Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looks like "System Repair" but can't seem to shake it!


  • This topic is locked This topic is locked
53 replies to this topic

#1 Dicedawg

Dicedawg

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:09 PM

Posted 20 July 2011 - 01:22 AM

Hello Bleepies, Broni tells me its time we move this problem over here with the malware removal forum, we have worked on this a while and don't seem to have eliminated the problem from the "Am I infected" forum.

My system:
Windows XP self-built unit (2008) with 2 GB RAM, 3.2 GHZ AMD processor and 81 GBs free Disk Space.
My issue:
The current malware problem went directly to not initiating (Icons)at all with other apps and any of the four browsers I have, IE, Chrome, FireFox & Safari. The browsers initiate but then become non-responsive. (Pasted for convenience from "Am I Infected"). During one of my rampage researches, after closing many screens, I noticed a "Norton Free Scan" Dialog box that only had an OK button - no way out! I knew it was a fake and hit Ctrl-Alt-Del to try and rid it, having to finally do a manual Shut-Down. The next morning after start-up and opening Firefox, a page shot up announcing I "had not completed the scan and didn't I want to continue ..." (shooting from the hip here, most of this is gone from memory and no Screenshots as I thought I was knowledgeable enough to handle it!).
I immediately tried to run MBAM which went to hourglass but never initiated.
Spybot S&D initiated, but upon start of the SCAN, this nasty popup would appear, stopping the SB S&D scan with a "Windows Warning message" dialog box stating (Jpeg attached):

In Blue header: Windows - No Disk
Below Header, (Beside Red X): Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c
3 buttons: Cancel, Try Again, Continue

The first two did virtually nothing and If I pressed Continue it would allow SB to continue one or a few lines, before it popped up again. I got up to 90,000 out of 800,000 some odd files that S&D compares before I got tired of that game and gave up. The "Windows - No Disk" Dialog box would not go away even with CTRL-ALT-DEL so the PC would have to be Hard Stopped.

I tried several other tools and nothing...
I tried it in Safe mode with no luck and finally did a restore point from 7 days earlier.
Launched into safe mode and ran MBAM which turned up no malware or virus,
Ran BullGuard Anti-virus and got no virus or malware reported,
ran SB S&D and suddenly the pop-ups started again!
Ran CFIX.exe for 5 hours finally realizing it was hung.
I'm on day three (So add 3 more now with Broni) trying to resolve this and finally got GMER to run successfully, .

"Am I Infected" hyperlink to help from Broni:
http://www.bleepingcomputer.com/forums/topic409887.html

I am reusing a few of the tools that we ran with Broni to save time, unless of course you need it done again!
Tools we ran while working with Broni:

Bullguard Antivirus (My paid for worthless anti-virus) finally got it to work through some trickery, but it found nothing so I ran
TrendMicro's HouseCall - Free Online Virus Scan and again found nothing.

As soon as I started SecurityCheck, (From Broni Suggestion) the Windows No Disk Dialog Box popped up (see attached), but only once.
I ran through the Spy-ware Removal instructions for "System Repair" found maybe a little relief.
disabled MBAM and BullGuard
Ran:
Security Check
MiniToolBox
MBAM
GMER
TDSSKiller
aswMBR
ESETSmartInstaller (My Idea!)(it showed a variant of "Registry Booster" and deleted and quarantined 8 lines) but these were from a year ago (see main story with Broni).

So as far as the instructions for posting a new thread here, I will mention that DDS hung and did not complete (attached JPeg) it has been over 2 hours now and cannot get it to go away so I will have to Hard Shut Down to eliminate it from the screen!

So that is where Broni and I got and decided that we needed the "Big Guns" on it!
On with your requirements:
No DDS results
Copy of GMER run with Broni:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-18 06:10:25
Windows 5.1.2600 Service Pack 3
Running: ljkued7z.exe; Driver: H:\DOCUME~1\K\LOCALS~1\Temp\pwlorpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwAllocateUserPhysicalPages [0xB461EFAA]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwAllocateVirtualMemory [0xB4617E1E]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwAreMappedFilesTheSame [0xB461F0BD]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwCreateKey [0xB46185F4]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwCreateProcess [0xB46189C8]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwCreateSection [0xB4618B27]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwDeleteKey [0xB4619045]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwDeleteValueKey [0xB4619133]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwExtendSection [0xB4619548]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwMapUserPhysicalPages [0xB461F77D]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwMapViewOfSection [0xB461A023]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwOpenProcess [0xB461A6B3]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwOpenSection [0xB461A7BC]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwProtectVirtualMemory [0xB461AD04]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwQuerySection [0xB461BA1F]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwReadVirtualMemory [0xB461C488]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwRenameKey [0xB463B004]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwReplaceKey [0xB461C72A]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwSetInformationKey [0xB461D121]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwSetInformationProcess [0xB461D23D]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwSetValueKey [0xB461DA07]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwTerminateProcess [0xB461DE41]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwUnmapViewOfSection [0xB461E1AD]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwWriteVirtualMemory [0xB461E6B5]

---- Kernel code sections - GMER 1.0.15 ----

.text H:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6FB4380, 0x566465, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text H:\WINDOWS\system32\SearchIndexer.exe[136] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C H:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B6EE7182] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B6EE7182] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B6EE7182] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B6EE7182] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B6EE7182] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B6EE7182] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B6EE7182] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT H:\Program Files\Skype\Phone\Skype.exe[1672] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [08962F20] H:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Skype\Phone\Skype.exe[1672] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [08962C90] H:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Skype\Phone\Skype.exe[1672] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [08962CF0] H:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT H:\Program Files\Skype\Phone\Skype.exe[1672] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [08962CC0] H:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\explorer.exe[2392] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F20] H:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\explorer.exe[2392] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42C90] H:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\explorer.exe[2392] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42CF0] H:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT H:\WINDOWS\explorer.exe[2392] @ H:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CC0] H:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001bdc0ff803 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bdc0ff803 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc0ff803
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs H:\WINDOWS\system32\BgGamingMonitor.dll

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR3 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

DiceDawg

Pickleball Rocks!  :bananas: 


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:09 PM

Posted 02 August 2011 - 09:37 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Dicedawg

Dicedawg
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:09 PM

Posted 04 August 2011 - 12:28 AM

Hi Myrti and thanks for the contact. I still have issues and since this post had my anti-virus company BULLGUARD, intercede to try and resolve the issue. Of Course I had to uninstall all of my other anti-spyware to get their help, even after telling them that it was SpyBot S& D that got rid of one portion of Malware that was prohibiting other other cleaners to work.
Since they finished what they could do, - and never found or identified a bug, all of my browsers now take a minimum of 30 seconds to load plus time to fill in the graphics. Each Icon now must be clicked multiple times for any application. This happened to me last year about this time and I eventually had to install a new hard-drive to solve the problem.
My PC is a homebuilt (2008) 32bit PC Pentium D 3.2 Ghz CPU with 2 GB of RAM running Windows XP Pro V2002 with Service pack 3.
Yes, I can find my original XP CD somewhere around here!
Running the Oldtimer app now.

