngineMSSAPI4.dll

[2006/02/10 14:57:56 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Reallusion\TTSComponent\TTSEngineMSSAPI5.dll

[2009/06/03 06:13:48 | 000,152,576 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

[2009/12/04 16:36:07 | 000,079,488 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

[2009/12/04 16:36:18 | 000,152,576 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

< %SYSTEMDRIVE%\*.exe >

[2007/04/17 12:26:07 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe

[2013/03/29 08:55:32 | 005,044,813 | R--- | M] (Swearware) -- C:\ComboFix.exe

[2013/03/28 10:54:27 | 001,898,001 | ---- | M] () -- C:\MGtools.exe

[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

[2009/11/24 06:39:03 | 000,209,536 | ---- | M] (Adobe Systems Incorporated) -- C:\uninstall_flash_player.exe

[4 C:\*.tmp files -> C:\*.tmp -> ]

< MD5 for: EXPLORER.EXE >

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

[2010/11/10 14:10:54 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=B4F4369FD47354807F2F83CA54D6F335 -- C:\WINDOWS\explorer.exe

< c:|services.ex;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2009/09/19 16:36:07 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >

[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 564 bytes -> C:\cookies.txt:1296059898.txt

< End of report >

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member kstmommy only. If you are a casual viewer, do NOT try this on your system!

If you are not kstmommy and have a similar problem, do NOT post here; start your own topic

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Open notepad and copy/paste the text in the quotebox below into it:

http://forums.malwar...howtopic=124403

KILLALL::

Driver::

cvjbhgwe

kolkgvvx

Collect::

c:\windows\system32\drivers\cvjbhgwe.sys

c:\windows\system32\drivers\kolkgvvx.sys

File::

c:\windows\system32\drivers\cvjbhgwe.sys

c:\windows\system32\drivers\kolkgvvx.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Now close all open browsers.

Close / exit Notepad.

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy / Paste the contents of C:\Combofix.txt log and tell me, How is the system now icon_question.gif

RE-Enable your AntiVirus and AntiSpyware applications.

Link to post
Share on other sites

When I click on the Avast ball, I have no options as you described. I don't see anything about Additional Protections or Sandboxes. I looked in settings and didn't see anything about sandboxes there either. I can, however, disable all shields until computer is restarted.

One more question. When I start Combofix, if it alerts me that MSE is still running (which it has in the past) should I stop and reboot, then come back and tell you? Or do you want me to run the scan anyway?

Please advise.

Link to post
Share on other sites

Do the best you can to turn off Avast.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Proceed forward with the scripted Combofix run { yes, even if it complains about MSE}

There's lots more to do after. Do have infinite patience while Combofix runs.

Link to post
Share on other sites

Ok, all done. No errors, but Combofix did complain about MSE. Still not sure why it seems to be running.

ComboFix 13-03-28.01 - Mom 03/29/2013 14:45:42.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2366 [GMT -4:00]

Running from: C:\ComboFix.exe

Command switches used :: C:\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

FILE ::

"c:\windows\system32\drivers\cvjbhgwe.sys"

"c:\windows\system32\drivers\kolkgvvx.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\explorer.exe . . . is infected!!

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_cvjbhgwe

-------\Service_kolkgvvx

.

.

((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-29 )))))))))))))))))))))))))))))))

.

.

2013-03-29 19:00 . 2013-03-29 19:00 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FF1D7E2-9E7B-48DC-9094-627BA69C21A9}\MpKslfb81673e.sys

2013-03-29 18:43 . 2013-03-29 18:43 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FF1D7E2-9E7B-48DC-9094-627BA69C21A9}\MpKsl4dd7aeb2.sys

2013-03-29 15:39 . 2013-03-29 15:39 15048 ----a-w- C:\FixitRegBackup.reg

2013-03-29 15:38 . 2013-03-29 15:38 806400 ----a-w- C:\MicrosoftFixit50692.msi

2013-03-29 12:16 . 2013-03-29 12:17 -------- d-----w- c:\program files\HitmanPro

2013-03-29 12:12 . 2013-03-29 12:12 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Updater26276

2013-03-29 12:12 . 2013-03-29 12:12 -------- d-----w- c:\program files\Deal Spy

2013-03-29 04:01 . 2013-03-15 07:21 7108640 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FF1D7E2-9E7B-48DC-9094-627BA69C21A9}\mpengine.dll

2013-03-29 03:20 . 2013-03-29 10:30 -------- d-----w- c:\documents and settings\Mom\Application Data\Strongvault

2013-03-29 03:18 . 2013-03-29 10:31 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2013-03-29 03:18 . 2013-03-29 10:31 -------- d-----w- C:\AI_RecycleBin

2013-03-28 15:43 . 2013-03-28 15:58 -------- d-----w- C:\MGtools

2013-03-28 10:41 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-03-28 10:41 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-03-28 10:41 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-03-28 10:41 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-03-28 10:41 . 2013-03-06 22:33 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-03-28 10:41 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-03-28 10:41 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-03-28 10:41 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-03-28 10:41 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe

2013-03-28 10:41 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr

2013-03-28 10:41 . 2013-03-28 10:41 -------- d-----w- c:\program files\AVAST Software

2013-03-28 10:40 . 2013-03-28 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2013-03-27 23:09 . 2013-03-27 23:19 -------- d-----w- C:\8f60095d261204a9c8041a453db3610c

2013-03-27 22:06 . 2013-03-27 22:07 -------- d-----w- c:\documents and settings\Administrator

2013-03-27 21:50 . 2013-03-15 07:21 7108640 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-03-17 19:52 . 2013-03-17 19:52 -------- d-----w- c:\program files\ESET

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-29 12:43 . 2010-11-12 02:52 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-03-28 16:55 . 2012-06-09 07:34 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-28 16:55 . 2011-07-07 21:49 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-28 15:58 . 2013-03-28 15:44 388084 ----a-w- C:\MGlogs.zip

2013-01-30 10:53 . 2009-10-03 00:36 232336 ------w- c:\windows\system32\MpSigStub.exe

2010-05-12 21:42 . 2010-05-12 21:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2010-05-12 22:22 . 2010-05-12 22:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2010-05-12 21:43 . 2010-05-12 21:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2010-05-12 21:42 . 2010-05-12 21:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2010-05-12 21:42 . 2010-05-12 21:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2010-05-12 21:41 . 2010-05-12 21:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2010-05-12 21:42 . 2010-05-12 21:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2010-05-12 21:42 . 2010-05-12 21:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2010-04-14 18:55 . 2010-04-14 18:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2010-05-12 21:43 . 2010-05-12 21:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2010-11-10 . B4F4369FD47354807F2F83CA54D6F335 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-08-09 13925480]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]

"HostManager"="c:\program files\Common Files\AOL\1176508629\ee\AOLSoftware.exe" [2010-03-08 41800]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]

backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]

backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]

backup=c:\windows\pss\Workspace Macro Pro Hotkeys.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^Antimalware Doctor.lnk]

backup=c:\windows\pss\Antimalware Doctor.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^Configuration & Monitor Utility.lnk]

backup=c:\windows\pss\Configuration & Monitor Utility.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^LivePerson.lnk]

backup=c:\windows\pss\LivePerson.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUninstallURL]

start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0ANAAzADMANAAxADMAMAAzADgALQBUADUALQBVADgANQArADEALQBLAFYAMwArADcALQBCAEEAKwAxAC0AWABMACsAMQAtAEYAUAA5ACsANgAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADIA∏=90&ver=9.0.872 [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2012-04-04 10:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]

2011-01-12 11:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]

2012-03-09 20:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]

2011-01-13 11:19 42320 ----a-w- c:\program files\AOL Desktop 9.6\aol.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2006-01-02 20:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-01-15 20:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]

2010-05-12 22:03 300472 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]

2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\aol\1176508629\ee\aolsoftware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-06-10 01:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-07-27 20:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2004-07-27 20:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5600-6600 Series Fax Server]

2008-03-20 11:24 311976 ----a-w- c:\program files\Lexmark 5600-6600 Series\fm3032.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxduamon]

2008-03-20 11:24 16040 ----a-w- c:\program files\Lexmark 5600-6600 Series\lxduamon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdumon.exe]

2008-03-20 11:24 672424 ----a-w- c:\program files\Lexmark 5600-6600 Series\lxdumon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2012-12-14 20:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-03-18 22:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2012-09-12 21:19 947176 ----a-w- c:\program files\Microsoft Security Client\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2010-08-09 03:07 13925480 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2010-08-09 03:07 110696 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2006-07-27 19:19 282624 ----a-w- c:\windows\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]

2006-05-08 09:17 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-07-07 03:03 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Common Files\\aol\\1176508629\\ee\\aolsoftware.exe"=

"c:\\Program Files\\AOL 9.0a\\waol.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Documents and Settings\\Mom\\taw\\winvnc.exe"=

"c:\\WINDOWS\\system32\\lxducoms.exe"=

"c:\\Program Files\\Lexmark 5600-6600 Series\\lxduamon.exe"=

"c:\\Program Files\\Lexmark 5600-6600 Series\\frun.exe"=

"c:\\Program Files\\Lexmark 5600-6600 Series\\lxdufax.exe"=

"c:\\Documents and Settings\\Mom\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\AOL 9.1a\\waol.exe"=

"c:\\Documents and Settings\\Mom\\My Documents\\bbviewerv11beta\\BBViewer.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\SeaMonkey\\seamonkey.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Documents and Settings\\Mom\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=

