Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijack


  • This topic is locked This topic is locked
15 replies to this topic

#1 NSSHelp

NSSHelp

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 06 February 2012 - 02:38 PM

Browser is redirecting. Search result links redirect. I have run Malwarebytes and Emsisoft and they don't find anything. Full virus scans with eTrust and Panda online. Have attempted to run DDS twice and it appears to lock up (no results after an hour). GMER will only allow scanning of Services, Registry and Files and it doesn't show any results. Win XP Pro SP3. Thanks for any help.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,439 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:10 AM

Posted 06 February 2012 - 07:46 PM

Hi

Please run the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


NEXT


  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#3 NSSHelp

NSSHelp
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 07 February 2012 - 09:56 AM

Thanks so much for your help!

aswMBR.exe refused to run (tried in Safe Mode also). Posting OTL.txt and Extras.txt.

OTL logfile created on: 2/7/2012 8:56:08 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Danny\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 45.87% Memory free
3.85 Gb Paging File | 2.86 Gb Available in Paging File | 74.41% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.95 Gb Total Space | 4.56 Gb Free Space | 6.42% Space Free | Partition Type: NTFS
Drive S: | 192.66 Gb Total Space | 142.70 Gb Free Space | 74.07% Space Free | Partition Type: NTFS

Computer Name: DANNY | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/07 08:53:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danny\Desktop\OTL.exe
PRC - [2011/12/19 08:37:16 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/12/19 08:37:06 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/12/06 09:01:24 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/09/09 09:40:31 | 000,283,888 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
PRC - [2011/09/09 09:40:31 | 000,274,432 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\Ppcl.exe
PRC - [2011/09/09 09:37:31 | 000,389,960 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoTask.exe
PRC - [2011/09/09 09:32:11 | 000,278,528 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoNmSrv.exe
PRC - [2011/09/09 09:32:11 | 000,208,896 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe
PRC - [2011/09/09 09:32:11 | 000,192,512 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRPC.exe
PRC - [2011/01/12 21:42:54 | 000,166,520 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe
PRC - [2011/01/12 21:42:52 | 000,135,288 | ---- | M] (PGP Corporation) -- C:\WINDOWS\SYSTEM32\PGPserv.exe
PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/21 01:42:06 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2010/09/21 01:41:38 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SYSTEM32\vmnetdhcp.exe
PRC - [2010/09/21 01:41:34 | 000,404,016 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SYSTEM32\vmnat.exe
PRC - [2010/09/21 00:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/03/05 23:41:25 | 000,282,624 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoWeb.exe
PRC - [2009/11/20 10:46:12 | 000,107,976 | ---- | M] () -- C:\Program Files\Century\TinyTERM\CenLPD.exe
PRC - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/07 08:58:30 | 000,009,216 | ---- | M] (Integra Specialty Care Systems, Inc.) -- C:\Program Files\Integra\Deployment\Bin\IS.WM.Deployment.ServiceProviders.IntegraUpdateService.exe
PRC - [2008/11/06 10:33:56 | 000,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
PRC - [2008/11/06 10:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
PRC - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/08 16:58:44 | 000,407,368 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\Realmon.exe
PRC - [2008/02/08 15:14:12 | 000,214,928 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\Alert\alert.exe
PRC - [2007/11/04 07:51:10 | 000,221,696 | ---- | M] () -- C:\Program Files\Task Killer\TaskKiller.exe
PRC - [2007/08/20 15:54:44 | 000,102,400 | ---- | M] (Apache Software Foundation) -- C:\Program Files\CA\SharedComponents\ThirdParty\Tomcat\5.5\bin\tomcat5.exe
PRC - [2007/06/19 11:57:38 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HP1006MC.EXE
PRC - [2007/02/05 06:57:24 | 000,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
PRC - [2005/12/20 08:44:24 | 000,870,624 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\Spyware Doctor\sdhelp.exe
PRC - [2004/02/04 00:26:42 | 000,200,704 | ---- | M] (Thinking Man Software) -- C:\Program Files\Utilities\D4\D4.exe
PRC - [2003/08/27 09:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/21 01:42:38 | 000,068,656 | ---- | M] () -- C:\Program Files\VMware\VMware Player\zlib1.dll
MOD - [2010/09/21 01:42:20 | 000,970,288 | ---- | M] () -- C:\Program Files\VMware\VMware Player\libxml2.dll
MOD - [2010/08/18 10:32:12 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Practices.EnterpriseLibrary.Common\2.0.0.0__efbecb881c9f79ff\Microsoft.Practices.EnterpriseLibrary.Common.dll
MOD - [2010/08/18 10:32:10 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Practices.EnterpriseLibrary.Logging\2.0.0.0__efbecb881c9f79ff\Microsoft.Practices.EnterpriseLibrary.Logging.dll
MOD - [2010/08/18 10:32:10 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Practices.ObjectBuilder\1.0.51205.0__efbecb881c9f79ff\Microsoft.Practices.ObjectBuilder.dll
MOD - [2010/08/18 10:32:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\IS.WM.Architecture.EnterpriseLibraryExtensions.Logging\2.0.0.0__5ef1d026e9ed3bb9\IS.WM.Architecture.EnterpriseLibraryExtensions.Logging.dll
MOD - [2010/08/16 09:57:22 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
MOD - [2010/08/16 08:10:32 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
MOD - [2010/08/16 08:10:16 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
MOD - [2010/08/16 08:09:54 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3de39eb60b9d32af46f32f6c7a88fc7f\System.Runtime.Remoting.ni.dll
MOD - [2010/08/16 08:09:34 | 001,116,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
MOD - [2010/08/16 07:50:57 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
MOD - [2010/08/16 07:50:42 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
MOD - [2010/08/16 07:50:29 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
MOD - [2010/08/16 07:49:39 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
MOD - [2009/11/20 10:46:12 | 000,107,976 | ---- | M] () -- C:\Program Files\Century\TinyTERM\CenLPD.exe
MOD - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/01/29 04:19:34 | 000,151,552 | ---- | M] () -- C:\Program Files\Trend Micro\RUBotted\libexpat.dll
MOD - [2007/12/15 03:41:56 | 000,430,174 | ---- | M] () -- C:\Program Files\Trend Micro\RUBotted\sqlite3.dll
MOD - [2007/11/04 07:51:10 | 000,221,696 | ---- | M] () -- C:\Program Files\Task Killer\TaskKiller.exe
MOD - [2007/02/05 06:57:22 | 000,974,848 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_crypto.dll
MOD - [2007/02/05 06:57:22 | 000,798,720 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\libeay32.dll
MOD - [2007/02/05 06:57:22 | 000,184,320 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_ssl.dll
MOD - [2007/02/05 06:57:22 | 000,155,648 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\ssleay32.dll
MOD - [2007/02/05 06:57:22 | 000,073,728 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\zlib.dll
MOD - [1999/03/08 03:40:00 | 000,199,952 | ---- | M] () -- C:\WINDOWS\SYSTEM32\cwbrw.dll
MOD - [1999/01/08 03:40:00 | 000,065,296 | ---- | M] () -- C:\WINDOWS\SYSTEM32\cwbadnrt.dll
MOD - [1998/02/05 14:16:18 | 000,018,432 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\jDocPrc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MsaSvc)
SRV - File not found [Disabled | Stopped] -- -- (DCA Health Check)
SRV - [2011/12/19 08:37:16 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/19 08:37:06 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/09/09 09:40:31 | 000,283,888 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2011/09/09 09:37:31 | 000,389,960 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask)
SRV - [2011/09/09 09:32:11 | 000,278,528 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoNmSrv.exe -- (InoNmSrv)
SRV - [2011/09/09 09:32:11 | 000,208,896 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT)
SRV - [2011/09/09 09:32:11 | 000,192,512 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRpc.exe -- (InoRPC)
SRV - [2011/01/12 21:42:54 | 000,166,520 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service)
SRV - [2011/01/12 21:42:52 | 000,135,288 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\PGPserv.exe -- (PGPserv)
SRV - [2010/12/01 23:11:12 | 000,693,600 | ---- | M] (QS/1®) [On_Demand | Stopped] -- C:\QS1\QIA\QIA.EXE -- (QIA)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/21 01:42:06 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/09/21 01:41:38 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/09/21 01:41:34 | 000,404,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/09/21 00:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/08/19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/03/05 23:41:25 | 000,282,624 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\inoweb.exe -- (InoWeb)
SRV - [2009/11/20 10:46:12 | 000,107,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Century\TinyTERM\CenLPD.exe -- (CenLPD)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/07 08:58:30 | 000,009,216 | ---- | M] (Integra Specialty Care Systems, Inc.) [Auto | Running] -- C:\Program Files\Integra\Deployment\Bin\IS.WM.Deployment.ServiceProviders.IntegraUpdateService.exe -- (IntegraUpdateService)
SRV - [2008/11/07 08:58:30 | 000,008,704 | ---- | M] (Integra Specialty Care Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Integra\Deployment\Bin\IS.WM.Deployment.ServiceProviders.IntegraTransferService.exe -- (IntegraTransferService)
SRV - [2008/11/06 10:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted)
SRV - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/02/08 15:14:12 | 000,214,928 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE -- (Alert Notification Server)
SRV - [2007/08/20 15:54:44 | 000,102,400 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe -- (ApacheTomcatApplicationServer)
SRV - [2007/08/20 15:53:58 | 000,013,824 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\CA\eTrustITM\Apache\Bin\Apache.exe -- (ApacheContentServer)
SRV - [2007/02/05 06:57:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/12/20 08:44:24 | 000,870,624 | ---- | M] (PC Tools Research Pty Ltd) [Auto | Running] -- C:\Program Files\Spyware Doctor\sdhelp.exe -- (SDhelper)
SRV - [2005/10/04 23:00:30 | 000,090,112 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/16 16:03:50 | 000,114,786 | ---- | M] (SonicWALL, Inc.) [On_Demand | Stopped] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)
SRV - [2004/03/11 23:00:30 | 000,135,168 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2004/03/04 16:03:46 | 000,454,656 | ---- | M] (QS/1 Data Systems) [On_Demand | Stopped] -- C:\QS1\CentralClaim.exe -- (CentralClaim)
SRV - [2003/08/27 09:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [1999/03/08 03:40:00 | 000,052,496 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)