OTL.txt
OTL logfile created on: 8/3/2011 4:32:41 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = H:\Documents and Settings\K\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.44% Memory free
3.85 Gb Paging File | 2.79 Gb Available in Paging File | 72.57% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive H: | 141.60 Gb Total Space | 78.35 Gb Free Space | 55.33% Space Free | Partition Type: NTFS
Drive I: | 7.44 Gb Total Space | 7.40 Gb Free Space | 99.46% Space Free | Partition Type: NTFS

Computer Name: KAE-DESKTOP | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/08/03 16:27:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\K\Desktop\OTL.exe
PRC - [2011/06/30 10:30:36 | 001,620,824 | ---- | M] (BullGuard Ltd.) -- H:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
PRC - [2011/06/30 10:30:36 | 000,338,264 | ---- | M] (BullGuard Ltd.) -- H:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
PRC - [2011/06/29 07:08:32 | 000,288,088 | ---- | M] (BullGuard Ltd.) -- H:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
PRC - [2011/06/25 01:00:43 | 000,399,536 | ---- | M] (Mozilla Messaging) -- H:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2011/06/05 15:45:26 | 001,258,840 | ---- | M] (BullGuard Ltd.) -- H:\Program Files\BullGuard Ltd\BullGuard\BackupRun.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- H:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/18 05:34:06 | 000,320,344 | ---- | M] (BullGuard Ltd.) -- H:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
PRC - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- H:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- H:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- H:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- H:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- H:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
PRC - [2005/09/15 04:08:38 | 000,315,392 | ---- | M] (OEM) -- H:\Program Files\Companion Photo\AzAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/08/03 16:27:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\K\Desktop\OTL.exe
MOD - [2011/05/18 05:34:12 | 000,036,696 | ---- | M] (BullGuard Ltd.) -- H:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\LittleHook.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (CarboniteService)
SRV - [2011/06/30 10:30:36 | 000,338,264 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- H:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV - [2011/06/29 07:08:34 | 000,195,928 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- H:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2011/06/29 07:08:32 | 000,322,904 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- H:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2011/06/29 07:08:32 | 000,288,088 | ---- | M] (BullGuard Ltd.) [On_Demand | Running] -- H:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2011/05/18 05:34:14 | 000,125,784 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- H:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe -- (BgRaSvc)
SRV - [2011/05/18 05:34:06 | 000,320,344 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- H:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2011/05/18 05:34:04 | 000,500,056 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- H:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV - [2011/05/18 05:34:04 | 000,186,712 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- H:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2011/05/18 05:34:04 | 000,067,928 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- H:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser)
SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- H:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- H:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/06/15 06:32:36 | 000,789,448 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- H:\WINDOWS\system32\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV - [2011/06/15 06:32:36 | 000,019,272 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV - [2011/06/15 06:32:32 | 000,304,712 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2011/06/15 06:32:32 | 000,267,624 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2011/06/15 06:32:32 | 000,064,608 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- H:\WINDOWS\system32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2011/06/15 06:32:32 | 000,034,280 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2010/04/06 18:13:04 | 005,912,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/07 04:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2009/10/07 04:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/11/20 17:56:54 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- H:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2007/11/20 17:56:28 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- H:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2007/10/11 22:00:43 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/11 21:59:12 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-492894223-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1343024091-492894223-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-492894223-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: antiphishing@bullguard:1.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: h:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: H:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\ [2011/07/30 19:05:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2011/06/22 10:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins [2011/07/16 21:15:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: H:\Program Files\Mozilla Thunderbird\components [2011/07/27 05:30:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: H:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: H:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2011/07/30 19:05:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: H:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2011/07/30 19:05:12 | 000,000,000 | ---D | M]

