Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected, svchost memory hog, had trojan downloader


  • This topic is locked This topic is locked
11 replies to this topic

#1 schwantizzmo

schwantizzmo

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 03 September 2011 - 04:31 PM

cpu extremely slow, svchost process using lots of resources...

help please, thanks in advance!!

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Run by Analiasa at 15:51:13 on 2011-09-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.791 [GMT -5:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080103
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISW]
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFaUDItUko3UFItN0dOTVUtQUJMRTYtVFBRQ0ktNg"&"inst=NzctNzEzMTY5NTk1LVNUMTJGT0krMS1ERFQrMA"&"prod=94"&"ver=2012.0.1796"&"mid=d2fe45a2cbd547d18267d155657887f8-6725e402ff518188d4905aa92a2fd31f9c98962a
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\analiasa\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: microsoft.com\www.update
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233202972843
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258798493656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4133E216-E763-4042-AC91-803B4969FB87} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
IFEO: wupdmgr.exe - ntsd --
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\analiasa\application data\mozilla\firefox\profiles\1mj4zcyt.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\analiasa\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\analiasa\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\analiasa\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\view22\version 3.10.50\NPView22.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-10-14 132184]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-9-3 28552]
S1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-9-21 327256]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-7-22 525840]
S2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27016]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 493184]
S2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?]
S2 srvB34;srvB34;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S3 KWDQUZ;KWDQUZ;c:\docume~1\analiasa\locals~1\temp\kwdquz.exe --> c:\docume~1\analiasa\locals~1\temp\KWDQUZ.exe [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
S4 lanmanserver32;Server ;c:\windows\system32\slbiop32.exe --> c:\windows\system32\slbiop32.exe [?]
S4 RoxLiveShare932;LiveShare P2P Server 9 ;c:\windows\system32\sqlunirl32.exe --> c:\windows\system32\sqlunirl32.exe [?]
.
=============== Created Last 30 ================
.
2011-09-03 19:57:21 3038 ----a-w- C:\fix_svchost.bat
2011-09-03 16:34:23 -------- d-----w- c:\documents and settings\analiasa\application data\AVG2012
2011-09-03 16:22:19 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-09-03 16:16:57 -------- d-----w- c:\program files\AVG
2011-09-03 16:06:49 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-09-03 16:06:44 -------- d-----w- c:\program files\Panda Security
2011-09-03 15:28:14 -------- d-----w- c:\program files\CleanUp!
2011-09-03 15:05:36 -------- d-----w- C:\VundoFix Backups
2011-09-03 14:42:37 -------- d-----w- c:\documents and settings\analiasa\local settings\application data\NPE
2011-09-03 14:42:36 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-09-03 01:46:21 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-09-03 01:44:02 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-09-03 00:56:39 -------- d-----w- c:\program files\CCleaner
2011-09-03 00:51:35 -------- d-----w- C:\Downloads
2011-09-02 16:51:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-29 16:14:16 -------- d-----w- c:\program files\ZoneAlarm_Security_Suite
2011-08-29 14:29:19 -------- d-----w- c:\documents and settings\analiasa\application data\Sammsoft
2011-08-17 14:49:42 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-10 02:25:50 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 02:25:35 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-06 18:07:20 -------- d-----w- c:\windows\Internet Logs
2011-08-06 18:04:57 -------- d-----w- c:\documents and settings\analiasa\local settings\application data\Conduit
2011-08-06 18:02:37 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 15:52:25.67 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:33 PM

Posted 03 September 2011 - 05:53 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#3 schwantizzmo

schwantizzmo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 03 September 2011 - 07:14 PM

this forum is awesome!

TDSSKiller log below...

