Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Not Receiving Unless in Safe Mode


  • This topic is locked This topic is locked
17 replies to this topic

#1 spclk187

spclk187

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 31 December 2009 - 08:50 AM

My Internet will not receive, unless I am logged into Safe Mode. When I restart my computer I keep getting an error message also about a missing file named "vejorafa.dll".

This just happened shortly after running Microsoft Security Essentials, as well as Spybot to clean my computer.

Please help!

A combofix log is attached also.

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:35 PM

Posted 08 January 2010 - 07:43 PM

Hi spclk187,

Welcome to BC HijackThis forum and apologies for the delay. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

In case the issue in not resolved yet please update me about the current condition of your computer.

Regards,

farbar

#3 spclk187

spclk187
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 12 January 2010 - 06:40 PM

I having issues again, except I can access the Internet via Firefox and IE7, but not on IE8, please help!

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:35 PM

Posted 12 January 2010 - 06:57 PM

  • Please give a detailed description of the issues other than IE8 issue.

  • Download the GMER Rootkit Scanner exe file from here and save it to your desktop.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
    • Click on this link to see a list of programs that should be disabled.
    • Disconnect from the Internet and close all running programs.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
      • Sections
      • IAT/EAT
      • Drives/Partition other than C:\ drive (C:\ drive should remain checked)
      • Show All (this one also should be unchecked)
    • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
    • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
    • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Under Output select "Standard Output" checkbox.
    • Set Services, Drivers and Standard Registry to All.
    • Click Run Scan button.
    • Two reports will open, copy and paste them to your reply:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#5 spclk187

spclk187
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 16 January 2010 - 05:54 PM

I ran as you stated. The "gmer.log" is empty, it said there were no changes to the computer that it could find after the scan completed. Below are the other two logs you requested.

EXTRAS
OTL Extras logfile created on: 1/16/2010 5:13:08 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Frank\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 3.53 Gb Free Space | 25.30% Space Free | Partition Type: NTFS
Drive D: | 129.07 Gb Total Space | 124.87 Gb Free Space | 96.74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEGADGETS
Current User Name: Frank
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Security Essentials\MsMpEng.exe" = C:\Program Files\Microsoft Security Essentials\MsMpEng.exe:*:Enabled:MsMpEng -- (Microsoft Corporation)
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" = C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe:*:Enabled:AcroRd32 -- (Adobe Systems Incorporated)
"C:\Program Files\Java\jre6\bin\jusched.exe" = C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:jusched -- (Sun Microsystems, Inc.)
"D:\Program Files\SopCast\adv\SopAdver.exe" = D:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"D:\Program Files\SopCast\SopCast.exe" = D:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D490016-5D01-4CB3-A037-55814AC63D2E}" = Giga Pocket Hardware Library 5.5
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.6
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 17
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4C75086F-7753-41B9-8B4C-F38DE6CC8C20}" = VAIO Remote Commander Utility 6.2
"{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}" = VAIO BrightColor Wallpaper
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FA1C51C-6E35-42C1-B2EC-DC9FA1E20694}" = OpenMG Secure Module 3.3.01
"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 2.6
"{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 1.6.00
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 2.6
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 1.3
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{979F6A6B-4CB0-424E-8E70-AA2ED38B4CCC}" = Giga Pocket Demo Movie
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C24C3F25-CC7F-41D5-B03D-24F8059BABAD}" = Garmin USB Drivers
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb
"{CBC85F2E-1981-4C55-9418-908D08D2C6E8}" = OLYMPUS Master 2
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EEDE14A2-A5DC-459E-BB58-178EED03712F}" = Giga Pocket 5.5
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FEA0CE81-7FC7-AAAE-FC8C-241A5F8684F0}" = Supercast
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1" = Supercast
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape (7.02)" = Netscape (7.02)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PlayFLV" = PlayFLV
"PROSet" = Intel® PRO Network Adapters and Drivers
"Q903235" = Internet Explorer Q903235
"RegCure" = RegCure
"SopCast" = SopCast 3.2.4
"TBSB00982.TBSB00982Toolbar" = Ant.com Toolbar
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Welcome to VAIO life" = Welcome to VAIO life
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/16/2010 5:54:30 PM | Computer Name = THEGADGETS | Source = ESENT | ID = 489
Description = wuauclt (460) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 1/16/2010 5:54:30 PM | Computer Name = THEGADGETS | Source = ESENT | ID = 455
Description = wuaueng.dll (460) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 1/16/2010 5:54:40 PM | Computer Name = THEGADGETS | Source = ESENT | ID = 489
Description = wuauclt (484) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 1/16/2010 5:54:40 PM | Computer Name = THEGADGETS | Source = ESENT | ID = 455
Description = wuaueng.dll (484) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 1/16/2010 5:54:50 PM | Computer Name = THEGADGETS | Source = ESENT | ID = 489
Description = wuauclt (484) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 1/16/2010 5:54:50 PM | Computer Name = THEGADGETS | Source = ESENT | ID = 455
Description = wuaueng.dll (484) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 1/16/2010 5:55:01 PM | Computer Name = THEGADGETS | Source = ESENT | ID = 489
Description = wuauclt (840) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 1/16/2010 5:55:01 PM | Computer Name = THEGADGETS | Source = ESENT | ID = 455
Description = wuaueng.dll (840) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 1/16/2010 5:55:11 PM | Computer Name = THEGADGETS | Source = ESENT | ID = 489
Description = wuauclt (840) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 1/16/2010 5:55:11 PM | Computer Name = THEGADGETS | Source = ESENT | ID = 455
Description = wuaueng.dll (840) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 1/13/2010 8:53:44 PM | Computer Name = THEGADGETS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/13/2010 8:55:34 PM | Computer Name = THEGADGETS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.2 for the Network Card with network
address 821526457F0A has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 1/13/2010 9:33:22 PM | Computer Name = THEGADGETS | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/14/2010 7:09:06 PM | Computer Name = THEGADGETS | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 98.249.84.226 on
the Network Card with network address 000EA63C16E5.