[2010/03/22 13:52:35 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\K\Application Data\Mozilla\Extensions
[2011/08/02 14:04:48 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\kysghu86.default\extensions
[2010/04/28 03:04:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- H:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\kysghu86.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/02 14:04:48 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\extensions
[2011/06/20 22:17:41 | 000,000,000 | ---D | M] (Skype extension) -- H:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/21 17:57:56 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/29 18:31:36 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/12 12:35:10 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/26 22:39:38 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/08 02:26:52 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/30 19:05:49 | 000,000,000 | ---D | M] (BullGuard Safe Browsing) -- H:\PROGRAM FILES\BULLGUARD LTD\BULLGUARD\ANTIPHISHING\FF\ANTIPHISHING@BULLGUARD
[2010/06/21 17:57:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- H:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- H:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/24 15:12:35 | 000,435,357 | R--- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15010 more lines...
O2 - BHO: (BullGuard Safe Browsing) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - H:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O4 - HKLM..\Run: [AzAgent] H:\Program Files\Companion Photo\AzAgent.exe (OEM)
O4 - HKLM..\Run: [BullGuard] H:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] H:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] H:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKU\S-1-5-21-1343024091-492894223-839522115-1003..\Run: [Logitech Vid] H:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - Startup: H:\Documents and Settings\K\Start Menu\Programs\Startup\Dropbox.lnk = H:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-492894223-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1343024091-492894223-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1343024091-492894223-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1343024091-492894223-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - H:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - H:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O15 - HKU\S-1-5-21-1343024091-492894223-839522115-1003\..Trusted Domains: livemeeting.com ([]https in Internet)
O15 - HKU\S-1-5-21-1343024091-492894223-839522115-1003\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKU\S-1-5-21-1343024091-492894223-839522115-1003\..Trusted Domains: microsoftonline.com ([]https in Local intranet)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://74.203.128.226/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\bglink {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - H:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: H:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: H:\Documents and Settings\K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - H:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/25 02:21:39 | 000,000,000 | ---D | M] - H:\Autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: BsMain - H:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)
SafeBootMin: BsScanner - H:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Office Communicator 2007
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - H:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - h:\WINDOWS\system32\Rundll32.exe h:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - H:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - H:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - H:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - H:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - H:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - H:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - H:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - H:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - H:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - H:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - H:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - H:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - H:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - H:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 16:27:09 | 000,579,584 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\K\Desktop\OTL.exe
[2011/08/02 14:59:11 | 000,000,000 | ---D | C] -- H:\Program Files\TweetDeck
[2011/07/30 19:10:00 | 000,000,000 | ---D | C] -- H:\Documents and Settings\K\Application Data\BullGuard
[2011/07/30 19:05:58 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\BullGuard
[2011/07/30 19:04:32 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\BullGuard
[2011/07/30 19:02:54 | 000,000,000 | ---D | C] -- H:\Program Files\BullGuard Ltd
[2011/07/28 18:37:29 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2011/07/28 18:37:27 | 000,000,000 | ---D | C] -- H:\Program Files\Defraggler
[2011/07/28 16:09:32 | 000,050,688 | ---- | C] (Atribune.org) -- H:\Documents and Settings\K\Desktop\ATF-Cleaner.exe
[2011/07/28 00:30:51 | 000,000,000 | ---D | C] -- H:\Documents and Settings\K\Application Data\Virtual Mechanics
[2011/07/28 00:30:51 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2011/07/28 00:30:51 | 000,000,000 | ---D | C] -- H:\Documents and Settings\K\My Documents\My IMS Projects
[2011/07/27 05:31:12 | 000,000,000 | ---D | C] -- H:\Documents and Settings\K\Local Settings\Application Data\Thunderbird
[2011/07/27 05:31:12 | 000,000,000 | ---D | C] -- H:\Documents and Settings\K\Application Data\Thunderbird
[2011/07/27 05:30:47 | 000,000,000 | ---D | C] -- H:\Program Files\Mozilla Thunderbird
[2011/07/27 05:10:02 | 000,000,000 | ---D | C] -- H:\Documents and Settings\K\Application Data\Windows Search
[2011/07/26 23:37:02 | 000,000,000 | ---D | C] -- H:\Documents and Settings\K\Start Menu\Programs\HiJackThis
[2011/07/26 23:10:23 | 000,000,000 | ---D | C] -- H:\Documents and Settings\K\Application Data\QuickScan
[2011/07/26 20:23:53 | 000,000,000 | ---D | C] -- H:\Program Files\Panda Security
[2011/07/26 20:11:38 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Application Data\McAfee
[2011/07/25 14:34:08 | 000,000,000 | ---D | C] -- H:\Program Files\Virtual Mechanics
[2011/07/25 14:25:21 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2011/07/25 14:25:20 | 000,000,000 | ---D | C] -- H:\Documents and Settings\K\Start Menu\Programs\Notepad++
[2011/07/25 14:25:14 | 000,000,000 | ---D | C] -- H:\Program Files\Notepad++
[2011/07/25 14:25:14 | 000,000,000 | ---D | C] -- H:\Documents and Settings\K\Application Data\Notepad++
[2011/07/25 01:57:43 | 000,000,000 | ---D | C] -- H:\Autoruns
[2011/07/19 23:46:13 | 000,000,000 | R--D | C] -- H:\Documents and Settings\K\Start Menu\Programs\Administrative Tools
[2011/07/19 20:28:19 | 000,000,000 | ---D | C] -- H:\Documents and Settings\K\Local Settings\Application Data\Safe mirror
[2011/07/19 20:27:55 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 10
[2011/07/19 20:27:07 | 000,000,000 | ---D | C] -- H:\Program Files\Cobian Backup 10
[2011/07/16 21:15:56 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Adobe
[2011/07/16 21:13:40 | 000,000,000 | --SD | C] -- H:\CFix
[2011/07/16 20:39:26 | 000,000,000 | ---D | C] -- H:\CFix(2)
[2011/07/14 14:20:10 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Adobe(2)
[2011/07/14 14:17:45 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Google
[2011/07/13 00:25:08 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/07/12 22:18:02 | 000,000,000 | ---D | C] -- H:\WINDOWS\System32\Adobe
[2011/07/08 02:27:18 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Java
[2011/07/08 02:26:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\System32\javaws.exe
[2011/07/08 02:26:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\System32\javaw.exe
[2011/07/08 02:26:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\System32\java.exe
[8 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/03 16:27:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\K\Desktop\OTL.exe
[2011/08/03 16:04:00 | 000,000,876 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/03 14:54:26 | 000,013,730 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2011/08/03 14:51:34 | 000,000,236 | ---- | M] () -- H:\WINDOWS\tasks\OGALogon.job
[2011/08/03 14:51:33 | 000,000,872 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/03 14:51:29 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2011/08/03 14:51:00 | 000,000,000 | ---- | M] () -- H:\WINDOWS\System32\drivers\lvuvc.hs
[2011/08/03 14:50:58 | 000,000,000 | ---- | M] () -- H:\WINDOWS\System32\drivers\logiflt.iad
[2011/07/31 14:15:02 | 000,002,205 | ---- | M] () -- H:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/07/30 22:13:08 | 000,000,728 | ---- | M] () -- H:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad++.lnk
[2011/07/30 22:12:24 | 000,001,919 | ---- | M] () -- H:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\WebDwarf.lnk
[2011/07/30 22:11:45 | 000,002,402 | ---- | M] () -- H:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk
[2011/07/30 22:11:11 | 000,000,504 | ---- | M] () -- H:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ATF-Cleaner.exe.lnk
[2011/07/30 22:10:32 | 000,000,838 | ---- | M] () -- H:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\BullGuard.lnk
[2011/07/30 22:10:13 | 000,001,580 | ---- | M] () -- H:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\Defraggler.lnk
[2011/07/29 00:48:52 | 000,000,664 | ---- | M] () -- H:\WINDOWS\System32\d3d9caps.dat
[2011/07/28 00:18:19 | 000,189,841 | ---- | M] () -- H:\Documents and Settings\K\sysdump.html.gz
[2011/07/28 00:18:17 | 003,155,391 | ---- | M] () -- H:\Documents and Settings\K\sysdump.html
[2011/07/27 05:30:58 | 000,001,686 | ---- | M] () -- H:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/07/25 05:19:13 | 000,226,978 | ---- | M] () -- H:\Documents and Settings\K\Local Settings\Application Data\census.cache
[2011/07/25 05:19:12 | 000,205,484 | ---- | M] () -- H:\Documents and Settings\K\Local Settings\Application Data\ars.cache
[2011/07/24 15:12:35 | 000,435,357 | R--- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts
[2011/07/22 09:34:06 | 000,000,284 | ---- | M] () -- H:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/19 23:37:42 | 000,000,000 | ---- | M] () -- H:\Documents and Settings\K\defogger_reenable
[2011/07/18 15:32:40 | 000,316,360 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/17 23:46:17 | 000,000,036 | ---- | M] () -- H:\Documents and Settings\K\Local Settings\Application Data\housecall.guid.cache
[2011/07/17 18:14:01 | 001,008,041 | ---- | M] () -- H:\Documents and Settings\K\My Documents\rkill.com
[2011/07/17 13:59:07 | 000,114,688 | ---- | M] () -- H:\Fport.exe
[8 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/30 22:13:08 | 000,000,728 | ---- | C] () -- H:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad++.lnk
[2011/07/30 22:12:24 | 000,001,919 | ---- | C] () -- H:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\WebDwarf.lnk
[2011/07/30 22:11:45 | 000,002,402 | ---- | C] () -- H:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk
[2011/07/30 22:11:11 | 000,000,504 | ---- | C] () -- H:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ATF-Cleaner.exe.lnk
[2011/07/30 22:10:32 | 000,000,838 | ---- | C] () -- H:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\BullGuard.lnk
[2011/07/30 22:10:13 | 000,001,580 | ---- | C] () -- H:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\Defraggler.lnk
[2011/07/30 14:50:19 | 000,181,008 | ---- | C] () -- H:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/29 16:45:34 | 000,000,947 | ---- | C] () -- H:\Documents and Settings\K\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/07/29 16:43:35 | 000,001,787 | ---- | C] () -- H:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/07/29 16:43:35 | 000,000,978 | ---- | C] () -- H:\Documents and Settings\K\Start Menu\Programs\Startup\Dropbox.lnk
[2011/07/27 05:30:58 | 000,001,686 | ---- | C] () -- H:\Documents and Settings\K\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/07/27 05:30:58 | 000,001,674 | ---- | C] () -- H:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/07/27 05:06:05 | 000,189,841 | ---- | C] () -- H:\Documents and Settings\K\sysdump.html.gz
[2011/07/27 05:05:58 | 003,155,391 | ---- | C] () -- H:\Documents and Settings\K\sysdump.html
[2011/07/25 14:34:22 | 000,001,925 | ---- | C] () -- H:\Documents and Settings\All Users\Start Menu\Programs\WebDwarf.lnk
[2011/07/19 23:37:42 | 000,000,000 | ---- | C] () -- H:\Documents and Settings\K\defogger_reenable
[2011/07/17 23:54:02 | 000,226,978 | ---- | C] () -- H:\Documents and Settings\K\Local Settings\Application Data\census.cache
[2011/07/17 23:53:58 | 000,205,484 | ---- | C] () -- H:\Documents and Settings\K\Local Settings\Application Data\ars.cache
[2011/07/17 23:46:17 | 000,000,036 | ---- | C] () -- H:\Documents and Settings\K\Local Settings\Application Data\housecall.guid.cache
[2011/07/17 18:13:52 | 001,008,041 | ---- | C] () -- H:\Documents and Settings\K\My Documents\rkill.com
[2011/07/17 14:03:12 | 000,114,688 | ---- | C] () -- H:\Fport.exe
[2011/02/14 23:06:24 | 000,067,100 | -H-- | C] () -- H:\WINDOWS\System32\mlfcache.dat
[2010/09/26 22:52:12 | 000,238,616 | ---- | C] () -- H:\WINDOWS\System32\nvdrsdb0.bin
[2010/09/26 22:52:10 | 000,238,616 | ---- | C] () -- H:\WINDOWS\System32\nvdrsdb1.bin
[2010/09/26 22:52:10 | 000,000,001 | ---- | C] () -- H:\WINDOWS\System32\nvdrssel.bin
[2010/09/26 22:52:05 | 002,183,470 | ---- | C] () -- H:\WINDOWS\System32\nvdata.bin
[2010/07/29 10:36:41 | 000,000,664 | ---- | C] () -- H:\WINDOWS\System32\d3d9caps.dat
[2010/07/24 16:54:38 | 000,256,512 | ---- | C] () -- H:\WINDOWS\PEV.exe
[2010/07/24 16:54:38 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe
[2010/07/24 16:54:38 | 000,089,088 | ---- | C] () -- H:\WINDOWS\MBR.exe
[2010/07/24 16:54:38 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe
[2010/07/24 16:54:38 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe
[2010/05/03 12:14:42 | 000,000,760 | ---- | C] () -- H:\Documents and Settings\K\Application Data\setup_ldm.iss