2011/09/03 19:07:20.0203 4032 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/03 19:07:22.0250 4032 ================================================================================
2011/09/03 19:07:22.0250 4032 SystemInfo:
2011/09/03 19:07:22.0250 4032
2011/09/03 19:07:22.0250 4032 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/03 19:07:22.0250 4032 Product type: Workstation
2011/09/03 19:07:22.0250 4032 ComputerName: LAPTOP234
2011/09/03 19:07:22.0250 4032 UserName: Analiasa
2011/09/03 19:07:22.0250 4032 Windows directory: C:\WINDOWS
2011/09/03 19:07:22.0250 4032 System windows directory: C:\WINDOWS
2011/09/03 19:07:22.0250 4032 Processor architecture: Intel x86
2011/09/03 19:07:22.0250 4032 Number of processors: 2
2011/09/03 19:07:22.0250 4032 Page size: 0x1000
2011/09/03 19:07:22.0250 4032 Boot type: Normal boot
2011/09/03 19:07:22.0250 4032 ================================================================================
2011/09/03 19:07:35.0421 4032 Initialize success
2011/09/03 19:07:39.0859 0568 ================================================================================
2011/09/03 19:07:39.0859 0568 Scan started
2011/09/03 19:07:39.0859 0568 Mode: Manual;
2011/09/03 19:07:39.0859 0568 ================================================================================
2011/09/03 19:07:40.0640 0568 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/03 19:07:40.0906 0568 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/03 19:07:40.0984 0568 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/03 19:07:41.0078 0568 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/03 19:07:42.0171 0568 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/03 19:07:42.0500 0568 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/03 19:07:43.0046 0568 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/09/03 19:07:43.0281 0568 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/03 19:07:43.0531 0568 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/03 19:07:43.0765 0568 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/03 19:07:43.0890 0568 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/03 19:07:43.0968 0568 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/03 19:07:44.0328 0568 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/03 19:07:44.0734 0568 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/03 19:07:45.0000 0568 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/03 19:07:45.0187 0568 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/03 19:07:45.0296 0568 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/09/03 19:07:45.0437 0568 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/03 19:07:45.0578 0568 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/03 19:07:45.0781 0568 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/03 19:07:45.0843 0568 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/03 19:07:46.0015 0568 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/03 19:07:46.0093 0568 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/03 19:07:46.0343 0568 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/03 19:07:46.0437 0568 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/03 19:07:46.0562 0568 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/09/03 19:07:46.0703 0568 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/09/03 19:07:46.0765 0568 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/03 19:07:46.0984 0568 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/03 19:07:47.0109 0568 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/03 19:07:47.0187 0568 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/03 19:07:47.0296 0568 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/03 19:07:47.0437 0568 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/03 19:07:47.0625 0568 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/03 19:07:47.0750 0568 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/03 19:07:47.0875 0568 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/03 19:07:47.0921 0568 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/03 19:07:48.0140 0568 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/03 19:07:48.0484 0568 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/03 19:07:48.0703 0568 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/03 19:07:48.0781 0568 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/03 19:07:48.0859 0568 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/03 19:07:48.0984 0568 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/09/03 19:07:49.0062 0568 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/09/03 19:07:49.0109 0568 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/09/03 19:07:49.0156 0568 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/09/03 19:07:49.0312 0568 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/09/03 19:07:49.0375 0568 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/09/03 19:07:49.0406 0568 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/09/03 19:07:49.0453 0568 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/09/03 19:07:49.0500 0568 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/09/03 19:07:49.0515 0568 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/09/03 19:07:49.0781 0568 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/03 19:07:50.0484 0568 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/03 19:07:50.0578 0568 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/03 19:07:50.0734 0568 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/03 19:07:50.0812 0568 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/03 19:07:51.0000 0568 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/03 19:07:51.0093 0568 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/09/03 19:07:51.0187 0568 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/09/03 19:07:51.0437 0568 DXEC02 (0c8762b91b967a91373e0e022b62acfc) C:\WINDOWS\system32\drivers\dxec02.sys
2011/09/03 19:07:51.0687 0568 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/03 19:07:52.0109 0568 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/03 19:07:52.0531 0568 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/03 19:07:52.0796 0568 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/03 19:07:53.0046 0568 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/03 19:07:53.0406 0568 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/03 19:07:53.0656 0568 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/03 19:07:53.0812 0568 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/03 19:07:53.0859 0568 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/09/03 19:07:53.0937 0568 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/03 19:07:54.0078 0568 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/03 19:07:54.0250 0568 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/03 19:07:54.0390 0568 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/03 19:07:54.0468 0568 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/03 19:07:54.0609 0568 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/03 19:07:54.0796 0568 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/03 19:07:55.0015 0568 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/09/03 19:07:55.0828 0568 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/09/03 19:07:57.0234 0568 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/03 19:07:57.0921 0568 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/03 19:07:58.0312 0568 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/03 19:07:58.0625 0568 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/03 19:07:59.0156 0568 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys
2011/09/03 19:07:59.0500 0568 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/03 19:07:59.0843 0568 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/03 19:08:00.0437 0568 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/03 19:08:00.0796 0568 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/03 19:08:01.0265 0568 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/03 19:08:01.0546 0568 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/03 19:08:01.0796 0568 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/03 19:08:02.0203 0568 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/03 19:08:02.0984 0568 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/03 19:08:03.0421 0568 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/03 19:08:03.0781 0568 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/03 19:08:04.0000 0568 ISWKL (c76357e42ff11a00b3fe0a7b341e3f5f) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/09/03 19:08:04.0484 0568 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/03 19:08:04.0937 0568 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/03 19:08:05.0468 0568 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
2011/09/03 19:08:05.0734 0568 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