Error - 1/14/2010 7:18:26 PM | Computer Name = THEGADGETS | Source = Dhcp | ID = 1002
Description = The IP address lease 98.249.84.226 for the Network Card with network
address 000EA63C16E5 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 1/14/2010 7:18:54 PM | Computer Name = THEGADGETS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.2 for the Network Card with network
address 000EA63C16E5 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 1/14/2010 7:19:33 PM | Computer Name = THEGADGETS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 1/14/2010 7:20:31 PM | Computer Name = THEGADGETS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 1/16/2010 9:52:30 AM | Computer Name = THEGADGETS | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 98.249.84.226 on
the Network Card with network address 000EA63C16E5.

Error - 1/16/2010 2:58:11 PM | Computer Name = THEGADGETS | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 98.249.84.226 on
the Network Card with network address 000EA63C16E5.


< End of report >


OTL
OTL logfile created on: 1/16/2010 5:13:08 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Frank\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 3.53 Gb Free Space | 25.30% Space Free | Partition Type: NTFS
Drive D: | 129.07 Gb Total Space | 124.87 Gb Free Space | 96.74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEGADGETS
Current User Name: Frank
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/14 08:38:40 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
PRC - [2010/01/12 08:26:33 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/10 12:38:32 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/05/11 23:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2003/11/16 00:00:00 | 00,335,872 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2003/05/23 13:43:00 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2002/08/20 13:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe


========== Modules (SafeList) ==========

MOD - [2010/01/14 08:38:40 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe


========== Win32 Services (All) ==========

SRV - [2009/11/06 09:20:16 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/06/10 01:14:49 | 00,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/04/26 21:30:14 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/09 07:10:48 | 00,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/02/09 07:10:48 | 00,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 06:11:05 | 00,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 06:11:05 | 00,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/07/07 15:26:58 | 00,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 12:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/04/13 19:12:40 | 00,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/13 19:12:38 | 00,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:12:38 | 00,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2008/04/13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 19:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\svchost.exe -- (HidServ)
SRV - [2008/04/13 19:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\svchost.exe -- (AppMgmt)
SRV - [2008/04/13 19:12:35 | 00,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/13 19:12:33 | 00,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/13 19:12:29 | 00,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 19:12:29 | 00,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 19:12:28 | 00,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:27 | 00,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/13 19:12:25 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/13 19:12:24 | 00,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2008/04/13 19:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/13 19:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:22 | 00,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:17 | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/13 19:12:14 | 00,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/13 19:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/13 19:12:12 | 00,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 00,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/13 19:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/13 19:12:11 | 00,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:10 | 00,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 19:12:09 | 00,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/13 19:12:08 | 00,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2008/04/13 19:12:08 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/13 19:12:08 | 00,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008/04/13 19:12:08 | 00,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/13 19:12:08 | 00,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 19:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/13 19:12:07 | 00,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:07 | 00,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2008/04/13 19:12:07 | 00,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/13 19:12:07 | 00,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/13 19:12:05 | 00,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:12:05 | 00,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:05 | 00,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:05 | 00,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:05 | 00,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2008/04/13 19:12:05 | 00,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/13 19:12:03 | 00,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/13 19:12:03 | 00,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/13 19:12:03 | 00,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 19:12:01 | 00,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/13 19:11:59 | 00,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 19:11:57 | 00,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 19:11:56 | 00,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/13 19:11:56 | 00,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:11:55 | 00,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2008/04/13 19:11:53 | 00,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/13 19:11:52 | 00,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:11:52 | 00,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/04/13 19:11:52 | 00,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/13 19:11:52 | 00,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:11:51 | 00,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/13 19:11:51 | 00,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:50 | 00,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:50 | 00,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:49 | 00,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/18 20:47:16 | 00,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/28 17:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)
SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/10/21 00:00:56 | 01,286,144 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/10/21 00:00:40 | 00,712,704 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2003/10/21 00:00:40 | 00,712,704 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2003/10/21 00:00:40 | 00,712,704 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2003/10/21 00:00:38 | 00,057,344 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2003/10/21 00:00:38 | 00,057,344 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2003/10/21 00:00:38 | 00,057,344 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
SRV - [2003/10/21 00:00:14 | 00,925,696 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - [2003/10/21 00:00:08 | 00,503,897 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)
SRV - [2003/10/03 15:24:06 | 00,090,112 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\Giga Pocket\RM_SV.exe -- (Sony TV Tuner Manager)
SRV - [2003/09/25 16:38:56 | 00,118,784 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\Giga Pocket\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/08/18 20:56:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/07/28 20:31:14 | 00,065,536 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/03/31 07:00:00 | 00,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Boot | Stopped] -- -- (tgsqcvh)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (grmnusb)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (aaudstum)
DRV - [2009/11/13 19:49:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2009/10/20 11:20:16 | 00,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/24 06:18:41 | 00,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/06/18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/12/11 05:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2008/08/14 05:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 06:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 19:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 19:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 19:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 19:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 14:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 14:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 14:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 14:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 14:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 14:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 14:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 14:18:00 | 00,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 14:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 14:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 14:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 14:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 14:15:45 | 00,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 14:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 14:00:19 | 00,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 13:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 13:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 13:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 13:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 13:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 13:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 13:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 13:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 13:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 13:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 13:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 13:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2008/04/13 13:53:23 | 00,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bridge.sys -- (BridgeMP)
DRV - [2008/04/13 13:53:23 | 00,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bridge.sys -- (Bridge)
DRV - [2008/04/13 13:51:25 | 00,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 13:51:25 | 00,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 13:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 13:47:37 | 00,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 13:46:25 | 00,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC)
DRV - [2008/04/13 13:46:24 | 00,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC)
DRV - [2008/04/13 13:46:23 | 00,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE)
DRV - [2008/04/13 13:46:23 | 00,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP)
DRV - [2008/04/13 13:46:22 | 00,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP)
DRV - [2008/04/13 13:46:21 | 00,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip)
DRV - [2008/04/13 13:46:18 | 00,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 13:45:39 | 00,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 13:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 13:45:37 | 00,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 13:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 13:45:35 | 00,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 13:45:34 | 00,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 13:45:27 | 00,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 13:45:13 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 13:45:09 | 00,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 13:45:09 | 00,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 13:45:07 | 00,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 13:45:01 | 00,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 13:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 13:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 13:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 13:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 13:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 13:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 13:40:47 | 00,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 13:40:27 | 00,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 13:40:25 | 00,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 13:40:25 | 00,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 13:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 13:39:53 | 00,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 13:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 13:39:51 | 00,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 13:39:50 | 00,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/04/13 13:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 13:39:47 | 00,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 13:39:47 | 00,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 13:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 13:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 13:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 13:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 13:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/13 13:36:43 | 00,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:36:41 | 00,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\agp440.sys -- (agp440)
DRV - [2008/04/13 13:36:35 | 00,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/13 13:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 13:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 13:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 13:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 13:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 13:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 13:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 13:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 11:39:23 | 00,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/09/28 18:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 17:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2005/03/07 23:43:27 | 00,021,744 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/03/07 23:43:26 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/03/07 23:43:25 | 00,051,120 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2003/11/16 00:40:34 | 00,621,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/30 14:20:54 | 00,766,848 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2003/10/01 17:48:24 | 00,594,048 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/08/18 20:56:00 | 01,343,803 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/05/23 13:44:00 | 01,171,648 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/04/15 12:40:54 | 00,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/04/15 12:40:46 | 00,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/04/15 12:39:46 | 00,090,907 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2003/03/31 07:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2003/03/31 07:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2003/03/31 07:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2003/03/31 07:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2003/03/31 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/31 07:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2003/03/31 07:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2003/03/31 07:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2003/03/31 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2003/03/31 07:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2003/03/31 07:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2003/03/31 07:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2003/03/31 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2003/03/31 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2003/03/31 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2003/03/31 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2003/03/31 07:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2003/03/11 08:21:38 | 00,121,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel®
DRV - [2003/03/04 14:56:26 | 00,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2002/04/01 17:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 16:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2001/08/17 12:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 08:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 07:11:06 | 00,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2000/12/05 19:18:02 | 00,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\S-1-5-21-349650993-1871975044-1433938290-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\S-1-5-21-349650993-1871975044-1433938290-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\S-1-5-21-349650993-1871975044-1433938290-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://yahoo.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.1.110
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.17

FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2007/06/14 16:52:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/10 22:28:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/13 19:21:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/12 08:26:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/01/11 18:58:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2009/12/14 19:09:51 | 00,000,000 | ---D | M]

[2009/05/16 10:08:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Extensions
[2009/05/16 10:08:21 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/01/16 14:12:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\nme8guaw.default\extensions
[2009/11/28 08:31:40 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\nme8guaw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/14 23:09:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\nme8guaw.default\extensions\toolbar@ask.com
[2010/01/16 14:12:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/12 08:26:39 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/12/14 19:09:54 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/01/12 08:26:32 | 00,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/01/12 08:26:32 | 00,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/11/19 17:16:28 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/13 19:47:38 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/11/19 17:16:29 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/12 08:26:36 | 00,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/12/09 17:53:32 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/12/09 17:53:32 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/12/09 17:53:32 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/12/09 17:53:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/12/09 17:53:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/12/09 17:53:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/12/09 17:53:33 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/11/06 09:20:16 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/11/28 08:35:27 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/28 08:35:27 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/28 08:35:27 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/28 08:35:27 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/28 08:35:27 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/11/28 08:35:27 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/28 08:35:27 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (371110 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12818 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (TBSB00982 Class) - {DA3D342F-FF20-4E31-9E82-22334155730C} - D:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - D:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - D:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1259331278734 (MUWebControl Class)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} http://launch.gamespyarcade.com/software/launch/alaunch.cab (GSDACtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Frank\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Frank\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/01 20:36:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/14 08:38:46 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
[2010/01/11 19:21:02 | 16,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Frank\Desktop\IE8-WindowsXP-x86-ENU.exe
[2010/01/10 09:30:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Local Settings\Application Data\nvgbry
[2010/01/01 08:34:59 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/01 07:58:39 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/01 07:58:37 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/01 07:58:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/31 08:28:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/06/02 06:25:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/05/15 18:04:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/04/26 21:29:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/04/16 15:02:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/04/16 15:02:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/12 06:19:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/01/02 16:30:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/02/05 17:37:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2005/12/28 18:18:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2005/12/26 12:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2003/12/01 20:37:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2003/12/01 20:35:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/16 17:17:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{25AF3A08-3319-47AE-9C2D-9D6A6C711958}.job
[2010/01/16 17:13:24 | 08,912,896 | -H-- | M] () -- C:\Documents and Settings\Frank\ntuser.dat
[2010/01/16 17:01:00 | 00,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/01/16 17:00:00 | 00,000,406 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/16 14:43:19 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/16 14:41:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A5E6A8F4-77E6-4434-9884-954026D20073}.job
[2010/01/16 14:39:17 | 00,000,378 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/16 14:37:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/16 14:37:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/16 14:37:53 | 53,626,8800 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/14 08:56:32 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Frank\ntuser.ini
[2010/01/14 08:46:01 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/14 08:38:40 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
[2010/01/14 03:48:00 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/13 20:39:09 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\v50mfrn6.exe
[2010/01/13 20:11:12 | 00,371,110 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/12 07:25:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/11 21:21:07 | 00,000,428 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/01/11 19:23:42 | 16,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Frank\Desktop\IE8-WindowsXP-x86-ENU.exe
[2010/01/11 08:20:58 | 00,067,072 | ---- | M] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 12:39:06 | 00,215,316 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\P29163202.jpg
[2009/12/31 08:35:03 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/31 08:34:32 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100113-201112.backup
[2009/12/30 22:43:18 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/30 08:13:08 | 00,194,131 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\December_2009_ODD_Definitive_Supplement.pdf
[2009/12/29 08:40:14 | 06,425,856 | -H-- | M] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\IconCache.db
[2009/12/18 18:52:02 | 00,003,688 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/17 19:38:59 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Resume_Cundari_Frank.doc
[2009/12/17 19:09:41 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Cover.doc
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,001,323 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm
[2010/01/13 20:39:07 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\v50mfrn6.exe
[2010/01/13 19:54:28 | 53,626,8800 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/05 12:39:05 | 00,215,316 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\P29163202.jpg
[2010/01/01 08:17:13 | 00,000,388 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2009/12/30 08:13:07 | 00,194,131 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\December_2009_ODD_Definitive_Supplement.pdf
[2009/12/17 13:08:47 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/12/05 17:23:01 | 00,000,428 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/11/30 15:45:28 | 00,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/08/09 11:08:04 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/01/25 22:30:48 | 00,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/12/27 20:59:25 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/02/05 17:37:24 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/02/05 17:37:24 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/11/26 12:52:06 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/12 01:13:29 | 00,010,022 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/06/25 17:55:16 | 00,000,035 | ---- | C] () -- C:\WINDOWS\systemex.ini
[2004/06/06 02:43:16 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/06/06 02:43:04 | 00,000,009 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2004/06/06 02:01:15 | 00,067,072 | ---- | C] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/06 01:43:50 | 00,000,860 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/01/06 23:17:03 | 00,001,295 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2004/01/06 23:16:33 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/12/02 15:44:25 | 00,000,890 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/12/02 15:41:26 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/12/02 15:40:09 | 00,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/12/02 15:39:35 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/12/01 20:53:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/01 20:39:54 | 00,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/12/01 19:28:56 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/12/01 19:28:51 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/12/01 19:28:51 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/12/01 19:28:41 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2003/12/01 19:28:40 | 00,000,730 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/04 01:01:42 | 00,503,808 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/06/12 15:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:35 PM