[2010/05/03 12:10:10 | 000,082,289 | ---- | C] () -- H:\WINDOWS\System32\lvcoinst.ini
[2010/04/18 18:28:00 | 000,000,056 | -H-- | C] () -- H:\WINDOWS\System32\ezsidmv.dat
[2010/04/08 18:56:49 | 000,004,608 | ---- | C] () -- H:\Documents and Settings\K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/28 05:04:02 | 000,049,152 | ---- | C] () -- H:\WINDOWS\System32\ChCfg.exe
[2010/03/24 16:27:08 | 000,069,632 | ---- | C] () -- H:\WINDOWS\System32\vuins32.dll
[2010/03/24 15:27:22 | 000,000,664 | ---- | C] () -- H:\Documents and Settings\K\Local Settings\Application Data\FASTWiz.html
[2010/03/23 11:05:59 | 000,073,220 | ---- | C] () -- H:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/03/23 11:05:59 | 000,031,053 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern131.dat
[2010/03/23 11:05:59 | 000,027,417 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern121.dat
[2010/03/23 11:05:59 | 000,021,021 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern3.dat
[2010/03/23 11:05:59 | 000,015,670 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern5.dat
[2010/03/23 11:05:59 | 000,013,280 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern2.dat
[2010/03/23 11:05:59 | 000,010,673 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern4.dat
[2010/03/23 11:05:59 | 000,004,943 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern6.dat
[2010/03/23 11:05:59 | 000,001,140 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/03/23 11:05:59 | 000,001,140 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/03/23 11:05:59 | 000,001,137 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/03/23 11:05:59 | 000,001,130 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/03/23 11:05:59 | 000,001,130 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/03/23 11:05:59 | 000,001,104 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/03/23 11:05:59 | 000,000,097 | ---- | C] () -- H:\WINDOWS\System32\PICSDK.ini
[2010/03/23 11:05:58 | 000,029,114 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern1.dat
[2010/03/22 13:52:25 | 000,000,000 | ---- | C] () -- H:\WINDOWS\nsreg.dat
[2010/03/22 05:01:40 | 000,002,048 | --S- | C] () -- H:\WINDOWS\bootstat.dat
[2010/03/22 04:56:59 | 000,021,640 | ---- | C] () -- H:\WINDOWS\System32\emptyregdb.dat
[2010/03/21 22:28:02 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI
[2010/03/21 22:26:58 | 000,316,360 | ---- | C] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- H:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- H:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- H:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- H:\WINDOWS\System32\OGAEXEC.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- H:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- H:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- H:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- H:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- H:\WINDOWS\System32\gthrctr.ini
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- H:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- H:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,456,304 | ---- | C] () -- H:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- H:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- H:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,075,210 | ---- | C] () -- H:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- H:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- H:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- H:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- H:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- H:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- H:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/07/17 13:59:07 | 000,114,688 | ---- | M] () -- H:\Fport.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- H:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- H:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- H:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- H:\WINDOWS\system32\dllcache\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- H:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- H:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- H:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- H:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- H:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- H:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Updated check tech 12 03 08.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Team Week 5 OI461.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Team Paper_Kent_Wk3.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Team D Week 5 final presentation.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\TCO03_LCD_Monitor.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\TboNumber.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\TaxReturnext2007.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\System Equipment by System Function Query.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\SWOTT Analysis Paper and Table.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\RES 342 Team wk 2_K2.wps.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\RES 342 Team wk 2_K2.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\RES 342 Team wk 2[1].doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Real-Estate-2003.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\P4M900-M7 SE-Board.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\P4M900-M7 SE.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\OutExp.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Nero Internal RW Manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Nero Internal Combo Manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Nero DVD-Rom Manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Nero CD-RW Manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\mgt449_Kent_Wk1.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Marketing Plan_Kent_ Team D_Wk5.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Marketing Plan Phase III.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Learning Team Meeting 4 Assignments.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Kent_ACC300_Wk3.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Kent Estes-Resume July2008.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Kent Estes-Resume Jan 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\ITC_private_company_financial_reporting.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\International_Business_Entire_eBook.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\International_Business_Ch05.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\International_Business_Ch04.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\International_Business_Ch03.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\International_Business_Ch02.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\International_Business_Ch01.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Hazel Elizabeth McCall Estes story_v2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Grow Young and Slim1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Globalvillage1 (1).ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\FAFSA_2007-8.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\ENUP4M900-M7 SE-BIOS.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\e-GEForce_8500 GT_Video Card Manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Dice Tool.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Dept_Load.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Daniel Bode Resume 2008-08.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\CT Eq DB Update Process Bus Case.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\ch13.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\ch12.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\ch11.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\ch10.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\ch09.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\ch08.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\ch07.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\ch06.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\ch05.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\ch04.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\ch03.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\ch02.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\ch01.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\BUS415r5RMFw3.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\BUS415r5RMFw2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\BUS415r5RMFw1.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\BUS415 Week 2 slides print Apr08.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\bucs18.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Avery6572_KAE.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Avery6572_AJ.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Avery6572.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\Anthony Record.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\343.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\2006 Estes K Tax Return.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\K\My Documents\004.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Updated check tech 12 03 08.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Team Week 5 OI461.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Team Paper_Kent_Wk3.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Team D Week 5 final presentation.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\TCO03_LCD_Monitor.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\TboNumber.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\TaxReturnext2007.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\System Equipment by System Function Query.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\SWOTT Analysis Paper and Table.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\RES 342 Team wk 2_K2.wps.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\RES 342 Team wk 2_K2.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\RES 342 Team wk 2[1].doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Real-Estate-2003.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\P4M900-M7 SE-Board.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\P4M900-M7 SE.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\OutExp.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Nero Internal RW Manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Nero Internal Combo Manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Nero DVD-Rom Manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Nero CD-RW Manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\mgt449_Kent_Wk1.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Marketing Plan_Kent_ Team D_Wk5.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Marketing Plan Phase III.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Learning Team Meeting 4 Assignments.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Kent_ACC300_Wk3.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Kent Estes-Resume July2008.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Kent Estes-Resume Jan 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\ITC_private_company_financial_reporting.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\International_Business_Entire_eBook.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\International_Business_Ch05.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\International_Business_Ch04.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\International_Business_Ch03.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\International_Business_Ch02.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\International_Business_Ch01.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Hazel Elizabeth McCall Estes story_v2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Grow Young and Slim1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Globalvillage1 (1).ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\FAFSA_2007-8.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\ENUP4M900-M7 SE-BIOS.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\e-GEForce_8500 GT_Video Card Manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Dice Tool.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Dept_Load.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Daniel Bode Resume 2008-08.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\CT Eq DB Update Process Bus Case.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\ch13.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\ch12.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\ch11.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\ch10.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\ch09.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\ch08.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\ch07.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\ch06.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\ch05.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\ch04.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\ch03.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\ch02.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\ch01.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\BUS415r5RMFw3.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\BUS415r5RMFw2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\BUS415r5RMFw1.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\BUS415 Week 2 slides print Apr08.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\bucs18.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Avery6572_KAE.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Avery6572_AJ.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Avery6572.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\Anthony Record.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\343.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\2006 Estes K Tax Return.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\Documents and Settings\All Users\Documents\004.doc:Roxio EMC Stream