========== Driver Services (SafeList) ==========

DRV - [2011/12/19 08:37:07 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/01/12 21:42:54 | 000,300,152 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\PGPwded.sys -- (PGPwded)
DRV - [2011/01/12 21:42:54 | 000,243,832 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PGPdisk.sys -- (PGPdisk)
DRV - [2011/01/12 21:42:54 | 000,040,568 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PGPsdk.sys -- (PGPsdkDriver)
DRV - [2011/01/12 21:42:52 | 000,136,824 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\PGPfsfd.sys -- (pgpfs)
DRV - [2011/01/12 21:42:52 | 000,013,432 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Pgpwdefs.sys -- (Pgpwdefs)
DRV - [2010/09/21 01:42:46 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vmci.sys -- (vmci)
DRV - [2010/09/21 01:42:44 | 000,854,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vmx86.sys -- (vmx86)
DRV - [2010/09/21 01:42:00 | 000,023,728 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vmparport.sys -- (VMparport)
DRV - [2010/09/21 01:41:08 | 000,024,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VMkbd.sys -- (vmkbd)
DRV - [2010/09/21 01:40:08 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/09/21 01:40:04 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/09/21 00:42:32 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hcmon.sys -- (hcmon)
DRV - [2010/09/20 22:18:14 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2010/09/09 11:24:06 | 000,199,424 | R--- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\agnfilt.sys -- (agnfilt)
DRV - [2010/09/09 11:24:04 | 000,011,392 | R--- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avpnnic.sys -- (avpnnic)
DRV - [2010/08/19 12:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/07/27 03:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - [2010/07/27 03:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2010/07/27 03:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS)
DRV - [2010/05/20 14:14:52 | 000,028,184 | ---- | M] (Colasoft Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CSN5PDTS82.sys -- (CSN5PDTS82)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys -- (Tcpip6)
DRV - [2008/07/24 17:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/06/01 02:13:10 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/02 02:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\TMPassthru.sys -- (TMPassthruMP)
DRV - [2008/03/02 02:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\TMPassthru.sys -- (TMPassthru)
DRV - [2007/10/18 21:14:32 | 000,184,080 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ino_fltr.sys -- (INO_FLTR)
DRV - [2007/10/17 11:54:02 | 000,003,072 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\vncmirror.sys -- (vncmirror)
DRV - [2007/08/06 22:07:02 | 000,027,536 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2007/04/04 19:56:22 | 000,021,376 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sustucau.sys -- (SUSTUCAU)
DRV - [2007/04/04 19:50:58 | 000,038,272 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sustucap.sys -- (SUSTUCAP)
DRV - [2007/04/04 19:50:54 | 000,038,272 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sustucam.sys -- (SUSTUCAM)
DRV - [2007/02/15 19:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/09/09 04:31:39 | 000,030,988 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/12/13 15:18:50 | 000,050,048 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ikhlayer.sys -- (ikhlayer)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - [2004/07/27 10:50:52 | 000,078,032 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RCFOX.SYS -- (RCFOX)
DRV - [2004/05/05 02:25:02 | 000,023,296 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\U2S2KXP.sys -- (U2SP) USB to Serial Converter Driver(Philips)
DRV - [2004/04/22 13:22:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/03/19 17:41:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)
DRV - [2004/03/19 17:41:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/02/11 15:34:50 | 000,021,808 | ---- | M] (An Chen Computer Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\Aldebaran.sys -- (Aldebaran)
DRV - [2004/02/11 15:34:46 | 000,016,855 | ---- | M] (An Chen Computer Co., Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Achernar.sys -- (Achernar)
DRV - [2003/08/20 13:01:22 | 000,023,180 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rcvpn.sys -- (rcvpn)
DRV - [2003/07/24 18:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys -- (DNE)
DRV - [2003/07/16 11:48:39 | 000,098,176 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NBF.SYS -- (Nbf)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/05/07 08:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\V4CB011D.SYS -- (FINEPIX_PCC)
DRV - [2001/10/24 16:29:00 | 000,017,992 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w940nd.sys -- (w89c940)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.cjob.com/other/audiovault.html"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.608
FF - prefs.js..extensions.enabledItems: [email protected]:6.2.0.743
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.1C
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.21.0.11
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=50395&ei=utf-8&yahoo_domain=search.yahoo.com&p="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@IBM.com/WDPlugin,version=1: C:\Program Files\Mozilla Firefox\plugins [2012/01/20 09:04:11 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=TechPreview: C:\Program Files\Photosynth\Tech Preview\nppsynth.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@IBM.com/WDPlugin,version=1: C:\Program Files\Mozilla Firefox\plugins [2012/01/20 09:04:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/06 09:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/24 08:35:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/20 09:04:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/06 09:01:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/20 09:04:11 | 000,000,000 | ---D | M]