Posted 17 January 2010 - 07:19 AM

I see from the log you are using a registry cleaner. It is even scheduled to run. Here at BC we do not recommend using registry cleaners as it might irreversibly damage your computer.
  • You have the latest version of Java (Java 6 Update 17) and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    Java 2 Runtime Environment, SE v1.4.2_01

  • I see on the log the Coupon Printer for Windows is installed on your computer:
    This program is known to be bundled with adware/spyware.

    For more information please see this:
    A Closer Look at Coupons.com

    To uninstall Coupon Printer for Windows:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    Coupon Printer for Windows

    Also delete the folders in bold (if present):

    C:\Program Files\Coupon
    C:\Program Files\Coupons

  • I see on the log Ask Toolbar is installed on your computer:

    This program is known to be bundled with adware/spyware. You may read more about Ask Toolbars here:
    http://www.benedelman.org/spyware/ask-toolbars/

    To uninstall Ask Toolbar:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    Ask Toolbar or Vuze toolbar

    Also remove the folder in bold (if present) only after uninstalling Ask Toolbar:
    C:\Program Files\AskBar
    c:\program files\askbardis

  • Optional:Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you uninstall the following program via Add or Remove Programs if your are using it:

    Viewpoint Manager.

    If you uninstalled it also remove the folder in bold: C:\Program Files\Viewpoint

  • You Adobe Acrobat is outdated. I strongly recommend you to update your Adobe Acrobat to the latest version to avoid being infected through its security holes.

  • Now Uninstall IE8. We will install it later on.

  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Use IE7 for a couple of hours and tell me if you notice any issue. We are going to install IE 8 next round.


#7 spclk187

spclk187
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 17 January 2010 - 12:29 PM

Thank you so much for your help. I did all that you said, except uninstall Ask Toolbar because I get the following error:

Error 1316. A network error occurred while attempting to read the file C:\\WINDOWS\Installer\AskToolbar.msi

IE7 still will not find the Internet, but Firefox still works just find. I also was not able to automatically update my Malwarebytes, I had to go to the website to do it, so seems like something is blocked my connection, frustrating. Maleware found nothing, below is the log file. THANK YOU!!!!