2011/09/03 19:08:06.0234 0568 KLIF (f934de04ac53b08457b92db6e4dee2e5) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/09/03 19:08:07.0593 0568 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/03 19:08:08.0187 0568 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/03 19:08:08.0906 0568 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/03 19:08:09.0437 0568 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/03 19:08:09.0828 0568 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/03 19:08:10.0281 0568 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/03 19:08:10.0765 0568 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/03 19:08:11.0265 0568 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/03 19:08:11.0765 0568 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/03 19:08:12.0421 0568 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/03 19:08:13.0046 0568 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/03 19:08:14.0078 0568 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/03 19:08:14.0671 0568 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/03 19:08:14.0968 0568 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/03 19:08:15.0250 0568 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/03 19:08:15.0656 0568 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/03 19:08:16.0031 0568 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/03 19:08:16.0421 0568 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/03 19:08:16.0796 0568 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2011/09/03 19:08:17.0218 0568 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/03 19:08:17.0546 0568 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/03 19:08:17.0953 0568 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/03 19:08:18.0312 0568 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/03 19:08:18.0640 0568 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/03 19:08:18.0953 0568 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/03 19:08:19.0265 0568 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/03 19:08:19.0453 0568 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/03 19:08:19.0687 0568 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/03 19:08:20.0093 0568 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/03 19:08:20.0390 0568 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/03 19:08:21.0078 0568 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/03 19:08:21.0546 0568 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/03 19:08:24.0156 0568 nv (e531eaa795a273fc70c9de3f195069c8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/03 19:08:28.0515 0568 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/03 19:08:28.0890 0568 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/03 19:08:29.0343 0568 OEM02Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM02Afx.sys
2011/09/03 19:08:29.0875 0568 OEM02Dev (19cac780b858822055f46c58a111723c) C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys
2011/09/03 19:08:30.0375 0568 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys
2011/09/03 19:08:30.0687 0568 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/03 19:08:31.0093 0568 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/03 19:08:31.0406 0568 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/03 19:08:31.0718 0568 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/03 19:08:32.0000 0568 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2011/09/03 19:08:32.0375 0568 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/03 19:08:32.0796 0568 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/03 19:08:33.0078 0568 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/03 19:08:33.0703 0568 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/03 19:08:33.0812 0568 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/03 19:08:34.0046 0568 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/03 19:08:34.0203 0568 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/03 19:08:34.0328 0568 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/03 19:08:34.0484 0568 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/03 19:08:34.0765 0568 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/03 19:08:35.0328 0568 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/03 19:08:35.0875 0568 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/03 19:08:36.0390 0568 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/03 19:08:36.0671 0568 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/03 19:08:36.0750 0568 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/03 19:08:36.0828 0568 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/03 19:08:36.0843 0568 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/03 19:08:36.0906 0568 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/03 19:08:36.0937 0568 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/03 19:08:36.0953 0568 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/03 19:08:37.0015 0568 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/03 19:08:37.0140 0568 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/03 19:08:37.0265 0568 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/03 19:08:37.0359 0568 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/09/03 19:08:37.0390 0568 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/09/03 19:08:37.0468 0568 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/09/03 19:08:37.0562 0568 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/09/03 19:08:37.0625 0568 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/09/03 19:08:37.0656 0568 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/09/03 19:08:37.0812 0568 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/09/03 19:08:37.0828 0568 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/09/03 19:08:38.0218 0568 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/09/03 19:08:38.0562 0568 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/03 19:08:38.0734 0568 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/03 19:08:38.0796 0568 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/03 19:08:38.0875 0568 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/09/03 19:08:38.0937 0568 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/09/03 19:08:39.0000 0568 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/03 19:08:39.0078 0568 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/03 19:08:39.0125 0568 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/03 19:08:39.0171 0568 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/03 19:08:39.0234 0568 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/03 19:08:39.0265 0568 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/03 19:08:39.0328 0568 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/03 19:08:39.0484 0568 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/09/03 19:08:39.0609 0568 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/03 19:08:39.0656 0568 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/03 19:08:39.0703 0568 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/03 19:08:39.0750 0568 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/03 19:08:39.0796 0568 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/03 19:08:39.0875 0568 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/03 19:08:39.0890 0568 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/03 19:08:39.0984 0568 SynTP (936cd58395d36659bb798b961ef7357f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/09/03 19:08:40.0062 0568 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/03 19:08:40.0187 0568 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/03 19:08:40.0234 0568 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/03 19:08:40.0281 0568 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/03 19:08:40.0343 0568 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/03 19:08:40.0406 0568 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/03 19:08:40.0484 0568 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/09/03 19:08:40.0562 0568 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/03 19:08:40.0625 0568 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/03 19:08:40.0687 0568 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/03 19:08:40.0765 0568 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/03 19:08:40.0812 0568 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/03 19:08:40.0828 0568 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/03 19:08:40.0859 0568 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/03 19:08:40.0890 0568 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/03 19:08:40.0921 0568 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/03 19:08:40.0953 0568 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/03 19:08:40.0968 0568 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/03 19:08:41.0062 0568 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/03 19:08:41.0125 0568 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/03 19:08:41.0171 0568 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/03 19:08:41.0250 0568 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/03 19:08:41.0312 0568 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/03 19:08:41.0500 0568 Vsdatant (01fada5896b3d75decb2196435060251) C:\WINDOWS\system32\vsdatant.sys
2011/09/03 19:08:41.0750 0568 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/03 19:08:41.0843 0568 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/09/03 19:08:41.0906 0568 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/03 19:08:42.0015 0568 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/03 19:08:42.0281 0568 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/03 19:08:42.0375 0568 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/03 19:08:42.0453 0568 MBR (0x1B8) (7c813d1ed418f46302a154e14cf3bdc5) \Device\Harddisk0\DR0
2011/09/03 19:08:42.0468 0568 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
2011/09/03 19:08:42.0468 0568 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR5
2011/09/03 19:08:42.0500 0568 Boot (0x1200) (9601d9794a1126b0268d7c98960706ec) \Device\Harddisk0\DR0\Partition0
2011/09/03 19:08:42.0515 0568 Boot (0x1200) (f13ab5518303e53d2f137ebfd135c6b1) \Device\Harddisk1\DR5\Partition0
2011/09/03 19:08:42.0515 0568 ================================================================================
2011/09/03 19:08:42.0515 0568 Scan finished
2011/09/03 19:08:42.0515 0568 ================================================================================
2011/09/03 19:08:42.0546 0544 Detected object count: 1
2011/09/03 19:08:42.0546 0544 Actual detected object count: 1
2011/09/03 19:09:10.0734 0544 \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot
2011/09/03 19:09:10.0734 0544 \Device\Harddisk0\DR0 - ok
2011/09/03 19:09:10.0734 0544 Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/03 19:09:20.0000 3992 Deinitialize success