[2010/08/19 10:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Danny\Application Data\Mozilla\Extensions
[2010/08/19 10:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Danny\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/02/06 14:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\cni1dszr.default\extensions
[2010/03/22 08:27:12 | 000,000,000 | ---D | M] (Stealther) -- C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\cni1dszr.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2011/12/12 15:42:58 | 000,000,000 | ---D | M] (PhZilla) -- C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\cni1dszr.default\extensions\[email protected]
[2011/08/17 09:11:35 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\cni1dszr.default\extensions\[email protected]
[2012/02/02 13:55:31 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\cni1dszr.default\extensions\[email protected]
[2010/02/09 15:39:39 | 000,000,000 | ---D | M] (LogMeIn, Inc. Rescue Technician Console) -- C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\cni1dszr.default\extensions\[email protected]
[2008/06/26 07:40:29 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\cni1dszr.default\searchplugins\IMDB.xml
[2008/07/29 13:22:25 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\cni1dszr.default\searchplugins\yahoo-search.xml
[2012/01/24 08:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/21 15:23:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CNI1DSZR.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CNI1DSZR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CNI1DSZR.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CNI1DSZR.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANNY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CNI1DSZR.DEFAULT\EXTENSIONS\[email protected]
[2012/01/24 08:35:45 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2005/09/15 17:26:00 | 000,044,153 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\inspector.dll
[2004/11/12 22:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2011/09/09 08:47:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/22 11:05:11 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npdrmv2.dll
[2011/06/22 11:04:31 | 000,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\Program Files\mozilla firefox\plugins\npdsplay.dll
[2006/03/21 15:49:30 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2002/09/27 07:59:00 | 000,090,112 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NpPopup.dll
[2008/09/15 10:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2007/05/25 14:42:52 | 000,110,592 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2004/02/20 15:14:09 | 000,176,177 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/03/29 14:31:44 | 000,333,704 | ---- | M] (IBM ) -- C:\Program Files\mozilla firefox\plugins\npwdplugin821.dll
[2011/06/22 11:04:53 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npwmsdrm.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 08:38:46 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Adobe ESD Manager Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwmsdrm.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: McAfee Clinic (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMGWRAP.DLL
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: AmericanGreetings.com Popup Plugin 1.0.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NpPopup.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Turner Media Plugin 1.0.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: IBM 821 Conference Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwdplugin821.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Photosynth (Enabled) = C:\Program Files\Photosynth\Tech Preview\nppsynth.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2007/01/27 03:00:12 | 000,000,732 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (PCTools Browser Monitor) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (PC Tools)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - No CLSID value found.
O3 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\..\Toolbar\ShellBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\CwbSvStr.Exe (IBM Corporation)
O4 - HKLM..\Run: [Dimension4] C:\Program Files\Utilities\D4\D4.exe (Thinking Man Software)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrustITM\realmon.exe (CA)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - HKU\.DEFAULT..\Run: [Spyware Doctor] File not found
O4 - HKU\S-1-5-18..\Run: [Spyware Doctor] File not found
O4 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006..\Run: [Task Killer] C:\Program Files\Task Killer\TaskKiller.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/09/20 09:04:47 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/09/20 09:04:47 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/09/20 09:04:47 | 000,000,000 | ---D | M]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\PGPlsp.dll (PGP Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\PGPlsp.dll (PGP Corporation)
O15 - HKLM\..Trusted Domains: 10.0.0.35 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: 192.168.1.230 ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\..Trusted Domains: 10.0.0.35 ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\..Trusted Domains: danny ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2420842395-2170736949-2373062627-1006\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {037790A6-1576-11D6-903D-00105AABADD3} https://limeportal.ivans.com/controls/sglw2hcm.ocx (BlueZone Web-to-Host Control Module v5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab (LogMeIn Rescue Technician Console)
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} http://o.aolcdn.com/pictures/ap/Resources/2.0.10.00/cab/aolpPlugins.10.6.0.6.cab (AOL Pictures Uploader Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {A296A3EE-1F64-4E43-A166-83FC4219A825} http://192.168.1.230/docmgmtweb/Common/Setup/Client/Client.CAB (Reg Error: Key error.)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E3DEBF7A-3918-4F71-970C-5F49AFFBF1B0} http://192.168.1.230/docmgmtweb/Common/Setup/Client/DocuTrack%204.0%20Client.CAB (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2179B0FE-2DF5-4CB3-82D0-4759CAADFEA1}: NameServer = 64.89.74.2,64.89.70.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E21E39C-0F28-4B0C-8F72-06B2FD92333B}: NameServer = 64.89.70.2,64.89.74.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\TSI32\tsircusr.exe) - File not found
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 12:58:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{21c7b686-5eb7-11e0-bf3d-005056c00008}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{235b9f39-4b69-11e0-bf37-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{235b9f39-4b69-11e0-bf37-005056c00008}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{235b9f39-4b69-11e0-bf37-005056c00008}\Shell\AutoRun\command - "" = E:\StartClickfreeBackup.exe
O33 - MountPoints2\{31901e32-56c5-11df-bed1-0020781b378b}\Shell - "" = AutoRun
O33 - MountPoints2\{31901e32-56c5-11df-bed1-0020781b378b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31901e32-56c5-11df-bed1-0020781b378b}\Shell\AutoRun\command - "" = E:\StartClickFreeBackup.exe
O33 - MountPoints2\{49f73829-021c-11df-beb6-0020781b378b}\Shell - "" = AutoRun
O33 - MountPoints2\{49f73829-021c-11df-beb6-0020781b378b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49f73829-021c-11df-beb6-0020781b378b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{52dbf93f-8c69-11e0-bf47-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{52dbf93f-8c69-11e0-bf47-005056c00008}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{52dbf93f-8c69-11e0-bf47-005056c00008}\Shell\AutoRun\command - "" = E:\StartClickFreeBackup.exe
O33 - MountPoints2\{52dbf941-8c69-11e0-bf47-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{52dbf941-8c69-11e0-bf47-005056c00008}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{52dbf941-8c69-11e0-bf47-005056c00008}\Shell\AutoRun\command - "" = E:\StartClickfreeBackup.exe
O33 - MountPoints2\{63e40621-809a-11df-bedf-001111288b54}\Shell - "" = AutoRun
O33 - MountPoints2\{63e40621-809a-11df-bedf-001111288b54}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{63e40621-809a-11df-bedf-001111288b54}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{7dfcf756-e70d-11dc-be11-006073eabc69}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{9ddc62b2-6018-11de-be90-0020781b378b}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{bb089bea-5138-11df-becf-0020781b378b}\Shell - "" = AutoRun
O33 - MountPoints2\{bb089bea-5138-11df-becf-0020781b378b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bb089bea-5138-11df-becf-0020781b378b}\Shell\AutoRun\command - "" = E:\StartClickFreeBackup.exe
O33 - MountPoints2\{bb089bec-5138-11df-becf-0020781b378b}\Shell - "" = AutoRun
O33 - MountPoints2\{bb089bec-5138-11df-becf-0020781b378b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bb089bec-5138-11df-becf-0020781b378b}\Shell\AutoRun\command - "" = E:\StartClickFreeBackup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/07 08:54:27 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Danny\Desktop\aswMBR.exe
[2012/02/07 08:53:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Danny\Desktop\OTL.exe
[2012/02/06 16:18:38 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/06 15:16:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/06 15:09:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/06 15:09:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/06 15:09:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/06 15:09:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/06 14:58:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/06 10:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danny\My Documents\2012 spyware removal
[2012/02/03 08:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012/02/03 08:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danny\My Documents\Anti-Malware
[2012/02/02 17:45:46 | 000,026,696 | R--- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2012/02/01 15:31:40 | 000,000,000 | ---D | C] -- C:\bd_logs
[2012/02/01 12:40:12 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/01 12:31:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Danny\Recent
[2012/01/27 11:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danny\My Documents\OMessenger
[2012/01/27 11:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Outlook Messenger
[2012/01/27 11:13:19 | 000,495,616 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Scanner.dll
[2012/01/27 11:13:19 | 000,024,576 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\CompressZItLib6.dll
[2012/01/27 11:13:18 | 004,145,264 | ---- | C] (Kelly Ethridge) -- C:\WINDOWS\System32\vbcorlib.dll
[2012/01/27 11:13:18 | 000,856,064 | ---- | C] (Conaito) -- C:\WINDOWS\System32\EvoVoIP.dll
[2012/01/27 11:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Messenger
[2012/01/20 09:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/01/20 09:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/20 09:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/20 09:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/01/20 09:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/04 10:52:40 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2010/06/29 14:48:22 | 004,284,535 | ---- | C] (ffdshow ) -- C:\Documents and Settings\Danny\Application Data\ffdshow.exe
[2010/06/29 14:48:16 | 000,642,685 | ---- | C] (Xvid team ) -- C:\Documents and Settings\Danny\Application Data\xvid.exe
[2010/06/29 14:47:58 | 002,169,915 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\Danny\Application Data\Imgburn.exe
[2010/06/29 14:47:29 | 004,182,178 | ---- | C] (The Public) -- C:\Documents and Settings\Danny\Application Data\Avisynth.exe
[2010/05/10 10:22:08 | 000,007,168 | ---- | C] ( ) -- C:\WINDOWS\System32\SCRIPTIFACELib.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[24 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/07 08:54:27 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Danny\Desktop\aswMBR.exe
[2012/02/07 08:53:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danny\Desktop\OTL.exe
[2012/02/07 08:48:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/07 08:47:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/07 08:47:32 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2420842395-2170736949-2373062627-1006.job
[2012/02/07 08:45:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/02/07 08:45:39 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/07 08:45:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Sweeper.cfg
[2012/02/06 16:07:01 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/02/06 15:59:13 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Danny\Local Settings\Application Data\PUTTY.RND
[2012/02/06 15:16:41 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2012/02/06 15:09:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/02/06 14:22:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/06 10:07:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Danny\defogger_reenable
[2012/02/06 09:17:04 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/02/03 16:28:15 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/02/01 15:09:36 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Danny\Desktop\Shortcut to RECOVER ICONS.lnk
[2012/02/01 14:14:45 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\Danny\Desktop\Shortcut to explorer.exe.lnk
[2012/02/01 14:13:06 | 000,000,450 | ---- | M] () -- C:\Documents and Settings\Danny\Desktop\Shortcut to DANNY.lnk
[2012/02/01 12:40:13 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/01 12:40:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/01 08:46:39 | 000,002,675 | ---- | M] () -- C:\Documents and Settings\Danny\Desktop\sessiona.WS
[2012/01/31 11:49:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2420842395-2170736949-2373062627-1006.job
[2012/01/31 11:08:11 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Danny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/27 11:13:20 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\Danny\Desktop\Outlook Messenger.lnk
[2012/01/25 19:14:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/09 08:48:20 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[24 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/07 08:45:39 | 2145,439,744 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/06 15:16:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/06 15:16:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/06 15:09:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/06 15:09:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/06 15:09:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/06 15:09:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/06 15:09:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/06 10:07:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Danny\defogger_reenable
[2012/02/01 15:09:36 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Danny\Desktop\Shortcut to RECOVER ICONS.lnk
[2012/02/01 14:14:45 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\Danny\Desktop\Shortcut to explorer.exe.lnk
[2012/02/01 14:12:26 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeCommander.lnk
[2012/02/01 12:40:13 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/01 12:40:13 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/27 11:13:20 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\Danny\Desktop\Outlook Messenger.lnk
[2012/01/04 10:52:36 | 000,000,507 | ---- | C] () -- C:\WINDOWS\DKAAY2DD.ini
[2011/01/12 21:42:54 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\PGPsdk.dll.sig
[2010/10/14 11:54:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Danny\Local Settings\Application Data\PUTTY.RND