< End of report >



Extra.txt
OTL Extras logfile created on: 8/3/2011 4:32:41 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = H:\Documents and Settings\K\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.44% Memory free
3.85 Gb Paging File | 2.79 Gb Available in Paging File | 72.57% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive H: | 141.60 Gb Total Space | 78.35 Gb Free Space | 55.33% Space Free | Partition Type: NTFS
Drive I: | 7.44 Gb Total Space | 7.40 Gb Free Space | 99.46% Space Free | Partition Type: NTFS

Computer Name: KAE-DESKTOP | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- H:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1343024091-492894223-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- H:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "H:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"H:\Program Files\Microsoft Office Communicator\communicator.exe" = H:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\Program Files\Microsoft Office Communicator\communicator.exe" = H:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 -- (Microsoft Corporation)
"H:\Program Files\Skype\Plugin Manager\skypePM.exe" = H:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"H:\Program Files\Logitech\Logitech Vid\Vid.exe" = H:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)
"H:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe" = H:\Documents and Settings\K\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"H:\Documents and Settings\K\Local Settings\temp\LMIR0001.tmp\lmi_rescue.exe" = H:\Documents and Settings\K\Local Settings\temp\LMIR0001.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1E13948B-039B-4747-B7DB-833AE6FD23E5}_is1" = Avantage BPM Foundation
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.63
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.63
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2340C67-0F20-4B9C-A3A8-CD8821582E5D}" = WebDwarf V2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E2210114-4158-4D41-ACCC-24176191E760}" = Companion Photo
"{E58B9DE1-0DD3-4E26-BE6B-7C61FBFFC416}" = MOSDAL
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{EB3DF81F-5E70-4722-9D99-C1FC3EEF4DE1}" = Roxio Media Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F37DC802-9565-4B57-9F3C-2289910E34FD}_is1" = FlowBreeze Standard 2.4.0.25
"{F4B35ADF-B630-4DCC-BDD7-FFC04A5C7C51}" = BlackBerry Desktop Software 4.6
"7-Zip" = 7-Zip 9.15 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_{F4B35ADF-B630-4DCC-BDD7-FFC04A5C7C51}" = BlackBerry Desktop Software 4.6
"BullGuard" = BullGuard
"CCleaner" = CCleaner
"CobBackup10" = Cobian Backup 10
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"Digital Editions" = Adobe Digital Editions
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON Stylus NX400 Series" = EPSON Stylus NX400 Series Printer Uninstall
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 1.99.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Notepad++" = Notepad++
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"thinkorswim" = thinkorswim
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1343024091-492894223-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2011 10:26:40 PM | Computer Name = KAE-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module snapshot.dll, version 1.1.0.2, fault address 0x0001a2ea.

Error - 7/27/2011 2:54:59 PM | Computer Name = KAE-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <H:\DOCUMENTS AND SETTINGS\K\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES
LIBRARY.ITL> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/27/2011 11:34:11 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF
while recovering repository file.

Error - 7/27/2011 11:34:11 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOF
while recovering repository file.

Error - 7/27/2011 11:34:11 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS
COMMUNICATION FOUNDATION\SERVICEMODEL.MOF while recovering repository file.

Error - 7/27/2011 11:34:12 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\SYSTEM32\WBEM\WINDOWSSEARCHENGINE.MOF
while recovering repository file.

Error - 7/27/2011 11:54:56 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF
while recovering repository file.

Error - 7/27/2011 11:54:56 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOF
while recovering repository file.

Error - 7/27/2011 11:54:57 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS
COMMUNICATION FOUNDATION\SERVICEMODEL.MOF while recovering repository file.

Error - 7/27/2011 11:54:58 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\SYSTEM32\WBEM\WINDOWSSEARCHENGINE.MOF
while recovering repository file.

[ Application Events ]
Error - 7/26/2011 10:26:40 PM | Computer Name = KAE-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module snapshot.dll, version 1.1.0.2, fault address 0x0001a2ea.

Error - 7/27/2011 2:54:59 PM | Computer Name = KAE-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <H:\DOCUMENTS AND SETTINGS\K\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES
LIBRARY.ITL> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/27/2011 11:34:11 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF
while recovering repository file.

Error - 7/27/2011 11:34:11 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOF
while recovering repository file.

Error - 7/27/2011 11:34:11 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS
COMMUNICATION FOUNDATION\SERVICEMODEL.MOF while recovering repository file.

Error - 7/27/2011 11:34:12 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\SYSTEM32\WBEM\WINDOWSSEARCHENGINE.MOF
while recovering repository file.

Error - 7/27/2011 11:54:56 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF
while recovering repository file.

Error - 7/27/2011 11:54:56 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOF
while recovering repository file.

Error - 7/27/2011 11:54:57 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS
COMMUNICATION FOUNDATION\SERVICEMODEL.MOF while recovering repository file.

Error - 7/27/2011 11:54:58 PM | Computer Name = KAE-DESKTOP | Source = WinMgmt | ID = 4
Description = Failed to load MOF H:\WINDOWS\SYSTEM32\WBEM\WINDOWSSEARCHENGINE.MOF
while recovering repository file.

[ OSession Events ]
Error - 6/23/2010 6:33:43 PM | Computer Name = KAE-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2690
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 7/2/2010 11:48:44 PM | Computer Name = KAE-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 128541
seconds with 8580 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/30/2011 6:54:46 PM | Computer Name = KAE-DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 7/30/2011 7:11:20 PM | Computer Name = KAE-DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 7/30/2011 7:13:27 PM | Computer Name = KAE-DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BullGuard scanning service
service to connect.

Error - 7/30/2011 7:13:27 PM | Computer Name = KAE-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The BullGuard scanning service service failed to start due to the
following error: %%1053

Error - 7/31/2011 12:19:38 PM | Computer Name = KAE-DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 8/2/2011 1:29:37 AM | Computer Name = KAE-DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 8/2/2011 1:39:08 PM | Computer Name = KAE-DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 8/3/2011 2:53:02 PM | Computer Name = KAE-DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 8/3/2011 2:55:03 PM | Computer Name = KAE-DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BullGuard scanning service
service to connect.