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:33 PM

Posted 04 September 2011 - 02:15 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

Will you also let me know how the PC is behaving.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#5 schwantizzmo

schwantizzmo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 04 September 2011 - 05:32 PM

ESET items below... thanks a million!

C:\Qoobox\Quarantine\C\Documents and Settings\Analiasa\Application Data\Mozilla\Firefox\Profiles\1mj4zcyt.default\extensions\{448de458-bd24-4318-9d4e-8bb853158fc4}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Analiasa\Application Data\Mozilla\Firefox\Profiles\1mj4zcyt.default\extensions\{448de458-bd24-4318-9d4e-8bb853158fc4}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Analiasa\Application Data\Mozilla\Firefox\Profiles\1mj4zcyt.default\extensions\{4c795270-71de-47ea-b1bc-23d72695a06a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Analiasa\Application Data\Mozilla\Firefox\Profiles\1mj4zcyt.default\extensions\{4c795270-71de-47ea-b1bc-23d72695a06a}\chrome\xulcache.jar.vir JS/Agent.NDB trojan

OTL.txt

OTL logfile created on: 9/4/2011 5:17:20 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Analiasa\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.97 Mb Total Physical Memory | 400.91 Mb Available Physical Memory | 39.23% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 81.05% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.96 Gb Total Space | 48.96 Gb Free Space | 72.03% Space Free | Partition Type: NTFS
Drive E: | 7.47 Gb Total Space | 4.78 Gb Free Space | 63.92% Space Free | Partition Type: FAT32

Computer Name: LAPTOP234 | User Name: Analiasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/04 14:24:58 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Analiasa\Desktop\OTL.scr
PRC - [2011/07/25 07:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/07/25 07:57:14 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/07/22 09:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/07/22 09:43:08 | 000,072,336 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/04/19 16:39:30 | 000,935,744 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 12:09:44 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdqcoms.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/11/02 15:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/07/25 03:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/19 16:40:06 | 000,088,896 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\crsrpt.dll
MOD - [2011/04/19 16:39:34 | 000,013,120 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2011/04/19 16:39:32 | 000,290,112 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk.dll
MOD - [2011/04/19 16:39:24 | 000,222,016 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\resources\mbzaenu.dll
MOD - [2008/02/27 00:05:40 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdqdrpp.dll
MOD - [2007/12/11 14:22:30 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2007/12/11 14:21:52 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/06/06 16:35:02 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/06/06 16:34:54 | 001,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/08/18 14:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (srvB34)
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare932)
SRV - File not found [Disabled | Stopped] -- -- (npkcmsvc)
SRV - File not found [Disabled | Stopped] -- -- (lanmanserver32)
SRV - File not found [On_Demand | Stopped] -- -- (KWDQUZ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/25 07:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/07/22 09:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2010/11/29 11:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2008/04/13 19:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 19:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2008/02/27 12:09:44 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdqcoms.exe -- (lxdq_device)
SRV - [2005/07/07 05:56:08 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/25 07:57:10 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/07/22 09:43:08 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2010/10/14 17:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/10/14 17:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/09/21 16:51:58 | 000,327,256 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/02/27 09:56:32 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2007/12/11 14:22:24 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/07/16 21:26:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/07/16 21:26:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/07/16 21:26:46 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/07/10 16:07:56 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/07/10 15:22:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/10 15:22:20 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 15:22:18 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/06/07 17:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/02 13:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080103
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080103

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 53 3F EF 0A 9A 8E 50 4A B4 5A 95 A2 CC B8 4D 0F [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://www.google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2011/09/04 14:44:13 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2011/09/04 14:44:13 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@View22/View22: C:\Program Files\View22\Version 3.10.50\NPView22.dll (View22 Technology)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Analiasa\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Analiasa\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Analiasa\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Analiasa\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/09/03 10:35:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/02 11:43:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/28 07:51:24 | 000,000,000 | ---D | M]