[2010/09/30 14:51:33 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Danny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 03:03:20 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/27 03:03:20 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/07/27 03:03:18 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/06/29 14:49:40 | 000,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/06/29 14:49:40 | 000,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/06/29 14:49:40 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/06/29 14:49:40 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/29 14:49:39 | 000,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/06/29 14:49:39 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/06/29 14:49:39 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/06/29 14:49:39 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/06/29 14:49:39 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/06/29 14:49:39 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/06/29 14:49:39 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/06/29 14:49:38 | 001,418,708 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/06/29 14:49:38 | 000,695,906 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2010/06/29 14:49:38 | 000,033,790 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010/06/29 14:49:32 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/29 14:49:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/22 12:50:34 | 000,090,411 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/06/21 15:39:59 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/07 17:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 17:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/04/28 22:10:26 | 000,177,440 | ---- | C] () -- C:\WINDOWS\System32\QWriter001.dll
[2010/02/08 12:24:49 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/12/17 16:48:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/10/14 14:02:23 | 000,028,205 | ---- | C] () -- C:\Documents and Settings\Danny\Application Data\Comma Separated Values (Windows).ADR
[2009/09/24 08:52:01 | 000,062,692 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/14 15:40:38 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2009/09/14 15:40:38 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2009/01/27 10:50:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/08/26 10:00:54 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008/08/26 10:00:54 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/08/26 10:00:53 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/07/25 13:42:39 | 000,000,114 | ---- | C] () -- C:\WINDOWS\Winsus0.dat
[2008/07/08 13:02:11 | 000,000,731 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/06/19 09:04:39 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/06/01 02:13:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/04/25 09:11:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\qbmpcap32.dll
[2008/02/12 15:57:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2008/02/12 15:57:01 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/11/06 18:07:28 | 000,000,181 | ---- | C] () -- C:\WINDOWS\System32\gacutil.exe.config
[2007/09/04 15:25:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/05/18 13:22:59 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\QCrxRun.dll
[2007/05/18 13:22:59 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\CrxRun.dll
[2007/05/18 13:22:59 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\Crx3.dll
[2007/05/17 19:06:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/02/26 10:47:40 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\mxsptool.dll
[2007/01/15 12:58:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2006/12/04 10:56:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2006/11/02 11:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006/10/28 13:10:44 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2006/09/26 15:46:54 | 000,000,240 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2006/09/12 09:18:49 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/29 11:57:45 | 000,003,472 | ---- | C] () -- C:\WINDOWS\setscan.ini
[2006/08/28 10:06:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI
[2006/08/28 10:05:59 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NILaunch.exe
[2006/08/28 10:05:57 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\NIUninstall.exe
[2006/08/28 10:04:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2006/08/25 10:04:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Danny\Application Data\dm.ini
[2006/02/01 11:53:51 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/26 14:26:50 | 000,000,291 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2006/01/26 14:06:34 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2006/01/26 14:06:31 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2006/01/26 14:01:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/01/26 13:59:37 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2005/11/29 19:32:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/29 08:47:39 | 000,000,081 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/09/29 08:47:39 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/09/20 15:13:55 | 000,002,699 | ---- | C] () -- C:\WINDOWS\GWSFILTR.INI
[2005/09/20 13:44:52 | 000,000,041 | ---- | C] () -- C:\WINDOWS\gwspcam.ini
[2005/09/20 13:44:44 | 000,212,992 | ---- | C] () -- C:\WINDOWS\ALCHUNIN.EXE
[2005/09/08 08:35:47 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/07/07 14:13:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/06/22 07:19:00 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2005/01/03 10:34:35 | 000,000,026 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2004/11/18 10:20:17 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2004/11/10 10:14:52 | 000,006,618 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/10/26 14:04:36 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Danny\Application Data\PFP120JPR.{PB
[2004/10/26 14:04:36 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Danny\Application Data\PFP120JCM.{PB
[2004/10/13 09:32:32 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\B45AEC0060.sys
[2004/10/13 09:32:31 | 000,012,208 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/10/12 01:40:58 | 004,482,647 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 01:39:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 01:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 01:40:16 | 000,832,632 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 03:16:08 | 000,557,469 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/09/27 11:04:11 | 000,000,522 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/27 08:25:27 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2004/09/27 08:25:03 | 000,199,952 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2004/09/27 08:25:03 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ldap.dll
[2004/09/27 08:25:03 | 000,038,672 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2004/09/27 08:25:03 | 000,007,440 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2004/09/27 08:25:00 | 000,065,296 | ---- | C] () -- C:\WINDOWS\System32\cwbadnrt.dll
[2004/09/24 14:44:07 | 000,000,120 | ---- | C] () -- C:\WINDOWS\setihome.ini
[2004/09/24 14:38:29 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe
[2004/09/24 14:36:26 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/09/24 14:36:03 | 000,014,149 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/09/21 21:46:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/21 21:42:07 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/09/21 21:37:30 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/09/21 21:37:28 | 000,000,230 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/21 21:25:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/09/21 21:24:26 | 000,487,934 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/09/21 21:24:26 | 000,082,474 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/09/21 21:24:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/21 21:12:04 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/19 16:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/05/26 15:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2004/03/20 13:22:58 | 000,312,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/03/20 13:21:34 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/20 12:58:20 | 000,004,372 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/20 12:55:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/03/19 17:41:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/03/19 17:41:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/03/19 17:40:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/03/19 17:39:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/03/19 17:39:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/03/19 17:36:56 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/03/19 17:35:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002/09/03 08:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 08:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/12/03 16:50:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\LTTLS13N.DLL
[2001/12/03 16:50:20 | 000,708,608 | R--- | C] () -- C:\WINDOWS\System32\LTCRY13N.DLL
[2001/10/23 14:43:02 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2001/10/04 14:40:54 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/07/07 06:49:30 | 000,069,120 | R--- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/04/12 16:28:12 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 16:24:10 | 000,338,944 | R--- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1999/03/10 20:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1998/01/13 20:23:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/14 20:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1994/07/25 20:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 20:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/08/08 15:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2011/04/13 07:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/03/17 07:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClickFreeTformer
[2010/10/12 14:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Colasoft Capsa 7 Free
[2008/06/19 09:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2007/01/02 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2007/07/16 08:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/02/08 13:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/01/19 09:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2012/02/07 08:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/08/24 11:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardian
[2008/06/17 07:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PGP Corporation
[2008/09/05 13:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/06/19 09:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2006/03/03 13:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/12/12 08:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/08 10:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/20 09:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/03/25 09:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/05 10:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/15 12:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/14 08:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/10/19 11:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\.ABC
[2011/03/23 08:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Amazon
[2011/03/04 12:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\BlueZone
[2011/03/04 12:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\BlueZone Web
[2011/09/29 15:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\calibre
[2008/12/19 12:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Canneverbe_Limited
[2009/07/07 15:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Canon
[2010/10/12 14:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Colasoft Capsa 7 Free
[2010/10/12 14:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Colasoft MAC Scanner
[2011/06/22 15:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2008/02/11 13:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\cYo
[2006/07/06 10:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\DeepBurner
[2011/12/12 15:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\ElevatedDiagnostics
[2011/11/09 13:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\FrostWire
[2008/10/01 08:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\GetRightToGo
[2011/12/08 10:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\gtk-2.0
[2009/12/17 14:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\HandBrake
[2009/06/18 08:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Kernel for Outlook
[2004/09/28 13:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Leadertech
[2008/07/25 14:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\LG Electronics
[2012/02/01 11:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\LogMeIn Rescue
[2005/05/25 12:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Musicmatch
[2006/09/26 15:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Opera
[2011/06/30 12:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\PGP Corporation
[2011/11/09 11:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Product_RM
[2011/11/09 13:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Registry Mechanic
[2011/08/08 16:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Sierra Wireless
[2009/07/08 14:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Snapfish
[2005/01/11 09:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\spweng
[2011/09/14 15:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\TeamViewer
[2010/08/19 10:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Thunderbird

[2007/02/08 10:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Viewpoint
[2005/03/08 12:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\WebCompiler3
[2008/09/26 12:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PeerNetworking
[2012/02/06 16:07:01 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/06 08:52:40 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2000/02/25 17:34:56 | 000,028,672 | ---- | M] () -- C:\namecheck.exe
[2010/04/27 10:04:06 | 000,333,176 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\PsGetsid.exe
[2007/02/26 10:54:24 | 005,182,897 | ---- | M] (InstallShield Software Corporation) -- C:\QWIN32.EXE


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\pebuilder3110a\BartPE\I386\EXPLORER.EXE
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\UBCD4Win\BartPE\I386\EXPLORER.EXE
[2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2004/03/19 17:43:22 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\I386\SVCHOST.EXE
[2004/03/19 17:43:22 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\XPSETUP\I386\SVCHOST.EXE
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SVCHOST.EXE
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\SVCHOST.EXE
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\USERINIT.EXE
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\UBCD4Win\BartPE\I386\SYSTEM32\USERINIT.EXE
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe
[2004/03/19 17:44:02 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\I386\USERINIT.EXE
[2004/03/19 17:44:02 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\XPSETUP\I386\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\WINLOGON.EXE
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\UBCD4Win\BartPE\I386\SYSTEM32\WINLOGON.EXE
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/03/19 17:44:38 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\I386\WINLOGON.EXE
[2004/03/19 17:44:38 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\XPSETUP\I386\WINLOGON.EXE
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< %systemroot%\*. /rp /s >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
--------------------

OTL Extras logfile created on: 2/7/2012 8:56:08 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Danny\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 45.87% Memory free
3.85 Gb Paging File | 2.86 Gb Available in Paging File | 74.41% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.95 Gb Total Space | 4.56 Gb Free Space | 6.42% Space Free | Partition Type: NTFS
Drive S: | 192.66 Gb Total Space | 142.70 Gb Free Space | 74.07% Space Free | Partition Type: NTFS

Computer Name: DANNY | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2420842395-2170736949-2373062627-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LapLink Gold\laplink.exe" = C:\Program Files\LapLink Gold\laplink.exe:*:Enabled:LAPLINK Core Component -- (Laplink Software, Inc.)