Error - 8/3/2011 2:55:03 PM | Computer Name = KAE-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The BullGuard scanning service service failed to start due to the
following error: %%1053


< End of report >

DiceDawg

Pickleball Rocks!  :bananas: 


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:09 PM

Posted 05 August 2011 - 06:42 AM

Hi,

did TDSSKiller find anything? Do you believe that this is still malware acting up or do you think those are issues that are left from changes the infection did.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:09 PM

Posted 11 August 2011 - 08:49 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:09 PM

Posted 16 August 2011 - 07:17 PM

This topic has been re-opened at the request of the person who originally posted.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:09 PM

Posted 16 August 2011 - 07:19 PM

Hi

Please post the last TDSSKiller log, then let's get a fresh set of logs and see where we are, please describe in as much detail as possible how the computer is running and if there are any outstanding issues.

Please run the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Edited by CatByte, 16 August 2011 - 07:20 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 Dicedawg

Dicedawg
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:09 PM

Posted 17 August 2011 - 10:36 AM

Thanks Cat, Your assistance is much appreciated, I just downloaded and ran TDSSKiller, it found nothing (attached below).
As far as what are the issues I am experiencing? They are Lag, extended startup times and so forth:
The PC takes about 8-10 minutes to start up and be able to operate:
I measured the following to give you an Idea:
Application Launch time Other issues
FireFox 4:30 minutes
Google 30 seconds
IE 33 seconds
Safari 40 seconds
i-Tunes 45 seconds Songs intermittantly drag
Excel 20 seconds Processing/Save/etc hour glass can take 30 seconds - Never happened before this attack!
MS-Word 15 seconds Typing outpaces character appearance on document - I don't type fast either, at best 40wpm
I can provide more examples as needed, thought this would give you a good view of what is going on.