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/17/2010 12:27:46 PM
mbam-log-2010-01-17 (12-27-46).txt

Scan type: Quick Scan
Objects scanned: 135611
Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:35 PM

Posted 17 January 2010 - 01:04 PM

  • Download the trial version of Your Uninstaller! (Free Fix)
    • Install it and run it.
      Under Modules select Uninstaller.
      Highlight Ask Toolbar and press Uninstall.
      Ignore any error and proceed with it, as it will go through the usual method, but eventually it removes it.
      Let it remove all the files and folders and anything it founds.
  • Delete your copy of ComboFix and download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:


    @echo off
    cd\
    (ipconfig /all
    nslookup mbam-cdn.malwarebytes.org
    ping -n 2 mbam-cdn.malwarebytes.org
    nslookup google.com
    ping -n 2 google.com
    nslookup yahoo.com
    ping -n 2 yahoo.com
    route print) >Log1.txt
    start Log1.txt
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: desktop
    • Fill in File name: test.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate and double-click test.bat on the desktop.
    • A notepad opens, copy and paste the content it (log.txt) to your reply.


#9 spclk187

spclk187
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 17 January 2010 - 02:50 PM

ComboFix 10-01-16.04 - Frank 01/17/2010 14:37:07.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.181 [GMT -5:00]
Running from: c:\documents and settings\Frank\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-17 19:33 . 2010-01-17 19:33 -------- dc----w- c:\program files\Ask.com
2010-01-17 19:28 . 2010-01-17 19:28 -------- dc----w- c:\documents and settings\Frank\Application Data\URSoft
2010-01-17 19:28 . 2010-01-17 19:31 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-17 19:27 . 2010-01-17 19:28 -------- dc----w- c:\program files\Your Uninstaller 2010
2010-01-17 15:53 . 2010-01-17 15:53 27386256 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{EF6E7E2E-0EC2-156F-E8B2-7F9CC2729413}-AdbeRdr930_en_US.exe
2010-01-17 15:06 . 2010-01-17 15:06 -------- dc----w- c:\documents and settings\Frank\Local Settings\Application Data\VS Revo Group
2010-01-16 22:55 . 2010-01-16 22:55 -------- dc----w- c:\documents and settings\Vince\Local Settings\Application Data\Mozilla
2010-01-14 00:21 . 2010-01-14 00:21 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-01-11 21:20 . 2010-01-12 02:20 -------- dc----w- c:\documents and settings\Karen\Local Settings\Application Data\ctoblq
2010-01-10 14:30 . 2010-01-12 02:20 -------- dc----w- c:\documents and settings\Frank\Local Settings\Application Data\nvgbry
2010-01-01 12:58 . 2010-01-07 21:07 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 12:58 . 2010-01-17 17:21 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 12:58 . 2010-01-07 21:07 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 04:05 . 2009-12-31 04:05 -------- dcsh--w- c:\documents and settings\Administrator\IECompatCache
2009-12-31 03:42 . 2009-12-31 03:42 -------- dc----w- c:\windows\system32\wbem\Repository
2009-12-31 03:27 . 2009-12-31 03:27 31472 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 02:54 . 2009-12-31 02:54 -------- dcsh--w- c:\documents and settings\Administrator\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 15:55 . 2003-12-02 21:13 -------- dc----w- c:\program files\Common Files\Adobe
2010-01-17 14:53 . 2004-06-08 02:14 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-01-14 16:12 . 2009-11-27 14:21 181120 -c----w- c:\windows\system32\MpSigStub.exe
2010-01-03 18:01 . 2009-11-29 18:43 -------- dc----w- c:\program files\Common Files\Adobe AIR
2010-01-03 18:00 . 2009-11-29 18:44 38784 -c--a-w- c:\documents and settings\Frank\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-30 23:02 . 2009-12-05 17:02 -------- dc----w- c:\documents and settings\All Users\Application Data\RegCure
2009-12-18 23:52 . 2004-11-10 04:22 3688 -c--a-w- c:\windows\system32\d3d9caps.dat
2009-12-17 18:09 . 2009-12-17 18:08 -------- dc----w- c:\program files\Nitro PDF
2009-12-15 00:09 . 2003-12-02 20:17 -------- dc----w- c:\program files\Java
2009-12-15 00:08 . 2009-11-27 14:12 152576 -c--a-w- c:\documents and settings\Frank\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-15 00:08 . 2009-11-27 14:00 79488 -c--a-w- c:\documents and settings\Frank\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-14 13:59 . 2009-12-14 13:59 79488 -c--a-w- c:\documents and settings\Karen\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-13 16:03 . 2009-12-13 16:03 79488 -c--a-w- c:\documents and settings\Vince\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-12 21:56 . 2009-12-12 21:56 -------- dc----w- c:\documents and settings\Frank\Application Data\DivX