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Utilities\D4\D4.exe" = C:\Program Files\Utilities\D4\D4.exe:*:Enabled:Dimension 4 -- (Thinking Man Software)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1119442462\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1119442462\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
"C:\Program Files\AT&T Global Network Client\SwiApiMux.exe" = C:\Program Files\AT&T Global Network Client\SwiApiMux.exe:*:Enabled:SwiApiMux


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell Printer Software
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{16115E10-502B-4EA0-BD39-4DA329AD89E2}" = BELKIN F5U109 V1.25
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18B05B3E-DD9F-426D-BCFE-AD9ECFCEDD83}" = Color Network ScanGear Ver.2.40
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A8C25A4-A90A-4A0E-91DD-37535507476A}" = LogMeIn Rescue Technician Console
"{1AB6D796-D425-43BA-BF7A-4B13B31EFAFC}" = QS/1 Install Agent
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3BFC7D0F-FA4A-4FDC-AA03-440655EA656A}" = TBS WMP Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F143DF7-BC6E-416C-95EE-C54DFC2197F6}" = Dell Open Print Driver
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{42146C53-4D93-46EF-A221-734B08978E1B}" = calibre
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4767A7DE-5B5E-4F91-B122-3CD67CC0C5A0}" = Photosynth
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{4A2635AD-91E0-4758-BD1E-CA57C9294F1F}" = CA eTrustITM Server
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5E2E45DB-F072-4D21-AC50-D24A1567DB25}" = QS/1 Support Library 1.0
"{5E8667DE-152D-4B3B-BDE8-490E68B92B57}" = Visual IP Trace
"{66CB06A1-E371-44E7-BAE4-E1BAE3E2C25C}" = Medicare Remit EasyPrint
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7003C4ED-D11B-4642-BAB2-F57507F2FE2B}" = QS/1 Systems Support Library
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F18F75E-A395-4273-A73E-C87CD0705D9B}" = PGP Desktop
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{847501DF-07C0-4691-B04A-893929F108AE}" = CA iTechnology iGateway
"{85F88F9C-6EB2-426B-88AB-28DA4A3526B9}" = CA eTrustITM Agent
"{87B481FA-1E4A-40B0-80C3-157E9770F436}" = DataPilot Pix 'n Tunes
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8EAC1D0C-80BA-4077-932A-7E9E2F680845}" = HPScanjet5590Corporate11
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{935FF092-EEBA-4E97-8C1B-CD2364F392A4}" = Dimension 4 v5.0
"{936CFA73-585F-4F5E-AB62-1350FE16E5FC}" = DocuTrack 4.6 Client
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}" = Readiris Pro 8
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1" = Free FLAC to MP3 Converter 1.0
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B83245C1-AB8A-40C1-91C0-CEDBDB84255D}" = LG PhoneManager
"{B93A5C71-1F05-47c6-A9CD-DB6183CC8B30}" = Canon MF4360-4390
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC5FDFC6-D617-11D6-86D3-00055DF3561E}" = Presto! PageManager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3E7C1CF-273D-4933-A9C6-85856EB6DF26}" = Integra Update Service 1.6
"{C461C56A-BAA1-4EF3-AEE0-8F31B17F58CA}" = F9 4.5 Professional Large (Btrieve)
"{C51FF2C4-74FE-43D8-ADE7-901BCC8C9636}" = QS/1 Server
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CC12B3AC-0A75-4F85-8BC9-89D440BE3846}" = HP Photo and Imaging 2.5 - Scanjet 5590 Series
"{CC52B2B2-B590-4D16-96A3-57125D23E931}" = .NET Framework Machine Code Access Security Policy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4EB3F79-7F22-4151-B644-2516FA44D438}" = TinyTERM
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D81CD572-D535-43E1-8AAB-00F089FBFC21}" = Windstream Web Conferencing
"{DC09AE1B-5D67-4C05-B604-CDDFC984A221}" = QS/1 Windows Client
"{DF204E20-C29C-4434-BCFE-D9BAF76CEF8D}" = Sun ODF Plugin for Microsoft Office 3.1
"{DF930075-1C01-45CA-B023-993BF4118096}" = Microsoft Office Live Meeting 2005
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E7887F0B-066C-4D26-AFD9-62B72CF24D9A}" = SyncToy
"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.6.4-7)
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FA18C129-76C8-4223-8FAA-03C0F3BA3682}" = OpD2d
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCE50DB8-C610-4C42-BE5C-193F46C6F812}" = Windows Live Messenger
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEAA91B7-19A0-4AC9-8360-56862799EB67}" = F9 4.5 Application
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"123Suite V99.0" = Lotus 1-2-3
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"Advanced Outlook Repair v2.1" = Advanced Outlook Repair v2.1
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"burnatonce_is1" = burnatonce
"CCleaner" = CCleaner (remove only)
"ClientAccessExpress" = IBM AS/400 Client Access Express for Windows
"ClientAccessExpressSP" = SF65706
"CloneDVD2" = CloneDVD2
"Colasoft Capsa 7 Free_is1" = Colasoft Capsa 7 Free
"ComicRack" = ComicRack v0.9.144
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell_HostCD" = Dell Software Uninstall
"DPP" = Canon Utilities Digital Photo Professional 3.6
"DVD43_is1" = DVD43 v4.0.0
"EOS Utility" = Canon Utilities EOS Utility
"EVEREST Home Edition_is1" = EVEREST Home Edition v1.51
"ExcelRecovery" = ExcelRecovery
"ffdshow_is1" = ffdshow [rev 3029] [2009-07-10]
"FreeCommander_is1" = FreeCommander 2009.02b
"Gadwin PrintScreen" = Gadwin PrintScreen
"Google Chrome" = Google Chrome
"Graphic Workshop Professional" = Graphic Workshop Professional
"HijackThis" = HijackThis 1.99.1
"HitmanPro35" = Hitman Pro 3.5
"HP Commercial Scanjet 5590 TWAIN Driver" = HP Commercial Scanjet 5590 TWAIN Driver
"HP LaserJet P1500 series" = HP LaserJet P1500 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IMAPSize_is1" = IMAPSize 0.3.7
"ImgBurn" = ImgBurn
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"InstallShield_{5E2E45DB-F072-4D21-AC50-D24A1567DB25}" = QS/1 Support Library 1.0
"InstallShield_{87B481FA-1E4A-40B0-80C3-157E9770F436}" = DataPilot Pix 'n Tunes
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Lavasoft VX2 Cleaner" = Lavasoft VX2 Cleaner
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Mozilla Thunderbird 9.0.1 (x86 en-US)" = Mozilla Thunderbird 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nLite_is1" = nLite 1.4.8
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nmap" = Nmap 4.68
"NTFS4DOS" = NTFS4DOS
"nxclient_is1" = NX Client for Windows 3.5.0-7
"oggcodecs" = oggcodecs 0.71.0946
"OutlookMessenger_is1" = OutlookMessenger V6
"PE Builder_is1" = PE Builder 3.1.10a
"PeerGuardian_is1" = PeerGuardian 2.0
"Peggle Deluxe_is1" = Peggle Deluxe
"Port Magic" = Pure Networks Port Magic
"PowerISO" = PowerISO
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® PRO Network Adapters and Drivers
"Qtpfsgui_is1" = Qtpfsgui 1.9.2
"RealPlayer 15.0" = RealPlayer
"Recovery for Outlook" = Recovery for Outlook
"R-Undelete 2.1_is1" = R-Undelete v2.1
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Spyware Doctor_is1" = Spyware Doctor 3.5
"ST6UNST #1" = Snipe Timer
"Task Killer" = Task Killer (remove only)
"TeamViewer 6" = TeamViewer 6
"Tunatic" = Tunatic
"Tweak UI 2.10" = Tweak UI
"UBCD4Win_is1" = UBCD4Win 3.60
"UFRaw_is1" = UFRaw 0.14.1
"Uninstall_is1" = Uninstall 1.0.0.1
"USB Driver Vers. 3.2" = USB Driver Vers. 3.2

"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 1.1.11
"VMware_Player" = VMware Player
"VobSub" = VobSub v2.23 (Remove Only)
"VuRoom" = VuRoom
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinGTK-2_is1" = GTK+ 2.10.11 runtime environment
"winpcap-nmap" = winpcap-nmap 4.02
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"WZCLINE" = WinZip Command Line Support Add-On
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zuma Deluxe RA" = Zuma Deluxe RA

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2420842395-2170736949-2373062627-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"176B617376BCB7476A46D45F0C90807519F9A753" = Monster Resume Easy Submit
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/5/2011 11:21:58 AM | Computer Name = DANNY | Source = WinVNC4 | ID = 1
Description =

Error - 9/5/2011 12:52:53 PM | Computer Name = DANNY | Source = WinVNC4 | ID = 1
Description =

Error - 9/9/2011 9:23:12 AM | Computer Name = DANNY | Source = MsiInstaller | ID = 11704
Description = Product: CA iTechnology iGateway -- Error 1704.An installation for
CA eTrustITM Agent is currently suspended. You must undo the changes made by that
installation to continue. Do you want to undo those changes?

Error - 9/20/2011 10:00:53 AM | Computer Name = DANNY | Source = Application Hang | ID = 1002
Description = Hanging application pcsws.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/22/2011 9:46:36 AM | Computer Name = DANNY | Source = Application Hang | ID = 1002
Description = Hanging application pcsws.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2011 10:05:06 AM | Computer Name = DANNY | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 9:47:09 AM | Computer Name = DANNY | Source = MsiInstaller | ID = 11722
Description = Product: Java™ 6 Update 29 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action patchjre,
location: C:\Program Files\Java\jre6\patchjre.exe, command: -s "C:\Program Files\Java\jre6"


Error - 12/12/2011 9:34:21 AM | Computer Name = DANNY | Source = MsiInstaller | ID = 11722
Description = Product: Java™ 6 Update 29 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action patchjre,
location: C:\Program Files\Java\jre6\patchjre.exe, command: -s "C:\Program Files\Java\jre6"


Error - 1/10/2012 9:52:39 AM | Computer Name = DANNY | Source = MsiInstaller | ID = 11722
Description = Product: Java™ 6 Update 30 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action patchjre,
location: C:\Program Files\Java\jre6\patchjre.exe, command: -s "C:\Program Files\Java\jre6"


Error - 2/6/2012 4:22:45 PM | Computer Name = DANNY | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

[ OSession Events ]
Error - 9/14/2010 11:40:17 AM | Computer Name = DANNY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/3/2012 12:03:47 PM | Computer Name = DANNY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/3/2012 12:07:22 PM | Computer Name = DANNY | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 2/6/2012 10:03:19 AM | Computer Name = DANNY | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 2/6/2012 10:41:36 AM | Computer Name = DANNY | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 2/6/2012 10:43:32 AM | Computer Name = DANNY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 2/6/2012 11:42:05 AM | Computer Name = DANNY | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 2/6/2012 1:33:34 PM | Computer Name = DANNY | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 2/6/2012 2:15:59 PM | Computer Name = DANNY | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 2/7/2012 9:41:53 AM | Computer Name = DANNY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/7/2012 9:44:45 AM | Computer Name = DANNY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,439 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:10 AM

Posted 07 February 2012 - 06:45 PM

Please download Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#5 NSSHelp

NSSHelp
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 08 February 2012 - 09:17 AM

ListParts by Farbar
Ran by Danny on 08-02-2012 at 09:14:03
Windows XP (X86)
Running From: C:\Documents and Settings\Danny\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 36%
Total physical RAM: 2045.98 MB
Available physical RAM: 1302.04 MB
Total Pagefile: 3941.84 MB
Available Pagefile: 3283.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.2 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:70.95 GB) (Free:4.48 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive s: (Local Disk) (Network) (Total:192.66 GB) (Free:142.7 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 32 KB
Partition 2 Primary 71 GB 47 MB
Partition 3 Unknown 3585 MB 71 GB
Partition 4 Unknown 9 MB 74 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 71 GB Healthy Boot

Disk: 0
Partition 3
Type : DB
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.