TDSSKiller Log Results
2011/08/17 11:02:47.0343 2904 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/17 11:02:49.0343 2904 ================================================================================
2011/08/17 11:02:49.0343 2904 SystemInfo:
2011/08/17 11:02:49.0343 2904
2011/08/17 11:02:49.0343 2904 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/17 11:02:49.0343 2904 Product type: Workstation
2011/08/17 11:02:49.0343 2904 ComputerName: KAE-DESKTOP
2011/08/17 11:02:49.0343 2904 UserName: K
2011/08/17 11:02:49.0343 2904 Windows directory: H:\WINDOWS
2011/08/17 11:02:49.0343 2904 System windows directory: H:\WINDOWS
2011/08/17 11:02:49.0343 2904 Processor architecture: Intel x86
2011/08/17 11:02:49.0343 2904 Number of processors: 2
2011/08/17 11:02:49.0343 2904 Page size: 0x1000
2011/08/17 11:02:49.0343 2904 Boot type: Normal boot
2011/08/17 11:02:49.0343 2904 ================================================================================
2011/08/17 11:02:51.0859 2904 Initialize success
2011/08/17 11:03:00.0406 0428 ================================================================================
2011/08/17 11:03:00.0406 0428 Scan started
2011/08/17 11:03:00.0406 0428 Mode: Manual;
2011/08/17 11:03:00.0406 0428 ================================================================================
2011/08/17 11:03:02.0031 0428 ACPI (8fd99680a539792a30e97944fdaecf17) H:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/17 11:03:02.0515 0428 ACPIEC (9859c0f6936e723e4892d7141b1327d5) H:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/17 11:03:03.0015 0428 aec (8bed39e3c35d6a489438b8141717a557) H:\WINDOWS\system32\drivers\aec.sys
2011/08/17 11:03:03.0531 0428 AFD (355556d9e580915118cd7ef736653a89) H:\WINDOWS\System32\drivers\afd.sys
2011/08/17 11:03:03.0875 0428 afw (14ba5ca5d11771ce8e8b6cc6830a2436) H:\WINDOWS\system32\DRIVERS\afw.sys
2011/08/17 11:03:04.0203 0428 afwcore (1f3d61965a9bd278a205d3062176e45c) H:\WINDOWS\system32\DRIVERS\afwcore.sys
2011/08/17 11:03:06.0125 0428 Ambfilt (267fc636801edc5ab28e14036349e3be) H:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/17 11:03:08.0156 0428 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) H:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/17 11:03:08.0609 0428 atapi (9f3a2f5aa6875c72bf062c712cfa2674) H:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/17 11:03:09.0093 0428 Atmarpc (9916c1225104ba14794209cfa8012159) H:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/17 11:03:09.0421 0428 audstub (d9f724aa26c010a217c97606b160ed68) H:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/17 11:03:09.0812 0428 BdSpy (42175a3b56922a8c9a294fa6f0b18344) H:\WINDOWS\system32\DRIVERS\BdSpy.sys
2011/08/17 11:03:10.0093 0428 Beep (da1f27d85e0d1525f6621372e7b685e9) H:\WINDOWS\system32\drivers\Beep.sys
2011/08/17 11:03:10.0687 0428 BthEnum (b279426e3c0c344893ed78a613a73bde) H:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/08/17 11:03:10.0953 0428 BthPan (80602b8746d3738f5886ce3d67ef06b6) H:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/08/17 11:03:11.0328 0428 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) H:\WINDOWS\system32\Drivers\BTHport.sys
2011/08/17 11:03:11.0843 0428 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) H:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/08/17 11:03:12.0406 0428 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) H:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/17 11:03:12.0765 0428 CCDECODE (0be5aef125be881c4f854c554f2b025c) H:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/17 11:03:13.0250 0428 Cdaudio (c1b486a7658353d33a10cc15211a873b) H:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/17 11:03:13.0968 0428 Cdfs (c885b02847f5d2fd45a24e219ed93b32) H:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/17 11:03:14.0250 0428 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) H:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/17 11:03:16.0187 0428 Disk (044452051f3e02e7963599fc8f4f3e25) H:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/17 11:03:16.0843 0428 dmboot (d992fe1274bde0f84ad826acae022a41) H:\WINDOWS\system32\drivers\dmboot.sys
2011/08/17 11:03:17.0437 0428 dmio (7c824cf7bbde77d95c08005717a95f6f) H:\WINDOWS\system32\drivers\dmio.sys
2011/08/17 11:03:17.0875 0428 dmload (e9317282a63ca4d188c0df5e09c6ac5f) H:\WINDOWS\system32\drivers\dmload.sys
2011/08/17 11:03:18.0156 0428 DMusic (8a208dfcf89792a484e76c40e5f50b45) H:\WINDOWS\system32\drivers\DMusic.sys
2011/08/17 11:03:18.0796 0428 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) H:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/17 11:03:19.0109 0428 Fastfat (38d332a6d56af32635675f132548343e) H:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/17 11:03:19.0468 0428 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) H:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/17 11:03:19.0859 0428 FET5X86V (52fa46ae36caafc6e1ff4fd617dfd25d) H:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/08/17 11:03:20.0156 0428 FETNDIS (e9648254056bce81a85380c0c3647dc4) H:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/08/17 11:03:20.0421 0428 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) H:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/08/17 11:03:20.0828 0428 Fips (d45926117eb9fa946a6af572fbe1caa3) H:\WINDOWS\system32\drivers\Fips.sys
2011/08/17 11:03:21.0078 0428 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) H:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/17 11:03:21.0406 0428 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) H:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/17 11:03:21.0843 0428 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/17 11:03:22.0109 0428 Ftdisk (6ac26732762483366c3969c9e4d2259d) H:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/17 11:03:22.0484 0428 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) H:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/17 11:03:22.0875 0428 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) H:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/17 11:03:23.0187 0428 HDAudBus (573c7d0a32852b48f3058cfd8026f511) H:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/17 11:03:23.0531 0428 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) H:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/17 11:03:24.0203 0428 HTTP (f80a415ef82cd06ffaf0d971528ead38) H:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/17 11:03:25.0140 0428 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) H:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/17 11:03:25.0453 0428 Imapi (083a052659f5310dd8b6a6cb05edcf8e) H:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/17 11:03:28.0265 0428 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) H:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/17 11:03:28.0968 0428 intelppm (8c953733d8f36eb2133f5bb58808b66b) H:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/17 11:03:29.0234 0428 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) H:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/17 11:03:29.0515 0428 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/17 11:03:29.0906 0428 IpInIp (b87ab476dcf76e72010632b5550955f5) H:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/17 11:03:30.0203 0428 IpNat (cc748ea12c6effde940ee98098bf96bb) H:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/17 11:03:30.0625 0428 IPSec (23c74d75e36e7158768dd63d92789a91) H:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/17 11:03:31.0359 0428 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) H:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/17 11:03:31.0937 0428 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) H:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/17 11:03:32.0281 0428 Kbdclass (463c1ec80cd17420a542b7f36a36f128) H:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/17 11:03:32.0562 0428 kbdhid (9ef487a186dea361aa06913a75b3fa99) H:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/17 11:03:33.0000 0428 kmixer (692bcf44383d056aed41b045a323d378) H:\WINDOWS\system32\drivers\kmixer.sys
2011/08/17 11:03:33.0328 0428 KSecDD (b467646c54cc746128904e1654c750c1) H:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/17 11:03:34.0703 0428 lvpopflt (e1158b0cb852db0573922c92e6e564de) H:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/08/17 11:03:35.0937 0428 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) H:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/08/17 11:03:36.0312 0428 LVRS (37072ec9299e825f4335cc554b6fac6a) H:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/08/17 11:03:36.0625 0428 LVUSBSta (be5e104be263921d6842c555db6a5c23) H:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/08/17 11:03:39.0484 0428 LVUVC (a240e42a7402e927a71b6e8aa4629b13) H:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/08/17 11:03:40.0109 0428 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) H:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/17 11:03:40.0390 0428 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) H:\WINDOWS\system32\drivers\Modem.sys
2011/08/17 11:03:41.0218 0428 Monfilt (c7d9f9717916b34c1b00dd4834af485c) H:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/17 11:03:42.0125 0428 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) H:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/17 11:03:42.0406 0428 mouhid (b1c303e17fb9d46e87a98e4ba6769685) H:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/17 11:03:42.0671 0428 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) H:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/17 11:03:43.0312 0428 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) H:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/17 11:03:43.0984 0428 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) H:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/17 11:03:44.0468 0428 Msfs (c941ea2454ba8350021d774daf0f1027) H:\WINDOWS\system32\drivers\Msfs.sys
2011/08/17 11:03:44.0750 0428 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) H:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/17 11:03:45.0109 0428 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) H:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/17 11:03:45.0359 0428 MSPQM (bad59648ba099da4a17680b39730cb3d) H:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/17 11:03:45.0640 0428 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) H:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/17 11:03:46.0015 0428 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) H:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/17 11:03:46.0296 0428 Mup (de6a75f5c270e756c5508d94b6cf68f5) H:\WINDOWS\system32\drivers\Mup.sys
2011/08/17 11:03:46.0640 0428 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/17 11:03:47.0140 0428 NDIS (1df7f42665c94b825322fae71721130d) H:\WINDOWS\system32\drivers\NDIS.sys
2011/08/17 11:03:47.0531 0428 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) H:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/17 11:03:47.0828 0428 NdisTapi (0109c4f3850dfbab279542515386ae22) H:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/17 11:03:48.0203 0428 Ndisuio (f927a4434c5028758a842943ef1a3849) H:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/17 11:03:48.0468 0428 NdisWan (edc1531a49c80614b2cfda43ca8659ab) H:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/17 11:03:48.0781 0428 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) H:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/17 11:03:49.0203 0428 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) H:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/17 11:03:49.0484 0428 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) H:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/17 11:03:50.0250 0428 NovaShieldFilterDriver (de84e8384d2125ff7f98e5cb7d1a0da0) H:\WINDOWS\system32\DRIVERS\NSKernel.sys
2011/08/17 11:03:50.0562 0428 NovaShieldTDIDriver (b42b5e7fd56da5a27ffa398f158b9784) H:\WINDOWS\system32\DRIVERS\NSNetmon.sys
2011/08/17 11:03:50.0828 0428 Npfs (3182d64ae053d6fb034f44b6def8034a) H:\WINDOWS\system32\drivers\Npfs.sys
2011/08/17 11:03:51.0375 0428 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) H:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/17 11:03:51.0875 0428 Null (73c1e1f395918bc2c6dd67af7591a3ad) H:\WINDOWS\system32\drivers\Null.sys
2011/08/17 11:03:55.0812 0428 nv (cd9ed87b4fc6ec41d3b5be0b923843fc) H:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/17 11:03:59.0953 0428 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/17 11:04:00.0328 0428 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/17 11:04:00.0671 0428 Parport (5575faf8f97ce5e713d108c2a58d7c7c) H:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/17 11:04:00.0984 0428 PartMgr (beb3ba25197665d82ec7065b724171c6) H:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/17 11:04:01.0343 0428 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) H:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/17 11:04:01.0609 0428 PCI (a219903ccf74233761d92bef471a07b1) H:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/17 11:04:02.0109 0428 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) H:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/17 11:04:02.0515 0428 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) H:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/17 11:04:04.0468 0428 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) H:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/17 11:04:04.0765 0428 PSched (09298ec810b07e5d582cb3a3f9255424) H:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/17 11:04:05.0078 0428 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/17 11:04:05.0468 0428 PxHelp20 (d86b4a68565e444d76457f14172c875a) H:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/17 11:04:06.0921 0428 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) H:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/17 11:04:07.0187 0428 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) H:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/17 11:04:07.0562 0428 RasPppoe (5bc962f2654137c9909c3d4603587dee) H:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/17 11:04:07.0843 0428 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) H:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/17 11:04:08.0171 0428 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) H:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/17 11:04:08.0671 0428 RDPCDD (4912d5b403614ce99c28420f75353332) H:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/17 11:04:08.0968 0428 rdpdr (15cabd0f7c00c47c70124907916af3f1) H:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/17 11:04:09.0515 0428 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) H:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/17 11:04:09.0859 0428 redbook (f828dd7e1419b6653894a8f97a0094c5) H:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/17 11:04:10.0218 0428 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) H:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/08/17 11:04:10.0812 0428 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) H:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/08/17 11:04:11.0093 0428 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) H:\WINDOWS\system32\Drivers\RootMdm.sys
2011/08/17 11:04:11.0578 0428 Secdrv (90a3935d05b494a5a39d37e71f09a677) H:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/17 11:04:11.0875 0428 serenum (0f29512ccd6bead730039fb4bd2c85ce) H:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/17 11:04:12.0140 0428 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) H:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/17 11:04:12.0546 0428 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) H:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/17 11:04:13.0046 0428 SLIP (866d538ebe33709a5c9f5c62b73b7d14) H:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/17 11:04:13.0703 0428 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) H:\WINDOWS\system32\drivers\splitter.sys
2011/08/17 11:04:14.0000 0428 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) H:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/17 11:04:14.0515 0428 Srv (47ddfc2f003f7f9f0592c6874962a2e7) H:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/17 11:04:14.0937 0428 streamip (77813007ba6265c4b6098187e6ed79d2) H:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/17 11:04:15.0203 0428 swenum (3941d127aef12e93addf6fe6ee027e0f) H:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/17 11:04:15.0562 0428 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) H:\WINDOWS\system32\drivers\swmidi.sys
2011/08/17 11:04:16.0828 0428 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) H:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/17 11:04:17.0265 0428 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) H:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/17 11:04:17.0781 0428 TDPIPE (6471a66807f5e104e4885f5b67349397) H:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/17 11:04:18.0062 0428 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) H:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/17 11:04:18.0437 0428 TermDD (88155247177638048422893737429d9e) H:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/17 11:04:20.0578 0428 Trufos (d391f1171a2e3a7080df6faae7a20c0b) H:\WINDOWS\system32\DRIVERS\Trufos.sys
2011/08/17 11:04:21.0000 0428 uagp35 (d85938f272d1bcf3db3a31fc0a048928) H:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/08/17 11:04:21.0296 0428 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) H:\WINDOWS\system32\drivers\Udfs.sys
2011/08/17 11:04:22.0046 0428 Update (402ddc88356b1bac0ee3dd1580c76a31) H:\WINDOWS\system32\DRIVERS\update.sys
2011/08/17 11:04:22.0609 0428 USBAAPL (83cafcb53201bbac04d822f32438e244) H:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/17 11:04:22.0906 0428 usbaudio (e919708db44ed8543a7c017953148330) H:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/17 11:04:23.0218 0428 usbccgp (173f317ce0db8e21322e71b7e60a27e8) H:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/17 11:04:23.0625 0428 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) H:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/17 11:04:23.0937 0428 usbhub (1ab3cdde553b6e064d2e754efe20285c) H:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/17 11:04:24.0250 0428 usbprint (a717c8721046828520c9edf31288fc00) H:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/17 11:04:24.0640 0428 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) H:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/17 11:04:24.0875 0428 usbstor (a32426d9b14a089eaa1d922e0c5801a9) H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/17 11:04:25.0125 0428 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) H:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/17 11:04:25.0546 0428 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) H:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/17 11:04:25.0843 0428 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) H:\WINDOWS\System32\drivers\vga.sys
2011/08/17 11:04:26.0109 0428 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) H:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/17 11:04:26.0359 0428 videX32 (cbad598bb71ccc9f725ea042d7be4e35) H:\WINDOWS\system32\DRIVERS\videX32.sys
2011/08/17 11:04:26.0734 0428 VolSnap (4c8fcb5cc53aab716d810740fe59d025) H:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/17 11:04:27.0281 0428 Wanarp (e20b95baedb550f32dd489265c1da1f6) H:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/17 11:04:27.0906 0428 wdmaud (6768acf64b18196494413695f0c3a00f) H:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/17 11:04:28.0421 0428 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) H:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/17 11:04:28.0812 0428 WSTCODEC (c98b39829c2bbd34e454150633c62c78) H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/17 11:04:29.0125 0428 WudfPf (f15feafffbb3644ccc80c5da584e6311) H:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/17 11:04:29.0437 0428 WudfRd (28b524262bce6de1f7ef9f510ba3985b) H:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/17 11:04:29.0875 0428 xfilt (8b9d689780063bb988c3e9e791925dcf) H:\WINDOWS\system32\DRIVERS\xfilt.sys
2011/08/17 11:04:30.0015 0428 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/17 11:04:30.0234 0428 Boot (0x1200) (643f0eca7146acdff9f386e6504a4ec4) \Device\Harddisk0\DR0\Partition0
2011/08/17 11:04:30.0296 0428 Boot (0x1200) (bb4160c2b1a144851e88c72b2ca64de9) \Device\Harddisk0\DR0\Partition1
2011/08/17 11:04:30.0296 0428 ================================================================================
2011/08/17 11:04:30.0296 0428 Scan finished
2011/08/17 11:04:30.0296 0428 ================================================================================
2011/08/17 11:04:30.0343 2544 Detected object count: 0
2011/08/17 11:04:30.0343 2544 Actual detected object count: 0
2011/08/17 11:04:58.0359 0120 Deinitialize success