"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

"53:UDP"= 53:UDP:Promo

"8939:TCP"= 8939:TCP:Remote Assistance Local

"6948:TCP"= 6948:TCP:Remote Assistance Remote

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/28/2013 6:41 AM 49248]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/19/2009 4:36 PM 721904]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/28/2013 6:41 AM 765736]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/28/2013 6:41 AM 368176]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 7:13 PM 65584]

R1 MpKslfb81673e;MpKslfb81673e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FF1D7E2-9E7B-48DC-9094-627BA69C21A9}\MpKslfb81673e.sys [3/29/2013 3:00 PM 29904]

R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [10/3/2007 4:20 PM 63008]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 7:38 PM 116608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/28/2013 6:41 AM 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/28/2013 6:41 AM 66336]

R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [9/12/2012 2:15 PM 68464]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]

S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/28/2013 6:41 AM 164736]

S3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672]

S3 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/12/2012 2:15 PM 1027792]

S3 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]

S3 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [5/5/2008 4:39 PM 98984]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]

S3 Network ConnectorService;Network Connector Service;c:\program files\Barracuda\Network Connector\bin\network-connectorserv.exe [5/18/2010 4:28 AM 43416]

S4 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2/14/2009 8:33 AM 266240]

S4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLFB81673E

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-14 21:46 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-29 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-28 22:32]

.

2007-10-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8183164567.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 04:52]

.

2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 13:18]

.

2013-03-29 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 21:25]

.

2013-03-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-706684962-979399936-124493050-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2013-03-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-706684962-979399936-124493050-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

.

------- Supplementary Scan -------

.

uStart Page = https://portal.arise.com/Login.aspx

mStart Page = hxxp://www.aol.com/?src=customie7

uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/redir.asp?affid=105-79&installtype=force&dtag=563psc1&langid=1&systempopup=true

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

Trusted Zone: arise.com

Trusted Zone: intuit.com

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1

DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-03-29 15:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(760)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(2480)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\aol\1176508629\ee\aolupdates.exe

.

**************************************************************************

.

Completion time: 2013-03-29 15:06:31 - machine was rebooted

ComboFix-quarantined-files.txt 2013-03-29 19:06

ComboFix2.txt 2013-03-29 13:26

ComboFix3.txt 2013-03-28 02:54

ComboFix4.txt 2013-03-28 00:03

ComboFix5.txt 2013-03-29 18:44

.

Pre-Run: 26,228,686,848 bytes free

Post-Run: 26,326,970,368 bytes free

.

- - End Of File - - E011D6A5E3151CADF753658443BE212D

Link to post
Share on other sites

One more run of Combofix --- for a quick run

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member kstmommy only. If you are a casual viewer, do NOT try this on your system!

If you are not kstmommy and have a similar problem, do NOT post here; start your own topic

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

FCopy::

C:\WINDOWS\ServicePackFiles\i386\explorer.exe | C:\WINDOWS\explorer.exe

Quit::

Save this as CFScript.txt, in the same location as ComboFix.exe

Now close all open browsers.

Close / exit Notepad.

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy / Paste the contents of C:\Combofix.txt log into a new reply

Task 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Task 3

Close any open work documents, if any, saving your work.

Make sure to close any other programs that you started before.

Please download Junkware Removal Tool by Thisisu to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and display information and disclaimer in a Command prompt window.
  • I'd suggest you close all internet browsers at this point.
  • Press a key on keyboard to start scanning your system.
  • Please be very patient as this will take several minutes to complete, depending on your system's specifications.
  • There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.
  • Please post the contents of JRT.txt into a new reply.
  • Re-enable your security software.

Task 4

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe file to start the tool.
  • You will see a screen similar to this:
    Drweb-cureit-1_zps34a2f747.gif
    Click the checkbox to participate, and then click on Continue button.
  • Next
    Drweb-cureit-2_zpsee7bdcb6.gif
    Click on Select onjects for scanning
  • Next
    Drweb-cureit-3_zps137b4332.gif
    Put a checkmark by clicking on the boxes as shown.
    Do not select Temporary files or System Restore points.
    Then click on Start scanning button
  • The scan in progress will be shown like this
    Drweb-cureit-4_zps211037d0.gif
  • IF something is detected, you will see a screen similar to this
    Drweb-cureit-5_zpsd7be6acf.gif
    For each item "detected", click on the Action column down arrow, like this
    Drweb-cureit-8_zpsb099f9d5.gif
    Your options will be Cure or Ignore
    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
    Typically, you will keep the Cute default.
    Then click on the Neutralize button.
  • When the actions are completed, you will see this
    Drweb-cureit-7_zpsd290a127.gif
  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.
    Save the report to your desktop. The report will be called Cureit.log
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.

Re-Enable your antivirus program when all done.

Now tell me, How is your system now ?

Link to post
Share on other sites

Hi. I'm posting from my phone. I'm on the last scan and it's almost done. It found 3 threats so far and on two of them, the default action is "move". Is this okay or should I change it to cure? One says "probably dloader.trojan " and the other says "Adware.Bandoo.1"

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.