****** End Of Log ******

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,439 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:10 AM

Posted 08 February 2012 - 05:59 PM

Hi

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#7 NSSHelp

NSSHelp
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 08 February 2012 - 10:08 PM

It's certainly running better.


21:30:13.0460 1324 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
21:30:13.0772 1324 ============================================================
21:30:13.0772 1324 Current date / time: 2012/02/08 21:30:13.0772
21:30:13.0772 1324 SystemInfo:
21:30:13.0772 1324
21:30:13.0772 1324 OS Version: 5.1.2600 ServicePack: 3.0
21:30:13.0772 1324 Product type: Workstation
21:30:13.0772 1324 ComputerName: DANNY
21:30:13.0772 1324 UserName: Danny
21:30:13.0772 1324 Windows directory: C:\WINDOWS
21:30:13.0772 1324 System windows directory: C:\WINDOWS
21:30:13.0772 1324 Processor architecture: Intel x86
21:30:13.0772 1324 Number of processors: 1
21:30:13.0772 1324 Page size: 0x1000
21:30:13.0772 1324 Boot type: Normal boot
21:30:13.0772 1324 ============================================================
21:30:15.0819 1324 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:30:15.0819 1324 \Device\Harddisk0\DR0:
21:30:15.0819 1324 MBR used
21:30:15.0819 1324 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x8DE6AAE
21:30:15.0866 1324 Initialize success
21:30:15.0866 1324 ============================================================
21:30:44.0272 1516 ============================================================
21:30:44.0272 1516 Scan started
21:30:44.0272 1516 Mode: Manual; TDLFS;
21:30:44.0272 1516 ============================================================
21:30:44.0850 1516 Abiosdsk - ok
21:30:44.0928 1516 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
21:30:44.0928 1516 abp480n5 - ok
21:30:45.0053 1516 Achernar (4848abf6d2f38c8a1f2138d4fe8f9455) C:\WINDOWS\system32\Drivers\Achernar.sys
21:30:45.0053 1516 Achernar - ok
21:30:45.0225 1516 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:30:45.0225 1516 ACPI - ok
21:30:45.0335 1516 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:30:45.0335 1516 ACPIEC - ok
21:30:45.0413 1516 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
21:30:45.0413 1516 adpu160m - ok
21:30:45.0507 1516 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
21:30:45.0507 1516 aeaudio - ok
21:30:45.0632 1516 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:30:45.0632 1516 aec - ok
21:30:45.0757 1516 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:30:45.0757 1516 AFD - ok
21:30:45.0913 1516 agnfilt (b09e408f887e8687188ef457bf618c01) C:\WINDOWS\system32\DRIVERS\agnfilt.sys
21:30:45.0913 1516 agnfilt - ok
21:30:46.0053 1516 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
21:30:46.0053 1516 agp440 - ok
21:30:46.0194 1516 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
21:30:46.0194 1516 agpCPQ - ok
21:30:46.0319 1516 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
21:30:46.0319 1516 Aha154x - ok
21:30:46.0444 1516 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
21:30:46.0444 1516 aic78u2 - ok
21:30:46.0569 1516 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
21:30:46.0569 1516 aic78xx - ok
21:30:46.0678 1516 Aldebaran (03a26904786d78552b93bb4d64f0b72f) C:\WINDOWS\System32\Drivers\Aldebaran.sys
21:30:46.0678 1516 Aldebaran - ok
21:30:46.0819 1516 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
21:30:46.0819 1516 AliIde - ok
21:30:46.0928 1516 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
21:30:46.0928 1516 alim1541 - ok
21:30:47.0069 1516 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
21:30:47.0069 1516 amdagp - ok
21:30:47.0194 1516 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
21:30:47.0194 1516 amsint - ok
21:30:47.0350 1516 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
21:30:47.0350 1516 asc - ok
21:30:47.0475 1516 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
21:30:47.0475 1516 asc3350p - ok
21:30:47.0600 1516 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
21:30:47.0600 1516 asc3550 - ok
21:30:47.0741 1516 Aspi32 (eb62fa6d7da4e774e47d376e4d19ca5f) C:\WINDOWS\system32\drivers\Aspi32.sys
21:30:47.0741 1516 Aspi32 - ok
21:30:47.0866 1516 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:30:47.0866 1516 AsyncMac - ok
21:30:47.0975 1516 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:30:47.0991 1516 atapi - ok
21:30:48.0100 1516 Atdisk - ok
21:30:48.0194 1516 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:30:48.0194 1516 Atmarpc - ok
21:30:48.0319 1516 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:30:48.0319 1516 audstub - ok
21:30:48.0397 1516 AvFlt - ok
21:30:48.0475 1516 avpnnic (255284c2475588f79edea559d8d110f7) C:\WINDOWS\system32\DRIVERS\avpnnic.sys
21:30:48.0475 1516 avpnnic - ok
21:30:48.0600 1516 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:30:48.0600 1516 Beep - ok
21:30:48.0663 1516 bvrp_pci - ok
21:30:48.0819 1516 catchme - ok
21:30:48.0913 1516 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
21:30:48.0913 1516 cbidf - ok
21:30:49.0022 1516 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:30:49.0022 1516 cbidf2k - ok
21:30:49.0116 1516 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:30:49.0116 1516 CCDECODE - ok
21:30:49.0225 1516 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
21:30:49.0225 1516 cd20xrnt - ok
21:30:49.0335 1516 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:30:49.0335 1516 Cdaudio - ok
21:30:49.0428 1516 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:30:49.0428 1516 Cdfs - ok
21:30:49.0538 1516 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:30:49.0538 1516 Cdrom - ok
21:30:49.0647 1516 Changer - ok
21:30:49.0741 1516 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:30:49.0741 1516 CmBatt - ok
21:30:49.0866 1516 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
21:30:49.0866 1516 CmdIde - ok
21:30:49.0975 1516 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:30:49.0975 1516 Compbatt - ok
21:30:50.0100 1516 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
21:30:50.0100 1516 Cpqarray - ok
21:30:50.0241 1516 CSN5PDTS82 (89ca27ed0ebd13fb0ff00ddcd5b48c39) C:\WINDOWS\system32\Drivers\CSN5PDTS82.sys
21:30:50.0257 1516 CSN5PDTS82 - ok
21:30:50.0335 1516 CSN5PDTS82x64 - ok
21:30:50.0413 1516 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
21:30:50.0413 1516 dac2w2k - ok
21:30:50.0538 1516 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
21:30:50.0538 1516 dac960nt - ok
21:30:50.0663 1516 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:30:50.0663 1516 Disk - ok
21:30:50.0803 1516 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:30:50.0835 1516 dmboot - ok
21:30:50.0960 1516 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:30:50.0960 1516 dmio - ok
21:30:51.0069 1516 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:30:51.0069 1516 dmload - ok
21:30:51.0178 1516 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:30:51.0178 1516 DMusic - ok
21:30:51.0319 1516 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
21:30:51.0319 1516 DNE - ok
21:30:51.0444 1516 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
21:30:51.0444 1516 dpti2o - ok
21:30:51.0553 1516 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:30:51.0569 1516 drmkaud - ok
21:30:51.0678 1516 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
21:30:51.0678 1516 drvmcdb - ok
21:30:51.0741 1516 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
21:30:51.0741 1516 drvnddm - ok
21:30:51.0850 1516 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
21:30:51.0850 1516 dvd43llh - ok
21:30:51.0991 1516 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:30:51.0991 1516 E100B - ok
21:30:52.0116 1516 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
21:30:52.0116 1516 ElbyCDIO - ok
21:30:52.0257 1516 ElbyDelay (e205c313417da6fa7afe85912a310a65) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
21:30:52.0257 1516 ElbyDelay - ok
21:30:52.0397 1516 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:30:52.0397 1516 Fastfat - ok
21:30:52.0538 1516 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:30:52.0538 1516 Fdc - ok
21:30:52.0647 1516 FilterService (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
21:30:52.0647 1516 FilterService - ok
21:30:52.0757 1516 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB011D.SYS
21:30:52.0757 1516 FINEPIX_PCC - ok
21:30:52.0882 1516 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:30:52.0882 1516 Fips - ok
21:30:53.0007 1516 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:30:53.0007 1516 Flpydisk - ok
21:30:53.0116 1516 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:30:53.0116 1516 FltMgr - ok
21:30:53.0225 1516 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:30:53.0225 1516 Fs_Rec - ok
21:30:53.0366 1516 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:30:53.0382 1516 Ftdisk - ok
21:30:53.0491 1516 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:30:53.0491 1516 GEARAspiWDM - ok
21:30:53.0600 1516 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:30:53.0600 1516 Gpc - ok
21:30:53.0741 1516 hcmon (6934d249d27aab3a0d86e4da9c3ae006) C:\WINDOWS\system32\drivers\hcmon.sys
21:30:53.0741 1516 hcmon - ok
21:30:53.0850 1516 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:30:53.0850 1516 HidUsb - ok
21:30:53.0991 1516 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
21:30:53.0991 1516 hpn - ok
21:30:54.0132 1516 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:30:54.0132 1516 HTTP - ok
21:30:54.0257 1516 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:30:54.0257 1516 i2omgmt - ok
21:30:54.0382 1516 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
21:30:54.0382 1516 i2omp - ok
21:30:54.0491 1516 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:30:54.0491 1516 i8042prt - ok
21:30:54.0647 1516 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:30:54.0663 1516 ialm - ok
21:30:54.0803 1516 ikhlayer (b03903b8273848b340faf061635d7daf) C:\WINDOWS\system32\drivers\ikhlayer.sys
21:30:54.0803 1516 ikhlayer - ok
21:30:54.0928 1516 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:30:54.0928 1516 Imapi - ok
21:30:55.0069 1516 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
21:30:55.0069 1516 ini910u - ok
21:30:55.0241 1516 INO_FLPY (4eb3cd8cd2210807ada276542eb99b06) C:\WINDOWS\system32\Drivers\ino_flpy.sys
21:30:55.0241 1516 INO_FLPY - ok
21:30:55.0366 1516 INO_FLTR (ebfb9e788557aded04aef87247ae56dd) C:\WINDOWS\system32\Drivers\ino_fltr.sys
21:30:55.0366 1516 INO_FLTR - ok
21:30:55.0538 1516 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
21:30:55.0569 1516 IntelC51 - ok
21:30:55.0725 1516 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
21:30:55.0757 1516 IntelC52 - ok
21:30:55.0882 1516 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
21:30:55.0882 1516 IntelC53 - ok
21:30:56.0022 1516 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
21:30:56.0022 1516 IntelIde - ok
21:30:56.0132 1516 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:30:56.0132 1516 intelppm - ok
21:30:56.0257 1516 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:30:56.0257 1516 ip6fw - ok
21:30:56.0382 1516 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:30:56.0382 1516 IpFilterDriver - ok
21:30:56.0460 1516 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:30:56.0460 1516 IpInIp - ok
21:30:56.0569 1516 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:30:56.0569 1516 IpNat - ok
21:30:56.0632 1516 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:30:56.0632 1516 IPSec - ok
21:30:56.0725 1516 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:30:56.0725 1516 IRENUM - ok
21:30:56.0850 1516 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:30:56.0850 1516 isapnp - ok
21:30:56.0975 1516 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:30:56.0975 1516 Kbdclass - ok
21:30:57.0085 1516 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:30:57.0085 1516 kmixer - ok
21:30:57.0210 1516 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:30:57.0210 1516 KSecDD - ok
21:30:57.0303 1516 Lbd - ok
21:30:57.0350 1516 lbrtfdc - ok
21:30:57.0460 1516 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
21:30:57.0460 1516 LMIInfo - ok
21:30:57.0585 1516 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
21:30:57.0585 1516 lmimirr - ok
21:30:57.0678 1516 LMIRfsClientNP - ok
21:30:57.0757 1516 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
21:30:57.0757 1516 LMIRfsDriver - ok
21:30:57.0882 1516 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
21:30:57.0882 1516 LVPr2Mon - ok
21:30:58.0022 1516 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
21:30:58.0022 1516 LVRS - ok
21:30:58.0397 1516 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
21:30:58.0460 1516 LVUVC - ok
21:30:58.0569 1516 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:30:58.0569 1516 mnmdd - ok
21:30:58.0663 1516 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:30:58.0663 1516 Modem - ok
21:30:58.0772 1516 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:30:58.0772 1516 MODEMCSA - ok
21:30:58.0913 1516 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
21:30:58.0913 1516 mohfilt - ok
21:30:59.0038 1516 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:30:59.0038 1516 Mouclass - ok
21:30:59.0147 1516 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:30:59.0147 1516 mouhid - ok
21:30:59.0272 1516 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:30:59.0272 1516 MountMgr - ok
21:30:59.0397 1516 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
21:30:59.0397 1516 mraid35x - ok
21:30:59.0507 1516 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:30:59.0522 1516 MRxDAV - ok
21:30:59.0647 1516 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:30:59.0663 1516 MRxSmb - ok
21:30:59.0819 1516 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:30:59.0819 1516 Msfs - ok
21:30:59.0928 1516 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:30:59.0928 1516 MSKSSRV - ok
21:31:00.0069 1516 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:31:00.0069 1516 MSPCLOCK - ok
21:31:00.0178 1516 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:31:00.0178 1516 MSPQM - ok
21:31:00.0288 1516 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:31:00.0319 1516 mssmbios - ok
21:31:00.0382 1516 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:31:00.0382 1516 MSTEE - ok
21:31:00.0491 1516 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:31:00.0491 1516 Mup - ok
21:31:00.0600 1516 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:31:00.0600 1516 NABTSFEC - ok
21:31:00.0725 1516 Nbf (c087dd7fa47c4a43683df764fbfa30a7) C:\WINDOWS\system32\DRIVERS\nbf.sys
21:31:00.0725 1516 Nbf - ok
21:31:00.0835 1516 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:31:00.0835 1516 NDIS - ok
21:31:00.0975 1516 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:31:00.0975 1516 NdisIP - ok
21:31:01.0100 1516 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:31:01.0100 1516 NdisTapi - ok
21:31:01.0210 1516 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:31:01.0210 1516 Ndisuio - ok
21:31:01.0319 1516 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:31:01.0319 1516 NdisWan - ok
21:31:01.0428 1516 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:31:01.0428 1516 NDProxy - ok
21:31:01.0538 1516 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:31:01.0553 1516 NetBIOS - ok
21:31:01.0600 1516 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:31:01.0600 1516 NetBT - ok
21:31:01.0757 1516 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
21:31:01.0757 1516 NPF - ok
21:31:01.0882 1516 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:31:01.0882 1516 Npfs - ok
21:31:02.0053 1516 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:31:02.0069 1516 Ntfs - ok
21:31:02.0194 1516 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:31:02.0194 1516 Null - ok
21:31:02.0272 1516 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:31:02.0272 1516 NwlnkFlt - ok
21:31:02.0350 1516 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:31:02.0350 1516 NwlnkFwd - ok
21:31:02.0444 1516 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
21:31:02.0444 1516 NwlnkIpx - ok
21:31:02.0569 1516 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
21:31:02.0569 1516 NwlnkNb - ok
21:31:02.0678 1516 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
21:31:02.0694 1516 NwlnkSpx - ok
21:31:02.0788 1516 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:31:02.0788 1516 Parport - ok
21:31:02.0897 1516 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:31:02.0897 1516 PartMgr - ok
21:31:03.0022 1516 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:31:03.0022 1516 ParVdm - ok
21:31:03.0147 1516 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:31:03.0147 1516 PCI - ok
21:31:03.0241 1516 PCIDump - ok
21:31:03.0303 1516 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:31:03.0303 1516 PCIIde - ok
21:31:03.0428 1516 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:31:03.0428 1516 Pcmcia - ok