[2008/09/26 06:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Analiasa\Application Data\Mozilla\Extensions
[2011/09/01 12:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Analiasa\Application Data\Mozilla\Firefox\Profiles\1mj4zcyt.default\extensions
[2011/01/04 06:51:11 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Analiasa\Application Data\Mozilla\Firefox\Profiles\1mj4zcyt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/03/24 07:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Analiasa\Application Data\Mozilla\Firefox\Profiles\1mj4zcyt.default\extensions\nostmp
[2011/03/24 06:59:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/04 06:48:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/03 10:35:05 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2011/08/04 07:30:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/02 11:43:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/01/04 06:48:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/05/11 18:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\mozilla firefox\plugins\npImgCtl.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/02/04 18:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2010/05/25 11:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/17 11:43:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ISW] File not found
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O4 - Startup: C:\Documents and Settings\Analiasa\Start Menu\Programs\Startup\Desktop Manager.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233202972843 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258798493656 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4133E216-E763-4042-AC91-803B4969FB87}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O27 - HKLM IFEO\wupdmgr.exe: Debugger - ntsd -- (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/24 21:52:10 | 001,794,048 | ---- | M] (AutoLogic LLC) - E:\AutoDiag.exe -- [ FAT32 ]
O32 - AutoRun File - [2009/07/28 08:18:04 | 002,752,512 | ---- | M] () - E:\automgr.mdb -- [ FAT32 ]
O32 - AutoRun File - [2010/02/04 14:15:52 | 001,789,952 | ---- | M] (AutoLogic LLC) - E:\AutoDiag1.exe -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/04 16:54:59 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Analiasa\Desktop\OTL.scr
[2011/09/04 14:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/03 19:05:55 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Analiasa\Desktop\TDSSKiller.exe
[2011/09/03 15:51:13 | 000,000,000 | R--D | C] -- E:\My Videos
[2011/09/03 15:51:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/09/03 15:51:13 | 000,000,000 | R--D | C] -- E:\My Pictures
[2011/09/03 15:51:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/09/03 15:51:13 | 000,000,000 | R--D | C] -- E:\My Music
[2011/09/03 15:51:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/09/03 15:51:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Analiasa\Desktop\dds(1).scr
[2011/09/03 11:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Analiasa\Application Data\AVG2012
[2011/09/03 11:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/03 11:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/09/03 11:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/03 11:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/03 11:08:50 | 003,894,928 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Analiasa\Desktop\avg_free_stb_all_2012_1796_cnet.exe
[2011/09/03 11:06:49 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/09/03 11:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/09/03 10:46:05 | 000,000,000 | ---D | C] -- E:\ForceField Shared Files
[2011/09/03 10:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Analiasa\Start Menu\Programs\CleanUp!
[2011/09/03 10:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/09/03 10:08:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Analiasa\Desktop\HijackThis.exe
[2011/09/03 10:05:36 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/09/03 09:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Analiasa\Local Settings\Application Data\NPE
[2011/09/03 09:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/09/03 09:42:22 | 000,000,000 | ---D | C] -- E:\Downloads
[2011/09/03 08:04:07 | 004,846,880 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Analiasa\Desktop\procexp.exe
[2011/09/02 20:46:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/02 20:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/02 20:00:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Analiasa\Recent
[2011/09/02 19:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/02 19:51:35 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/09/02 19:32:25 | 000,000,000 | ---D | C] -- E:\virii
[2011/08/31 21:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/31 21:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/29 11:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security_Suite
[2011/08/29 11:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2011/08/29 09:55:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/29 09:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Analiasa\Application Data\Sammsoft
[2011/08/20 21:37:35 | 000,000,000 | ---D | C] -- E:\tmp
[2011/08/18 13:18:11 | 000,000,000 | ---D | C] -- E:\Horiba_Test
[2011/08/17 09:49:42 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/11 15:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ZoneAlarm_Security_Suite
[2011/08/09 12:55:31 | 000,000,000 | ---D | C] -- E:\Horiba
[2011/08/08 09:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/08/06 13:07:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/08/06 13:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Analiasa\Local Settings\Application Data\Conduit
[2011/08/06 13:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2009/11/26 10:00:03 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDQhcp.dll
[2009/11/26 10:00:03 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqinpa.dll
[2009/11/26 10:00:03 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqiesc.dll
[2009/11/26 10:00:02 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqserv.dll
[2009/11/26 10:00:02 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqusb1.dll
[2009/11/26 10:00:02 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqhbn3.dll
[2009/11/26 10:00:02 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqpmui.dll
[2009/11/26 10:00:02 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqlmpm.dll
[2009/11/26 10:00:02 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqih.exe
[2009/11/26 10:00:02 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqprox.dll
[2009/11/26 10:00:01 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqcomc.dll
[2009/11/26 10:00:01 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqcoms.exe
[2009/11/26 10:00:01 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqcomm.dll
[2009/11/26 10:00:01 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/09/04 16:32:05 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-727990675-2100283184-3691746030-1009UA.job
[2011/09/04 14:43:23 | 000,001,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virtual Earth.lnk
[2011/09/04 14:40:05 | 000,165,224 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/09/04 14:39:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/04 14:24:58 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Analiasa\Desktop\OTL.scr
[2011/09/03 15:29:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Analiasa\Desktop\dds(1).scr
[2011/09/03 15:03:55 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/03 15:03:55 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/03 14:55:32 | 000,003,038 | ---- | M] () -- C:\fix_svchost.bat
[2011/09/03 07:59:29 | 001,846,196 | ---- | M] () -- C:\Documents and Settings\Analiasa\Desktop\ProcessExplorer.zip
[2011/09/02 21:02:37 | 000,000,327 | ---- | M] () -- C:\boot.ini
[2011/09/02 20:44:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Analiasa\Desktop\HijackThis.exe
[2011/09/02 20:42:44 | 003,894,928 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Analiasa\Desktop\avg_free_stb_all_2012_1796_cnet.exe
[2011/09/01 12:12:41 | 000,415,912 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/09/01 11:38:34 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/08/31 15:16:00 | 004,846,880 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Analiasa\Desktop\procexp.exe
[2011/08/30 10:37:42 | 000,165,224 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/08/29 11:08:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/29 05:32:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-727990675-2100283184-3691746030-1009Core.job
[2011/08/25 15:57:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Analiasa\Desktop\TDSSKiller.exe
[2011/08/21 10:46:09 | 006,573,767 | ---- | M] () -- C:\WINDOWS\System32\MSK
[2011/08/21 10:41:04 | 000,334,720 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Analiasa\Desktop\RootkitRevealer.exe
[2011/08/21 10:13:23 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Analiasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/08/19 07:33:08 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Analiasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2011/08/17 11:57:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts
[2011/08/17 11:43:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/17 09:49:36 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/09 21:53:17 | 000,437,780 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/09 21:53:17 | 000,069,840 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/08 09:48:45 | 000,056,532 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