DiceDawg

Pickleball Rocks!  :bananas: 


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:09 PM

Posted 17 August 2011 - 06:23 PM

Can you please post the logs from DDS and aswMBR

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Dicedawg

Dicedawg
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:09 PM

Posted 17 August 2011 - 06:49 PM

Cannot get DDR to run more than 3/4 of the way through. I opened the properties and unlocked it, ran it without my Anti-virus on and finally in Safe Mode.
None were successful in completing the scan.
I will run the aswMBR after dinner.

DiceDawg

Pickleball Rocks!  :bananas: 


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:09 PM

Posted 17 August 2011 - 07:12 PM

try this scan instead of DDS


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 Dicedawg

Dicedawg
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:09 PM

Posted 17 August 2011 - 08:05 PM

Here is the aswMBR Log I will work on the old-timers next.



aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-17 20:52:23
-----------------------------
20:52:23.218 OS Version: Windows 5.1.2600 Service Pack 3
20:52:23.218 Number of processors: 2 586 0x602
20:52:23.218 ComputerName: KAE-DESKTOP UserName: K
20:52:26.625 Initialize success
20:52:47.562 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:52:47.562 Disk 0 Vendor: WDC_WD1600AAJS-22L7A0 01.03E01 Size: 152627MB BusType: 3
20:52:47.562 Device \Driver\usbstor -> DriverStartIo USBSTOR.SYS b83c1f26
20:52:51.578 Disk 1 MBR read successfully
20:52:51.578 Disk 1 MBR scan
20:52:51.578 Disk 1 Windows XP default MBR code
20:52:51.578 Disk 1 MBR hidden
20:52:51.609 Disk 1 scanning H:\WINDOWS\system32\drivers
20:53:10.875 Service scanning
20:53:14.390 Modules scanning
20:53:31.296 Disk 1 trace - called modules:
20:53:31.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys hal.dll
20:53:31.312 1 nt!IofCallDriver -> \Device\Harddisk1\DR3[0x8a5d1290]
20:53:31.312 Scan finished successfully
20:53:41.906 Disk 1 MBR has been saved successfully to "H:\Documents and Settings\K\Desktop\MBR.dat"
20:53:41.921 The log file has been saved successfully to "H:\Documents and Settings\K\Desktop\aswMBR.txt"

DiceDawg

Pickleball Rocks!  :bananas: 


#13 Dicedawg

Dicedawg
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:09 PM

Posted 17 August 2011 - 09:29 PM

Arrrrrgh! I knew that bug was still in there screwing up things! While running the OTL, it scared up the fake Windows-No Disk Exception error and would not allow me to proceed with the OTL. I will try to upload the jpg.

DiceDawg

Pickleball Rocks!  :bananas: 


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:09 PM

Posted 18 August 2011 - 05:52 PM

Can You boot into safemode and try running it from safe mode

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Dicedawg

Dicedawg
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:09 PM

Posted 18 August 2011 - 10:14 PM

Hi again Cat,
Same Results in Safe Mode running OTL, Windows-No Disk Exception error (WDNE) popped up and no other applications would run, also the only way to get rid of the WDNE is to Reboot, I don't want to as it could drive the damage deeper, but there is no work around. Ctrl-Alt-Del does not stop or dispense with the issue.

DiceDawg

Pickleball Rocks!  :bananas: 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users