21:31:03.0538 1516 PDCOMP - ok
21:31:03.0585 1516 PDFRAME - ok
21:31:03.0647 1516 PDRELI - ok
21:31:03.0678 1516 PDRFRAME - ok
21:31:03.0772 1516 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
21:31:03.0772 1516 perc2 - ok
21:31:03.0897 1516 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
21:31:03.0897 1516 perc2hib - ok
21:31:04.0069 1516 PGPdisk (924cff3cd007299108ffc84f3e8715a7) C:\WINDOWS\system32\drivers\PGPdisk.sys
21:31:04.0069 1516 PGPdisk - ok
21:31:04.0194 1516 pgpfs (3d006e3296d3a050dfcf9597d71defbc) C:\WINDOWS\system32\Drivers\PGPfsfd.sys
21:31:04.0194 1516 pgpfs - ok
21:31:04.0319 1516 PGPsdkDriver (fbf203f05eac83283891156eba9c77b7) C:\WINDOWS\system32\Drivers\PGPsdk.sys
21:31:04.0319 1516 PGPsdkDriver - ok
21:31:04.0428 1516 PGPwded (6088a9a7be5b8887f006f8d5e638f9ab) C:\WINDOWS\system32\drivers\PGPwded.sys
21:31:04.0428 1516 PGPwded - ok
21:31:04.0569 1516 Pgpwdefs (1952fba056d35f429c0dfa9f69d12b74) C:\WINDOWS\system32\DRIVERS\Pgpwdefs.sys
21:31:04.0569 1516 Pgpwdefs - ok
21:31:04.0694 1516 Point32 (d0be72557de73acabbab536496d23115) C:\WINDOWS\system32\DRIVERS\point32.sys
21:31:04.0694 1516 Point32 - ok
21:31:04.0835 1516 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:31:04.0835 1516 PptpMiniport - ok
21:31:04.0944 1516 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:31:04.0944 1516 Processor - ok
21:31:05.0100 1516 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:31:05.0100 1516 PSched - ok
21:31:05.0178 1516 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:31:05.0178 1516 Ptilink - ok
21:31:05.0288 1516 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:31:05.0288 1516 PxHelp20 - ok
21:31:05.0428 1516 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
21:31:05.0428 1516 ql1080 - ok
21:31:05.0600 1516 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
21:31:05.0600 1516 Ql10wnt - ok
21:31:05.0757 1516 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
21:31:05.0757 1516 ql12160 - ok
21:31:05.0897 1516 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
21:31:05.0897 1516 ql1240 - ok
21:31:06.0022 1516 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
21:31:06.0022 1516 ql1280 - ok
21:31:06.0132 1516 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:31:06.0132 1516 RasAcd - ok
21:31:06.0225 1516 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:31:06.0225 1516 Rasl2tp - ok
21:31:06.0335 1516 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:31:06.0335 1516 RasPppoe - ok
21:31:06.0397 1516 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:31:06.0397 1516 Raspti - ok
21:31:06.0507 1516 RCFOX (c0bd2630706b705557f7c74a4d5fd20b) C:\WINDOWS\system32\Drivers\RCFOX.sys
21:31:06.0507 1516 RCFOX - ok
21:31:06.0647 1516 rcvpn (808b237c0b31327be1dbd72f14787f7e) C:\WINDOWS\system32\DRIVERS\rcvpn.sys
21:31:06.0647 1516 rcvpn - ok
21:31:06.0772 1516 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:31:06.0772 1516 Rdbss - ok
21:31:06.0897 1516 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:31:06.0897 1516 RDPCDD - ok
21:31:07.0272 1516 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:31:07.0288 1516 rdpdr - ok
21:31:07.0413 1516 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:31:07.0413 1516 RDPWD - ok
21:31:07.0538 1516 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:31:07.0538 1516 redbook - ok
21:31:07.0710 1516 SCDEmu (4eacdfca5503c1050eb3f5251b9f5274) C:\WINDOWS\system32\drivers\SCDEmu.sys
21:31:07.0710 1516 SCDEmu - ok
21:31:07.0850 1516 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:31:07.0850 1516 Secdrv - ok
21:31:07.0991 1516 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:31:08.0007 1516 serenum - ok
21:31:08.0116 1516 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:31:08.0116 1516 Serial - ok
21:31:08.0272 1516 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:31:08.0272 1516 Sfloppy - ok
21:31:08.0382 1516 Simbad - ok
21:31:08.0460 1516 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
21:31:08.0460 1516 sisagp - ok
21:31:08.0569 1516 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:31:08.0569 1516 SLIP - ok
21:31:08.0725 1516 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
21:31:08.0741 1516 smwdm - ok
21:31:08.0850 1516 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
21:31:08.0850 1516 Sparrow - ok
21:31:08.0960 1516 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:31:08.0960 1516 splitter - ok
21:31:09.0085 1516 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:31:09.0085 1516 sr - ok
21:31:09.0225 1516 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
21:31:09.0225 1516 Srv - ok
21:31:09.0335 1516 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
21:31:09.0335 1516 sscdbhk5 - ok
21:31:09.0460 1516 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
21:31:09.0460 1516 ssrtln - ok
21:31:09.0538 1516 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:31:09.0538 1516 streamip - ok
21:31:09.0632 1516 SUSTUCAM (0349f7702b819986c292825c676d00fa) C:\WINDOWS\system32\DRIVERS\sustucam.sys
21:31:09.0632 1516 SUSTUCAM - ok
21:31:09.0741 1516 SUSTUCAP (eadadda1d2b4a736767e4cbb96ae576c) C:\WINDOWS\system32\DRIVERS\sustucap.sys
21:31:09.0741 1516 SUSTUCAP - ok
21:31:09.0882 1516 SUSTUCAU (7a347ea12e02c1c874291ea9c81d1e8f) C:\WINDOWS\system32\DRIVERS\sustucau.sys
21:31:09.0882 1516 SUSTUCAU - ok
21:31:10.0022 1516 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:31:10.0022 1516 swenum - ok
21:31:10.0147 1516 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:31:10.0147 1516 swmidi - ok
21:31:10.0288 1516 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
21:31:10.0288 1516 symc810 - ok
21:31:10.0397 1516 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
21:31:10.0397 1516 symc8xx - ok
21:31:10.0522 1516 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
21:31:10.0522 1516 sym_hi - ok
21:31:10.0632 1516 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
21:31:10.0632 1516 sym_u3 - ok
21:31:10.0772 1516 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:31:10.0772 1516 sysaudio - ok
21:31:10.0913 1516 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:31:10.0928 1516 Tcpip - ok
21:31:11.0069 1516 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
21:31:11.0085 1516 Tcpip6 - ok
21:31:11.0225 1516 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:31:11.0225 1516 TDPIPE - ok
21:31:11.0335 1516 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:31:11.0335 1516 TDTCP - ok
21:31:11.0460 1516 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:31:11.0460 1516 TermDD - ok
21:31:11.0585 1516 tfsnboio (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
21:31:11.0585 1516 tfsnboio - ok
21:31:11.0725 1516 tfsncofs (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
21:31:11.0725 1516 tfsncofs - ok
21:31:11.0850 1516 tfsndrct (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
21:31:11.0850 1516 tfsndrct - ok
21:31:11.0975 1516 tfsndres (0d863d020633025f1e4ad3e0e325d503) C:\WINDOWS\system32\dla\tfsndres.sys
21:31:11.0975 1516 tfsndres - ok
21:31:12.0038 1516 tfsnifs (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
21:31:12.0038 1516 tfsnifs - ok
21:31:12.0163 1516 tfsnopio (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
21:31:12.0163 1516 tfsnopio - ok
21:31:12.0241 1516 tfsnpool (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
21:31:12.0241 1516 tfsnpool - ok
21:31:12.0382 1516 tfsnudf (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
21:31:12.0382 1516 tfsnudf - ok
21:31:12.0444 1516 tfsnudfa (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
21:31:12.0444 1516 tfsnudfa - ok
21:31:12.0569 1516 TMPassthru (690acb48dac04e44a3d5e7654ca3260d) C:\WINDOWS\system32\DRIVERS\TMPassthru.sys
21:31:12.0569 1516 TMPassthru - ok
21:31:12.0585 1516 TMPassthruMP (690acb48dac04e44a3d5e7654ca3260d) C:\WINDOWS\system32\DRIVERS\TMPassthru.sys
21:31:12.0585 1516 TMPassthruMP - ok
21:31:12.0710 1516 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
21:31:12.0710 1516 TosIde - ok
21:31:12.0850 1516 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
21:31:12.0850 1516 tunmp - ok
21:31:12.0991 1516 U2SP (228d8e60bc9c5238587b0bf1654ec580) C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys
21:31:12.0991 1516 U2SP - ok
21:31:13.0132 1516 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:31:13.0132 1516 Udfs - ok
21:31:13.0257 1516 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
21:31:13.0257 1516 ultra - ok
21:31:13.0382 1516 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:31:13.0397 1516 Update - ok
21:31:13.0538 1516 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:31:13.0538 1516 USBAAPL - ok
21:31:13.0663 1516 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:31:13.0663 1516 usbaudio - ok
21:31:13.0788 1516 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
21:31:13.0788 1516 usbbus - ok
21:31:13.0913 1516 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:31:13.0913 1516 usbccgp - ok
21:31:14.0053 1516 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
21:31:14.0053 1516 UsbDiag - ok
21:31:14.0178 1516 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:31:14.0178 1516 usbehci - ok
21:31:14.0288 1516 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:31:14.0288 1516 usbhub - ok
21:31:14.0397 1516 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
21:31:14.0397 1516 USBModem - ok
21:31:14.0522 1516 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:31:14.0522 1516 usbscan - ok
21:31:14.0632 1516 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:31:14.0647 1516 USBSTOR - ok
21:31:14.0772 1516 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:31:14.0772 1516 usbuhci - ok
21:31:14.0897 1516 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:31:14.0897 1516 usbvideo - ok
21:31:15.0038 1516 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:31:15.0038 1516 VgaSave - ok
21:31:15.0163 1516 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
21:31:15.0163 1516 viaagp - ok
21:31:15.0288 1516 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
21:31:15.0288 1516 ViaIde - ok
21:31:15.0413 1516 vmci (c560b5363ad494541deda5da539fb870) C:\WINDOWS\system32\Drivers\vmci.sys
21:31:15.0413 1516 vmci - ok
21:31:15.0538 1516 vmkbd (45e341e59f14cd88a64fdbe74ed0dd13) C:\WINDOWS\system32\drivers\VMkbd.sys
21:31:15.0538 1516 vmkbd - ok
21:31:15.0663 1516 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
21:31:15.0663 1516 VMnetAdapter - ok
21:31:15.0772 1516 VMnetBridge (b9eee650712243ab3b2a94f029d877c4) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
21:31:15.0788 1516 VMnetBridge - ok
21:31:15.0928 1516 VMnetuserif (c4172c1661789d50f27e222288132a72) C:\WINDOWS\system32\drivers\vmnetuserif.sys
21:31:15.0928 1516 VMnetuserif - ok
21:31:16.0069 1516 VMparport (c8f7ad7ad7785a4bc59bf4dfce5df13a) C:\WINDOWS\system32\Drivers\VMparport.sys
21:31:16.0069 1516 VMparport - ok
21:31:16.0241 1516 vmx86 (2177f7269c6cc6a5657f1779eaa6c460) C:\WINDOWS\system32\Drivers\vmx86.sys
21:31:16.0241 1516 vmx86 - ok
21:31:16.0366 1516 vncmirror (efc092b667cbbe3b0a089db902df7ff6) C:\WINDOWS\system32\DRIVERS\vncmirror.sys
21:31:16.0366 1516 vncmirror - ok
21:31:16.0460 1516 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:31:16.0460 1516 VolSnap - ok
21:31:16.0569 1516 vstor2-ws60 (98929c5c5314c4c048e2f60492c26723) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
21:31:16.0569 1516 vstor2-ws60 - ok
21:31:16.0710 1516 w89c940 (4235d8f53979b0dabd259f9019487ba7) C:\WINDOWS\system32\DRIVERS\w940nd.sys
21:31:16.0710 1516 w89c940 - ok
21:31:16.0835 1516 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:31:16.0835 1516 Wanarp - ok
21:31:16.0975 1516 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
21:31:16.0991 1516 wanatw - ok
21:31:17.0053 1516 WDICA - ok
21:31:17.0116 1516 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:31:17.0116 1516 wdmaud - ok
21:31:17.0288 1516 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:31:17.0288 1516 WpdUsb - ok
21:31:17.0397 1516 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:31:17.0397 1516 WS2IFSL - ok
21:31:17.0491 1516 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:31:17.0491 1516 WSTCODEC - ok
21:31:17.0600 1516 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:31:17.0616 1516 WudfPf - ok
21:31:17.0725 1516 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:31:17.0741 1516 WudfRd - ok
21:31:17.0835 1516 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
21:31:17.0866 1516 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
21:31:17.0866 1516 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
21:31:17.0913 1516 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:31:17.0913 1516 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:31:17.0960 1516 Boot (0x1200) (3f5f570cfde06ae7d2c851b28d6823d6) \Device\Harddisk0\DR0\Partition0
21:31:17.0960 1516 \Device\Harddisk0\DR0\Partition0 - ok
21:31:17.0960 1516 ============================================================
21:31:17.0960 1516 Scan finished
21:31:17.0960 1516 ============================================================
21:31:17.0975 3396 Detected object count: 2
21:31:17.0975 3396 Actual detected object count: 2
21:33:03.0053 3396 \Device\Harddisk0\DR0\# - copied to quarantine
21:33:03.0053 3396 \Device\Harddisk0\DR0 - copied to quarantine
21:33:03.0194 3396 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
21:33:03.0194 3396 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
21:33:03.0194 3396 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
21:33:03.0194 3396 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
21:33:03.0210 3396 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
21:33:03.0210 3396 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
21:33:03.0210 3396 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
21:33:03.0272 3396 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
21:33:03.0272 3396 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
21:33:03.0288 3396 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:33:03.0335 3396 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:33:03.0350 3396 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:33:03.0350 3396 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:33:03.0350 3396 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
21:33:03.0366 3396 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
21:33:03.0366 3396 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
21:33:03.0428 3396 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
21:33:03.0460 3396 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
21:33:03.0475 3396 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
21:33:03.0491 3396 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
21:33:04.0022 3396 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine
21:33:04.0022 3396 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
21:33:04.0069 3396 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
21:33:04.0241 3396 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
21:33:04.0303 3396 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
21:33:04.0303 3396 \Device\Harddisk0\DR0 - ok
21:33:04.0303 3396 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
21:33:04.0366 3396 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
21:33:04.0366 3396 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
21:33:04.0366 3396 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
21:33:04.0366 3396 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
21:33:04.0366 3396 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
21:33:04.0382 3396 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
21:33:04.0460 3396 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
21:33:04.0460 3396 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
21:33:04.0460 3396 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
21:33:04.0460 3396 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:33:04.0507 3396 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:33:04.0507 3396 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:33:04.0507 3396 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:33:04.0507 3396 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
21:33:04.0507 3396 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
21:33:04.0553 3396 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
21:33:04.0553 3396 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
21:33:04.0585 3396 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
21:33:04.0600 3396 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
21:33:04.0616 3396 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
21:33:05.0194 3396 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine
21:33:05.0194 3396 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
21:33:05.0210 3396 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
21:33:05.0335 3396 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
21:33:05.0335 3396 \Device\Harddisk0\DR0\TDLFS - deleted
21:33:05.0335 3396 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
21:33:39.0897 3216 Deinitialize success