========== Files Created - No Company Name ==========

[2011/09/03 15:51:08 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Analiasa\Desktop\gmer.exe
[2011/09/03 14:57:21 | 000,003,038 | ---- | C] () -- C:\fix_svchost.bat
[2011/09/03 08:03:54 | 000,072,268 | ---- | C] () -- C:\Documents and Settings\Analiasa\Desktop\procexp.chm
[2011/09/03 07:59:28 | 001,846,196 | ---- | C] () -- C:\Documents and Settings\Analiasa\Desktop\ProcessExplorer.zip
[2011/08/29 11:16:28 | 000,415,912 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/08/21 10:43:54 | 006,573,767 | ---- | C] () -- C:\WINDOWS\System32\MSK
[2011/08/17 12:02:38 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\Analiasa\Start Menu\Programs\Startup\Desktop Manager.lnk
[2011/08/08 09:48:03 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Analiasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/08/08 09:48:03 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/08/08 09:48:03 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/05/13 07:52:50 | 000,017,946 | -HS- | C] () -- C:\Documents and Settings\Analiasa\Local Settings\Application Data\x3tbwckgdsrt4w7qy7wnmk2ridtksvb57h2
[2011/05/13 07:52:50 | 000,017,946 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x3tbwckgdsrt4w7qy7wnmk2ridtksvb57h2
[2010/09/10 08:54:16 | 000,056,532 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/26 10:00:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdqvs.dll
[2009/11/26 10:00:47 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdqcoin.dll
[2009/11/26 10:00:03 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDQinst.dll
[2009/11/26 10:00:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdqgrd.dll
[2009/07/24 15:08:02 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/05/10 11:07:43 | 000,019,554 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2008/05/16 16:47:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/04/12 12:34:38 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/03/03 09:37:19 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2008/03/03 09:37:18 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2008/03/03 09:28:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bobvila.INI
[2008/03/03 09:25:01 | 000,000,291 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2008/02/28 10:10:23 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Analiasa\Local Settings\Application Data\fusioncache.dat
[2008/02/27 09:54:19 | 000,000,208 | ---- | C] () -- C:\WINDOWS\HpBestModeUpdatePatchLog.ini
[2008/02/26 18:53:40 | 000,038,771 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2008/02/26 18:53:40 | 000,029,409 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2008/02/26 18:51:15 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2008/02/04 11:52:15 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/01/16 11:17:51 | 000,013,005 | ---- | C] () -- C:\Documents and Settings\Analiasa\Application Data\Comma Separated Values (Windows).CAL
[2008/01/08 11:16:56 | 000,001,860 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/08 08:56:31 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Analiasa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/08 08:07:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/01/08 07:51:48 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/01/03 00:36:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/03 00:10:49 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/01/03 00:10:49 | 000,000,169 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/03 00:02:01 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/01/03 00:01:59 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/01/03 00:01:58 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/01/03 00:01:25 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2008/01/02 23:40:12 | 000,165,224 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/01/02 23:23:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/01/02 23:23:13 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/01/02 23:22:59 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/01/02 23:22:58 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/02 23:22:58 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/02 23:22:58 | 001,018,804 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2008/01/02 23:22:58 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/02 23:22:57 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/02 23:22:57 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/01/02 23:22:55 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/01/02 23:22:54 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/01/02 23:21:30 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/07 05:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:35 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/10 13:51:35 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/10 13:51:35 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/10 13:51:35 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/10 13:51:35 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,437,780 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,069,840 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/09/03 14:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/08/06 13:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/09/02 20:46:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/08 18:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2009/11/26 11:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Z2400 Series
[2008/01/08 08:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/02/09 18:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/09/03 14:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/11 08:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/01/09 08:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/09/10 08:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/21 13:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/09/03 11:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\AVG2012
[2008/02/04 12:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\Blackberry Desktop
[2009/12/18 06:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\CheckPoint
[2008/02/07 07:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\CoffeeCup Software
[2010/10/20 09:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\Common Files
[2011/06/27 15:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\ElevatedDiagnostics
[2011/01/20 08:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\Emerson_ClosetMaid_VDST
[2011/04/15 09:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\gtk-2.0
[2009/11/26 11:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\Lexmark Productivity Studio
[2011/01/20 06:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\MailFrontier
[2008/04/04 19:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\Nexon
[2008/01/09 10:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\OfficeUpdate12
[2008/02/04 11:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\Research In Motion
[2011/08/29 09:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\Sammsoft
[2011/08/31 20:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\Spotify
[2009/05/04 18:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\tmp
[2008/12/06 20:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Analiasa\Application Data\Unity

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 9/4/2011 5:17:20 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Analiasa\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.97 Mb Total Physical Memory | 400.91 Mb Available Physical Memory | 39.23% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 81.05% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.96 Gb Total Space | 48.96 Gb Free Space | 72.03% Space Free | Partition Type: NTFS
Drive E: | 7.47 Gb Total Space | 4.78 Gb Free Space | 63.92% Space Free | Partition Type: FAT32