2009-12-07 00:17 . 2006-03-02 01:24 31472 -c--a-w- c:\documents and settings\Karen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-06 14:07 . 2006-09-03 12:29 31472 -c--a-w- c:\documents and settings\Vince\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-05 22:23 . 2009-12-05 18:08 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-05 18:47 . 2003-12-02 20:37 -------- dc----w- c:\program files\QuickTime
2009-12-05 18:46 . 2007-12-29 00:55 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-05 18:43 . 2009-12-05 18:43 -------- dc----w- c:\program files\Common Files\Apple
2009-12-05 18:30 . 2004-07-24 20:58 31472 -c--a-w- c:\documents and settings\Frank\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-05 17:58 . 2004-01-07 04:12 -------- dc----w- c:\program files\Microsoft Works
2009-12-05 17:55 . 2003-12-02 20:22 -------- dc----w- c:\program files\Sony
2009-12-05 17:55 . 2003-12-02 20:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-12-05 17:55 . 2003-12-02 01:46 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-12-05 17:54 . 2003-12-02 20:43 -------- dc----w- c:\program files\MoodLogic
2009-12-05 17:49 . 2003-12-02 20:44 -------- dc----w- c:\program files\Quicken
2009-12-05 17:39 . 2003-12-02 21:05 -------- dc----w- c:\program files\support.com
2009-12-05 17:38 . 2004-06-24 22:14 -------- dc----w- c:\program files\Comcast Web Controls
2009-12-05 05:06 . 2009-12-05 05:06 -------- dc----w- c:\documents and settings\Frank\Application Data\Uniblue
2009-11-29 18:44 . 2009-11-29 18:44 -------- dc----w- c:\documents and settings\Frank\Application Data\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
2009-11-29 14:10 . 2008-12-22 01:21 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-29 00:39 . 2009-11-29 00:39 693760 -c--a-w- c:\windows\is-Q4DLB.exe
2009-11-28 13:31 . 2008-12-22 01:21 -------- dc----w- c:\program files\NOS
2009-11-27 14:58 . 2009-11-27 14:58 -------- dc----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-27 14:13 . 2009-11-27 14:13 -------- dc----w- c:\program files\Microsoft Security Essentials
2009-11-27 14:05 . 2008-01-04 13:23 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-21 15:51 . 2003-12-02 00:28 471552 -c--a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 00:49 . 2003-12-02 20:38 43528 -c----w- c:\windows\system32\drivers\pxhelp20.sys
2009-11-06 14:20 . 2009-11-28 13:31 34112 -c--a-w- c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\nme8guaw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-11-06 14:20 . 2009-11-28 13:31 32448 -c--a-w- c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\nme8guaw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-11-06 14:20 . 2009-11-28 13:31 22352 -c--a-w- c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\nme8guaw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-10-21 05:38 . 2004-08-04 07:56 75776 -c--a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 -c--a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 -c----w- c:\windows\system32\drivers\http.sys
2006-01-28 04:38 . 2004-08-12 06:13 10022 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}]
2009-06-02 14:51 2695168 ----a-w- d:\program files\Antbar\Ant.com Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "d:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "d:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-16 335872]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-10 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remocon Driver.lnk]
backup=c:\windows\pss\Remocon Driver.lnkCommon Startup
backupExtension=Common Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 18:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-08-19 01:56 4841472 -c--a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- d:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"McProxy"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"VAIOMediaPlatform-VideoServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-VideoServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-VideoServer-AppServer"=3 (0x3)
"VAIOMediaPlatform-PhotoServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-PhotoServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-PhotoServer-AppServer"=3 (0x3)
"VAIOMediaPlatform-MusicServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-MusicServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-MusicServer-AppServer"=3 (0x3)
"SPTISRV"=3 (0x3)
"Sony TV Tuner Manager"=3 (0x3)
"Sony TV Tuner Controller"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"McNASvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Security Essentials\\MsMpEng.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"d:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"d:\\Program Files\\SopCast\\SopCast.exe"=