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,439 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:10 AM

Posted 08 February 2012 - 10:53 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#9 NSSHelp

NSSHelp
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 09 February 2012 - 09:57 AM

ComboFix 12-02-09.02 - Danny 02/09/2012 8:34.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1408 [GMT -5:00]
Running from: c:\documents and settings\Danny\Desktop\ComboFix.exe
AV: eTrust ITM *Disabled/Updated* {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Danny\Application Data\AdobeDLM.log
c:\documents and settings\Danny\Application Data\ImgBurn.exe
c:\documents and settings\Danny\g2mdlhlpx.exe
c:\documents and settings\Danny\GoToAssistDownloadHelper.exe
c:\documents and settings\Danny\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Danny\My Documents\Readiris.DUS
c:\documents and settings\Danny\update-2.0.1.11.exe
c:\documents and settings\Danny\update-2.0.1.22.exe
c:\documents and settings\Danny\update-2.0.1.28.exe
c:\documents and settings\Danny\update-2.0.1.31.exe
c:\documents and settings\Danny\update-2.0.1.54.exe
c:\documents and settings\Danny\WINDOWS
C:\drvrtmp
c:\windows\~GLC0000.TMP
c:\windows\dasetup.log
c:\windows\Downloaded Program Files\x64
c:\windows\Downloaded Program Files\x86
c:\windows\system32\bin
c:\windows\system32\bin\libexif-12.dll
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\REN11C8.tmp
c:\windows\system32\REN11D9.tmp
c:\windows\system32\REN11EB.tmp
c:\windows\system32\REN1200.tmp
c:\windows\system32\SET101.tmp
c:\windows\system32\SET104.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET187.tmp
c:\windows\system32\SET18A.tmp
c:\windows\system32\SET196.tmp
c:\windows\system32\SET198.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET74.tmp
c:\windows\system32\SET7D.tmp
c:\windows\system32\SETF5.tmp
c:\windows\system32\SETF8.tmp
c:\windows\system32\SETFB.tmp
c:\windows\winhelp.ini
c:\windows\system32\kspydoc.log . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MSASVC
-------\Legacy_SYSTEMNTMI
-------\Service_MsaSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 02:33 . 2012-02-09 02:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-08 21:53 . 2012-02-08 21:53 -------- d-----w- c:\program files\ESET
2012-02-08 17:32 . 2012-02-08 17:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-03 13:59 . 2012-02-06 20:54 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-02-02 22:45 . 2010-06-22 22:12 26696 ----a-r- c:\windows\system32\drivers\pavboot.sys
2012-02-01 20:31 . 2012-02-02 15:50 -------- d-----w- C:\bd_logs
2012-02-01 17:40 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-27 16:13 . 2003-12-12 16:08 495616 ----a-w- c:\windows\system32\Scanner.dll
2012-01-27 16:13 . 2000-03-18 22:49 24576 ----a-w- c:\windows\system32\CompressZItLib6.dll
2012-01-27 16:13 . 2009-04-21 15:33 4145264 ----a-w- c:\windows\system32\vbcorlib.dll
2012-01-27 16:13 . 2008-06-26 01:07 856064 ----a-w- c:\windows\system32\EvoVoIP.dll
2012-01-27 16:13 . 1999-11-05 05:00 131968 ----a-w- c:\windows\system32\DHTMLED.OCX
2012-01-27 16:12 . 2012-01-27 16:14 -------- d-----w- c:\program files\Outlook Messenger
2012-01-24 13:35 . 2012-01-24 13:35 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-24 13:35 . 2012-01-24 13:35 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-24 13:35 . 2012-01-24 13:35 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-24 13:35 . 2012-01-24 13:35 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-20 14:36 . 2012-01-20 14:36 -------- d-----w- c:\program files\iPod
2012-01-20 14:36 . 2012-01-20 14:37 -------- d-----w- c:\program files\iTunes
2012-01-20 14:35 . 2012-01-20 14:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-01-20 14:34 . 2012-01-20 14:34 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 17:31 . 2010-06-07 13:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-07 13:49 . 2009-07-17 18:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-07 13:49 . 2009-07-17 18:30 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-07 13:49 . 2009-07-17 18:30 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-07 13:49 . 2009-07-17 18:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-06 14:17 . 2010-02-08 17:24 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-19 13:37 . 2009-07-17 18:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-12-19 13:37 . 2009-07-17 18:30 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2011-11-21 20:55 . 2011-05-27 20:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-17 21:32 . 2011-11-17 21:32 3584 ----a-r- c:\documents and settings\Danny\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-01-24 13:35 . 2011-05-03 12:39 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2005-09-15 22:26 . 2005-03-02 14:46 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2011-01-13 02:42 1056888 ----a-w- c:\windows\SYSTEM32\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Task Killer"="c:\program files\Task Killer\TaskKiller.exe" [2007-11-04 221696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Client Access Service"="c:\program files\IBM\Client Access\CwbSvStr.Exe" [1999-01-08 6928]
"Dimension4"="c:\program files\Utilities\D4\D4.exe" [2004-02-04 200704]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2007-11-20 731136]
"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2008-02-08 407368]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-06 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-07 13:49 87424 ----a-w- c:\windows\SYSTEM32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SYSTEM32\PGPmapih.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli PGPpwflt
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Danny^Start Menu^Programs^StartUp^Task Killer.lnk]
backup=c:\windows\pss\Task Killer.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LapLink Scheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LapLink Server Proxy
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinGuard Pro
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 06:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2005-07-12 05:17 50776 ----a-w- c:\program files\America Online 9.0c\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLPSP]
2005-10-06 04:00 126976 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 13:04 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2011-11-04 12:35 6480192 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1119442462\EE\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
2007-04-25 19:28 954368 ----a-w- c:\program files\HP\Dfawep\bin\hpbdfawep.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2005-12-04 20:39 461584 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2010-05-07 22:35 165208 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2005-05-09 19:32 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-05-09 19:32 135168 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutlookMessenger]
2011-06-24 21:08 7266304 ----a-w- c:\program files\Outlook Messenger\OutlookMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2009-10-24 07:18 597792 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
2004-04-05 21:33 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2011-12-06 14:01 499312 ----a-w- c:\program files\real\realplayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 03:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 20:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
2005-12-04 20:39 461584 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2010-09-21 06:42 64048 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VuRoom]
2010-07-15 02:22 324371 ----a-w- c:\program files\VuRoom\VuRoom.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LapLink Gold\\laplink.exe"=
"c:\\Program Files\\Utilities\\D4\\D4.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1119442462\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 Achernar;Achernar - SCSI Command Filters;c:\windows\SYSTEM32\DRIVERS\Achernar.sys [1/26/2006 1:59 PM 16855]
R0 pgpfs;PGP File Sharing;c:\windows\SYSTEM32\DRIVERS\PGPfsfd.sys [1/12/2011 9:42 PM 136824]
R0 Pgpwdefs;Pgpwdefs;c:\windows\SYSTEM32\DRIVERS\PGPwdefs.sys [1/12/2011 9:42 PM 13432]
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\CSN5PDTS82.sys [10/12/2010 2:52 PM 28184]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\SYSTEM32\DRIVERS\RCFOX.SYS [6/26/2006 2:13 PM 78032]
R2 Alert Notification Server;Alert Notification Server;c:\program files\CA\SharedComponents\Alert\alert.exe [9/9/2011 9:07 AM 214928]
R2 CenLPD;Century LPD;c:\program files\Century\TinyTERM\CenLPD.exe [11/20/2009 10:46 AM 107976]
R2 InoNmSrv;eTrust ITM Server Service;c:\program files\CA\eTrustITM\InoNmSrv.exe [2/8/2008 5:58 PM 278528]
R2 InoWeb;eTrust ITM Web Access Service;c:\program files\CA\eTrustITM\InoWeb.exe [2/8/2008 5:58 PM 282624]
R2 IntegraTransferService;Integra Transfer Service;c:\program files\Integra\Deployment\Bin\IS.WM.Deployment.ServiceProviders.IntegraTransferService.exe [11/7/2008 8:58 AM 8704]
R2 IntegraUpdateService;Integra Update Service;c:\program files\Integra\Deployment\Bin\IS.WM.Deployment.ServiceProviders.IntegraUpdateService.exe [11/7/2008 8:58 AM 9216]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 8:57 AM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 5:46 PM 12856]
R2 NPF;Netgroup Packet Filter;c:\windows\SYSTEM32\DRIVERS\npf.sys [6/1/2008 2:13 AM 34064]
R2 PGP RDD Service;PGP RDD Service;c:\program files\PGP Corporation\PGP Desktop\RDDService.exe [1/12/2011 9:42 PM 166520]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 2:18 AM 360224]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [5/18/2009 11:57 AM 582992]
R2 vmci;VMware vmci;c:\windows\SYSTEM32\DRIVERS\vmci.sys [9/21/2010 1:42 AM 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [9/21/2010 12:42 AM 539184]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\SYSTEM32\DRIVERS\Aldebaran.sys [1/26/2006 1:59 PM 21808]
R3 TMPassthruMP;TMPassthruMP;c:\windows\SYSTEM32\DRIVERS\TMPassthru.sys [5/18/2009 11:57 AM 206608]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys --> c:\windows\system32\Drivers\CSN5PDTS82x64.sys [?]
S2 ApacheContentServer;Apache Content Server;c:\program files\CA\eTrustITM\Apache\bin\Apache.exe [8/20/2007 3:53 PM 13824]
S2 ApacheTomcatApplicationServer;Apache Tomcat Application Server;c:\program files\CA\SharedComponents\ThirdParty\Tomcat\5.5\bin\tomcat5.exe [8/20/2007 3:54 PM 102400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate1cad4c32716b512;Google Update Service (gupdate1cad4c32716b512);c:\program files\Google\Update\GoogleUpdate.exe [4/5/2010 8:23 AM 133104]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 CentralClaim;QS/1 CentralClaim;c:\qs1\CentralClaim.exe [5/18/2007 1:23 PM 454656]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/5/2010 8:23 AM 133104]
S3 QIA;QS/1 Install Agent;c:\qs1\QIA\Qia.exe [2/28/2007 11:28 AM 693600]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\SYSTEM32\DRIVERS\rcvpn.sys [6/26/2006 2:11 PM 23180]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\SYSTEM32\DRIVERS\sustucam.sys [4/4/2007 7:50 PM 38272]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\SYSTEM32\DRIVERS\sustucap.sys [4/4/2007 7:50 PM 38272]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\SYSTEM32\DRIVERS\sustucau.sys [4/4/2007 7:56 PM 21376]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\SYSTEM32\DRIVERS\TMPassthru.sys [5/18/2009 11:57 AM 206608]
S3 w89c940;Winbond W89C940 PCI Ethernet Adapter Driver;c:\windows\SYSTEM32\DRIVERS\w940nd.sys [10/24/2001 4:29 PM 17992]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 DCA Health Check;DCA Health Check;"c:\program files\Data Collector Agent\support\DCAServiceHC.exe" --> c:\program files\Data Collector Agent\support\DCAServiceHC.exe [?]
S4 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [6/9/2006 9:21 AM 135168]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-02-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 13:22]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 13:22]
.
2012-02-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2420842395-2170736949-2373062627-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2012-01-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2420842395-2170736949-2373062627-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.search.msn.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
LSP: c:\windows\system32\PGPlsp.dll
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
Trusted Zone: 10.0.0.35
Trusted Zone: danny
Trusted Zone: 10.0.0.35
Trusted Zone: 192.168.1.230
TCP: Interfaces\{2179B0FE-2DF5-4CB3-82D0-4759CAADFEA1}: NameServer = 64.89.74.2,64.89.70.2
TCP: Interfaces\{7E21E39C-0F28-4B0C-8F72-06B2FD92333B}: NameServer = 64.89.70.2,64.89.74.2
DPF: {037790A6-1576-11D6-903D-00105AABADD3} - hxxps://limeportal.ivans.com/controls/sglw2hcm.ocx
DPF: {A296A3EE-1F64-4E43-A166-83FC4219A825} - hxxp://192.168.1.230/docmgmtweb/Common/Setup/Client/Client.CAB
DPF: {E3DEBF7A-3918-4F71-970C-5F49AFFBF1B0} - hxxp://192.168.1.230/docmgmtweb/Common/Setup/Client/DocuTrack%204.0%20Client.CAB
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\Danny\Application Data\Mozilla\Firefox\Profiles\cni1dszr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo Search
FF - prefs.js: browser.startup.homepage - hxxp://www.cjob.com/other/audiovault.html
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=50395&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKU-Default-Run-Spyware Doctor - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-NavLogon - (no file)
MSConfigStartUp-Mail - (no file)
AddRemove-Lavasoft VX2 Cleaner - c:\progra~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE
AddRemove-oggcodecs - c:\program files\illiminable\oggcodecs\uninst.exe
AddRemove-WZCLINE - c:\program files\WinZip\winzip32
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-09 08:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2420842395-2170736949-2373062627-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
.
- - - - - - - > 'explorer.exe'(4176)
c:\windows\system32\WININET.dll
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
c:\windows\System32\PGPfsshl.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CA\eTrustITM\ppcl.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PGPserv.exe
c:\program files\Spyware Doctor\sdhelp.exe
c:\windows\system32\vmnat.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\vmnetdhcp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-02-09 09:03:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-09 14:02
.
Pre-Run: 4,584,783,872 bytes free
Post-Run: 4,577,677,312 bytes free
.
- - End Of File - - 823BB3B6F2F457B60848B96A1DAF1C0A

#10 NSSHelp

NSSHelp
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 09 February 2012 - 04:52 PM

I ran eset's online scanner today. I hope that isn't a problem, but I wanted to let you know what it cleaned. I haven't run any other scans besides this.

Text of cleaned items:

C:\Documents and Settings\Danny\My Documents\My Backups\Jump Drive\RegistryEasy_Setup001.exe a variant of Win32/Adware.RegistryEasy application deleted - quarantined
C:\Documents and Settings\Danny\My Documents\My Downloads\Demos\Mail\SpaceMonger\cnet2_spcmn211_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acslang.exe probably a variant of Win32/StartPage.HSZAKFT trojan deleted - quarantined
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acssetup.exe probably a variant of Win32/StartPage.HSZAKFT trojan deleted - quarantined
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP5\A0004630.exe a variant of Win32/Adware.RegistryEasy application deleted - quarantined
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP5\A0004631.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP5\A0004632.exe probably a variant of Win32/StartPage.HSZAKFT trojan deleted - quarantined
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP5\A0004633.exe probably a variant of Win32/StartPage.HSZAKFT trojan deleted - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Kryptik.ZQI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmasco.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\mbr0000\tdlfs0000\tsk0007.dta a variant of Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\mbr0000\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\tdlfs0000\tsk0005.dta a variant of Win32/Kryptik.ZQI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\tdlfs0000\tsk0006.dta Win64/Olmasco.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\tdlfs0000\tsk0007.dta a variant of Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\tdlfs0000\tsk0009.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_21.30.13\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,439 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:10 AM

Posted 09 February 2012 - 05:34 PM

Ok,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

Please advise how the computer is running now and if there are any outstanding issues
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#12 NSSHelp

NSSHelp
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 09 February 2012 - 09:43 PM

I really appreciate your help. I didn't know how to get rid of this one. It is running great now and I have no other issues.

MBAM log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Danny :: DANNY [administrator]

2/9/2012 7:07:50 PM
mbam-log-2012-02-09 (19-07-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241051
Time elapsed: 8 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,439 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:10 AM

Posted 09 February 2012 - 09:57 PM

Hi

Just some housekeeping to do now,

Please do the following:


You can delete the TDSSKiller and aswMBR logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT


Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.



If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#14 NSSHelp

NSSHelp
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 10 February 2012 - 09:32 AM

Thanks again for all your help and also for the useful advice. The issue is resolved and you may close the thread.

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,439 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:10 AM

Posted 10 February 2012 - 06:12 PM

you are welcome

stay safe :hello:

~CB
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users