Computer Name: LAPTOP234 | User Name: Analiasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Disabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:UDP" = 5353:UDP:LocalSubNet:Disabled:mDNS-SD/Bonjour
"4481:TCP" = 4481:TCP:LocalSubNet:Disabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Disabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Disabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Disabled:BlackBerry Desktop Software Wireless Music Sync discovery
"67:UDP" = 67:UDP:*:Enabled:DHCP Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\WINDOWS\system32\sqlunirl32.exe" = C:\WINDOWS\system32\sqlunirl32.exe:*:Enabled:Windows Update Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Analiasa\Desktop\fseasyclean.exe" = C:\Documents and Settings\Analiasa\Desktop\fseasyclean.exe:*:Enabled:fseasyclean.exe
"C:\Program Files\Lexmark Z2400 Series\Wireless\lxdqwpss.exe" = C:\Program Files\Lexmark Z2400 Series\Wireless\lxdqwpss.exe:LocalSubNet:Disabled: -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark Z2400 Series\Diagnostics\LXDQdiag.exe" = C:\Program Files\Lexmark Z2400 Series\Diagnostics\LXDQdiag.exe:LocalSubNet:Disabled: -- ()
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Disabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Documents and Settings\Analiasa\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Analiasa\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Disabled:Google Talk Plugin -- (Google)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Disabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Disabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Disabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Disabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqjswx.exe:*:Disabled:Job Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqtime.exe:*:Disabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\lxdqcfg.exe" = C:\WINDOWS\system32\lxdqcfg.exe:LocalSubNet:Disabled:Printer Communication System -- ( )
"C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe" = C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe:LocalSubNet:Disabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqpswx.exe:LocalSubNet:Disabled:Printer Status Window Interface -- ()
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Disabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Disabled:WebKit -- (Apple Inc.)
"C:\WINDOWS\system32\lxdqcoms.exe" = C:\WINDOWS\system32\lxdqcoms.exe:LocalSubNet:Disabled:Z2400 Series Server -- ( )
"C:\Documents and Settings\Analiasa\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Analiasa\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{18E0918E-1060-48f3-925C-56C82E88551B}" = HP PSC & OfficeJet 3.5
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2CF91C86-5CF4-4456-8C21-A2AD2F980C16}" = 5500_Help
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{47C25360-AEBC-4B21-B233-87CE653B3369}" = AIOMinimal
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6864A62D-3EF3-415F-9922-240EED34B4C0}" = Fax
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}" = BlackBerry Device Software Updater
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A7-0409-0000-0000000FF1CE}" = Calendar Printing Assistant for Microsoft Office Outlook 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{99D48FBB-2DEF-49A9-BCC9-C5AF63DD2643}" = AiOSoftware
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEC20FEC-47D8-4DEA-85D7-0B7E5D905D11}" = AiO_Scan
"{AF1B2B2E-03E3-458A-9DEB-32F8C7637374}" = ZoneAlarm Security
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B66899F2-C58D-4CEC-9FA8-867883FFB707}" = CoffeeCup Free FTP
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7B07346-07BE-44D1-B2EB-4DDC2ECC4BD1}" = 5500Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C180FAEF-61D5-4A03-8328-A58D9CDD1C4C}" = ZoneAlarm Firewall
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
"{CBBAF948-F7B3-47CD-8413-CD1BDA4479EF}" = 5500Tour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E443F067-3345-482C-BD7A-12675A53D292}" = Readme
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0F08C03-39AB-479C-B3E4-0E46E58A7553}" = 5500
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Atari Arcade Hits 1" = Atari Arcade Hits 1
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ESET Online Scanner" = ESET Online Scanner v3
"FitDay_is1" = FitDay PC version 2.0
"Google Calendar Sync" = Google Calendar Sync
"Graphmatica" = Graphmatica
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lexmark Z2400 Series" = Lexmark Z2400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Punch! Professional Home Design" = Punch! Professional Home Design
"SearchAssist" = SearchAssist
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Spotify" = Spotify
"SynTPDeinstKey" = Dell Touchpad
"View22" = View22
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm Internet Security Suite" = ZoneAlarm Internet Security Suite
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClosetMaid v1.5.1" = ClosetMaid v1.5.1
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/2/2011 11:06:47 AM | Computer Name = LAPTOP234 | Source = Application Error | ID = 1000
Description = Faulting application uninst.exe, version 10.7.0.0, faulting module
uninst.exe, version 10.7.0.0, fault address 0x001bc3e3.

Error - 9/2/2011 11:11:10 AM | Computer Name = LAPTOP234 | Source = Application Error | ID = 1000
Description = Faulting application uninst.exe, version 10.7.0.0, faulting module
uninst.exe, version 10.7.0.0, fault address 0x001bc3e3.

Error - 9/2/2011 9:43:41 PM | Computer Name = LAPTOP234 | Source = MsiInstaller | ID = 1008
Description = The installation of E:\virii\HijackThis(1).msi is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 9/2/2011 9:43:50 PM | Computer Name = LAPTOP234 | Source = MsiInstaller | ID = 1008
Description = The installation of E:\virii\HijackThis(1).msi is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 9/3/2011 10:49:52 AM | Computer Name = LAPTOP234 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/3/2011 10:49:52 AM | Computer Name = LAPTOP234 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 9/3/2011 11:48:43 AM | Computer Name = LAPTOP234 | Source = MSSHA | ID = 1008
Description = The Windows Security Health Agent failed to complete an offline scan.
Failure
Code: 800706be.