S0 tgsqcvh;tgsqcvh;c:\windows\system32\drivers\jfndrrh.sys --> c:\windows\system32\drivers\jfndrrh.sys [?]
S3 aaudstum;aaudstum;\??\c:\docume~1\Karen\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\Karen\LOCALS~1\Temp\aaudstum.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-01-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]

2010-01-16 c:\windows\Tasks\RegCure Program Check.job
- d:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-17 c:\windows\Tasks\RegCure Startup.job
- d:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-17 c:\windows\Tasks\RegCure.job
- d:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-17 c:\windows\Tasks\User_Feed_Synchronization-{25AF3A08-3319-47AE-9C2D-9D6A6C711958}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]

2010-01-17 c:\windows\Tasks\User_Feed_Synchronization-{A5E6A8F4-77E6-4434-9884-954026D20073}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\nme8guaw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\nme8guaw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 14:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Frank\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\mpDRM\LicenseStore*]
"CheckValue"=dword:ba3464ba
"DA39A3EE"="E5E6B4B0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(976)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-17 14:46:58
ComboFix-quarantined-files.txt 2010-01-17 19:46
ComboFix2.txt 2009-12-02 02:38

Pre-Run: 3,729,305,600 bytes free
Post-Run: 3,755,327,488 bytes free

- - End Of File - - 479B7B258BC1FA024675ECC137D15D22



Attached is the log file

Attached Files

  • Attached File  log.txt   3.98KB   11 downloads


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:35 PM

Posted 17 January 2010 - 05:11 PM

  • Please go to Add/Remove programs and uninstall this adware related toolbar: Ant.com Toolbar

  • Go to start > Run copy/paste the following lines one by one in the run box and click OK after each line.

    cmd /c Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f
    cmd /c proxycfg -d


  • Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :Processes
      :otl
      IE - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\S-1-5-21-349650993-1871975044-1433938290-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKU\S-1-5-21-349650993-1871975044-1433938290-1005\S-1-5-21-349650993-1871975044-1433938290-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.
  • Please go to start => run => copy and paste the following lines one by one in the run box and press Enter after each line:

    cmd /c Net stop wuauserv&Ren c:\windows\softwaredistribution softwaredistribution.old1&Net start wuauserv
    cmd /c dir /a/s "c:\softwaredistribution.old1" >log.txt&log.txt&del log.txt

    A text file opens, please copy and paste the content of it to your reply.

  • Open Internet Explorer and copy and paste the following Microsoft update link into Addressbar and press Enter:

    http://www.update.microsoft.com/microsoftu...t.aspx?ln=en-us

    Please tell me exactly what you see.


#11 spclk187

spclk187
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 17 January 2010 - 07:02 PM

Okay I opened IE and it worked now. Then I put the link you told me to in it and I get "HTTP 400 Bad Request" The webpage cannot be found. Below are the logs...


========== PROCESSES ==========
========== OTL ==========
HKU\S-1-5-21-349650993-1871975044-1433938290-1005\S-1-5-21-349650993-1871975044-1433938290-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-349650993-1871975044-1433938290-1005\S-1-5-21-349650993-1871975044-1433938290-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

OTL by OldTimer - Version 3.1.25.2 log created on 01172010_185705






Volume in drive C has no label.
Volume Serial Number is 44AB-E1D7

Directory of c:\WINDOWS

05/15/2007 03:53 PM <DIR> softwaredistribution.old1
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
1 Dir(s) 3,785,740,288 bytes free

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:35 PM

Posted 18 January 2010 - 01:45 AM

So IE 7 is working now. :(

Do yo want to upgrade to IE8? Please just tell me before doing it.

#13 spclk187

spclk187
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 18 January 2010 - 08:12 AM

Yes IE 7 is working now, yes please I would like to upgrade to IE 8 because it keeps asking me and its annoying, lol.

Do you know what the problem was, something we can make sure we don't do in the future?

THANK YOU!!!!

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:35 PM

Posted 18 January 2010 - 08:42 AM

Do you know what the problem was, something we can make sure we don't do in the future?

It was not something you had done. The malware had changed the IE settings and had set it to use a proxy. The malware itself was removed but the setting was still there.

You may now go to Windows update and install IE8. But when it is installed and it asks you to choose a serach machine select to keep Google. Say no to any other aditionall things (you can always select them to install later on).

Tell me when you have done it. We still need to uninstall ComboFix but we will do it at the end.

#15 spclk187

spclk187
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 19 January 2010 - 11:30 PM

Okay I have completed the IE8 install.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users