Error - 9/3/2011 12:33:47 PM | Computer Name = LAPTOP234 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 9/3/2011 12:33:51 PM | Computer Name = LAPTOP234 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 9/3/2011 1:15:07 PM | Computer Name = LAPTOP234 | Source = MSSHA | ID = 1008
Description = The Windows Security Health Agent failed to complete an offline scan.
Failure
Code: 80248011.

[ OSession Events ]
Error - 1/9/2008 11:01:39 AM | Computer Name = PSYCHE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 195
seconds with 180 seconds of active time. This session ended with a crash.

Error - 1/9/2008 11:08:20 AM | Computer Name = PSYCHE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 378
seconds with 360 seconds of active time. This session ended with a crash.

Error - 1/16/2008 12:06:54 PM | Computer Name = PSYCHE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 31
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/16/2008 7:37:25 PM | Computer Name = PSYCHE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 49037
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 9/9/2008 10:19:46 AM | Computer Name = PSYCHE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 98223
seconds with 900 seconds of active time. This session ended with a crash.

Error - 10/22/2008 10:09:36 AM | Computer Name = PSYCHE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 98
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/12/2008 4:12:46 PM | Computer Name = PSYCHE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 28122
seconds with 600 seconds of active time. This session ended with a crash.

Error - 4/2/2010 3:19:21 PM | Computer Name = TRINITY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41914
seconds with 960 seconds of active time. This session ended with a crash.

Error - 7/15/2010 7:12:25 AM | Computer Name = TRINITY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 296
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/20/2011 6:18:05 AM | Computer Name = TRINITY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 409061
seconds with 3840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/4/2011 6:21:06 PM | Computer Name = LAPTOP234 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 9/4/2011 6:21:35 PM | Computer Name = LAPTOP234 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 9/4/2011 6:22:06 PM | Computer Name = LAPTOP234 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 9/4/2011 6:22:15 PM | Computer Name = LAPTOP234 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 9/4/2011 6:22:55 PM | Computer Name = LAPTOP234 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 9/4/2011 6:23:06 PM | Computer Name = LAPTOP234 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 9/4/2011 6:23:35 PM | Computer Name = LAPTOP234 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 9/4/2011 6:24:06 PM | Computer Name = LAPTOP234 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 9/4/2011 6:24:15 PM | Computer Name = LAPTOP234 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 9/4/2011 6:24:55 PM | Computer Name = LAPTOP234 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:33 PM

Posted 05 September 2011 - 01:33 PM

Will you also let me know how the PC is behaving.


So long, and thanks for all the fish.

 

 


#7 schwantizzmo

schwantizzmo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 06 September 2011 - 10:33 AM

the PC is acting much better than it was previously. on random occasions, I get the "USB device plugged in" sound and my webcam light blinks, i'm not sure if this is related or not.

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:33 PM

Posted 06 September 2011 - 02:32 PM

Good evening. :)

I assume that the webcam is a USB one and not built in - can you switch it to a different USB port and see if the same thing still happens.

So long, and thanks for all the fish.

 

 


#9 schwantizzmo

schwantizzmo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 06 September 2011 - 02:41 PM

it actually is internal (which seems really odd to me), it 'might' be unrelated to any of this.

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:33 PM

Posted 08 September 2011 - 02:46 PM

Good evening. :)

Appologies for the delay in replying - my Desktop OS decided to sick itself and i'm in the middle of a reinstall. I'm not going to have time this evening to look at your problem, but I will do so tomorrow and get back to you shortly thereafter.

So long, and thanks for all the fish.

 

 


#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:33 PM

Posted 14 September 2011 - 03:13 PM

Good evening. :)

Sorry for the delay in posting - I somehow managed to lose your thread in all the excitement. :blink:

The following steps will serve as a spring clean for your PC. Not all of them will be of benefit to your PC as this is a general post, but the overall effect should be positive.

1) Go to Start > Control Panel > Add/Remove Programs and remove any programs that you no longer use and then reboot your PC.

2) Download TFC by OldTimer from here and save it to your Desktop.

  • You will need to close all open programs and save any work as TFC will require a reboot.
  • Double-click TFC.exe to run it. (Note: If you are using Vista, right-click the file and select Run As Administrator from the menu that appears).
  • Click the Start button to begin. Depending on how often you clean temp files, execution time could be anywhere from a few seconds to a minute or two - just sit back and enjoy the view.
  • Once it has finished it should reboot your PC all by itself. If it does not, please manually reboot.
  • Once rebooted your PC will run like a Cray supercomputer, or at least have less junk on the hard drive - OT's not a miracle worker you know!
  • Please note that this tool will empty the Recycle Bin as part of it's actions. If you have anything in there that you haven't finished with, move it first.

3) Double click My Computer.
Right click the disc drive you wish to check.
Click Properties.
In the Properties dialog box, click the Tools Tab.
Under Error-checking, click the Check Now button.
In the "Check Disc Local Disk (C:)" dialog box, check both Automatically fix file system errors and Scan for and attempt recovery of bad sectors, and then click Start.

This will look for and attempt to repair any errors that your hard drive has.

4) Defragment your hard drive. A tutorial for disc defragmentation is available here.

I happen to prefer a third-party defrag tool to the one that Windows offers. You can read about it, and find a linky, here - it's free too!

Will you let me know how the PC behaves after the above.

So long, and thanks for all the fish.

 

 


#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:33 PM

Posted 19 September 2011 - 03:18 PM

Unfortunately as there has been no response for five days this thread has now been locked.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users