Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32.agent.chh infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 gogogators

gogogators

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 08 October 2011 - 08:08 AM

Spybot repeatedly detects and removes win32.agent.chh, but it comes back every day. Help permanently removing this would be very appreciated. Thanks.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Administrator at 10:35:42 on 2011-10-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.175 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\svchost -k DcomLaunch
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ColdFusion8\jnbridge\CF8DotNetsvc.exe
C:\ColdFusion8\jnbridge\JNBDotNetSide.exe
C:\ColdFusion8\db\slserver54\bin\swagent.exe
C:\ColdFusion8\db\slserver54\bin\swstrtr.exe
C:\ColdFusion8\db\slserver54\bin\swsoc.exe
C:\ColdFusion8\verity\k2\_nti40\bin\k2admin.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\ProcessExplorer\procexp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = *.dimdimsecure.com;*.local
uInternet Settings,ProxyServer = localhost:8080
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn

toolbar\platform\5.0.1449.0\npwinext.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [PMCRemote] c:\program files\pinnacle\shared files\programs\remote\Remoterm.exe
uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [EasyTether] "c:\program files\mobile stream\easytether\easytthr.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11

\config\ereg\Ereg.ini
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector"

updatewithcreateonce "software\cyberlink\powerdirector\9.0"
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: gogoinflight.com\airborne
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5FAA5DD4-E418-48F7-A9F0-56FCADE2D4BF} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{5FAA5DD4-E418-48F7-A9F0-56FCADE2D4BF} : DhcpNameServer = 192.168.2.1
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = SbHpNp scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: Camtasia - c:\windows\sprint\install\camtasia\config.exe /s
mASetup: QuickTime_7_5_5 - "c:\program files\active_setups\quicktime_7_5_5\Quicktime_Activesetup.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\4xpwxok1.default\
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\4xpwxok1.default\extensions\{3112ca9c-de6d-4884-a869-

9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\4xpwxok1.default\extensions\{a7c6cf7f-112c-4500-a7ea-

39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npoff.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npwbe.dll
FF - plugin: c:\program files\dimdim\plugin\application\npDimDimControl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsharedview.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-4-22 100095]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-3-29 13696]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-4-22 5808]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
R2 ColdFusion 8 .NET Service;ColdFusion 8 .NET Service;c:\coldfusion8\jnbridge\CF8DotNetsvc.exe [2008-12-20 77824]
R2 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;c:\coldfusion8\db\slserver54\bin\swagent.exe "coldfusion 8 odbc agent" --> c:\coldfusion8\db\slserver54

\bin\swagent.exe ColdFusion 8 ODBC Agent [?]
R2 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;c:\coldfusion8\db\slserver54\bin\swstrtr.exe "coldfusion 8 odbc server" --> c:\coldfusion8

\db\slserver54\bin\swstrtr.exe ColdFusion 8 ODBC Server [?]
R2 ColdFusion 8 Search Server;ColdFusion 8 Search Server;c:\coldfusion8\verity\k2\_nti40\bin\k2admin.exe [2008-12-20 2743056]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-4-22 221184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-31 366152]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-12-6 540448]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-3-13 65536]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-5-26 1799408]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-3-28 31896]
R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [2011-7-1 17296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-29 105592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-9-19 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-31 22216]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111006.003\naveng.sys [2011-10-6 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111006.003\navex15.sys [2011-10-6 1576312]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-7-1 30312]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-2-11 319488]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-2-11 51456]
S3 ColdFusion 8 Application Server;ColdFusion 8 Application Server;c:\coldfusion8\runtime\bin\jrunsvc.exe [2008-12-20 65536]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-5-14 20704]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2010-6-8 174720]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-5-26 115952]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-7-1 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-7-1 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-7-1 136680]
.
=============== Created Last 30 ================
.
2011-10-07 13:55:33 -------- d-----w- C:\ProcessExplorer
2011-10-06 13:51:26 996648 ----a-w- c:\windows\system32\ShellManager10E2D762.dll
2011-10-06 13:48:13 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-

12fcba4883d7}\HiJackThis.exe
2011-10-05 12:45:54 -------- dc-h--w- c:\windows\ie8
2011-10-04 17:01:23 -------- d-----w- c:\program files\Trend Micro
2011-09-30 13:00:55 -------- d-----w- c:\documents and settings\administrator\application data\ElevatedDiagnostics
2011-09-28 11:13:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-09-27 12:13:23 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-09-27 12:13:21 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-09-27 12:13:21 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-09-27 12:13:21 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-09-27 12:13:21 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-09-27 12:13:20 773080 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-09-27 12:13:20 1833944 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-09-24 11:50:14 -------- d-----w- c:\windows\system32\MpEngineStore
2011-09-24 11:35:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-22 12:54:27 -------- d-----w- c:\documents and settings\administrator\application data\Eqpome
2011-09-09 11:33:58 -------- d-----w- c:\program files\WebEx
2011-09-09 09:12:13 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-09-09 02:16:03 30720 ----a-w- c:\program files\mozilla firefox\plugins\webex\500\h264convert.dll
2011-09-09 02:16:03 306176 ----a-w- c:\program files\mozilla firefox\plugins\webex\500\welssccenc.dll
2011-09-09 02:16:03 283648 ----a-w- c:\program files\mozilla firefox\plugins\webex\500\welsenc.dll
2011-09-09 02:16:03 209920 ----a-w- c:\program files\mozilla firefox\plugins\webex\500\mpeg4convert.dll
2011-09-09 02:16:03 173568 ----a-w- c:\program files\mozilla firefox\plugins\webex\500\welsvp.dll
2011-09-09 02:16:02 841216 ----a-w- c:\program files\mozilla firefox\plugins\webex\500\atwbxui11.dll
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 12:12:44 0 ----a-w- c:\windows\Fgowuduti.bin
.
============= FINISH: 10:37:46.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:18 AM

Posted 12 October 2011 - 07:41 AM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Next, please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs and the RKU log. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#3 gogogators

gogogators
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 12 October 2011 - 10:25 AM

The contents of the requested files are below.

One comment: I installed RegRunner2008 after my initial post to try and monitor changes to my registry. I've noticed that right when Symantec does it's daily liveupdate, if there IS any update, immediately after the update DWHWizrd.exe runs and moments later the registry is updated with: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Vtoro | rundll32.exe "C:\WINDOWS\idfopms.dll",Startup.

I have modified RegRunner to immediately delete anything with Vtoro or idfopms.dll. Neither Vtoro or idfopms get any hits related to viruses on google, so I assume the names are generated randomly.

At times in the past, this same entry has appeared in other CurrentVersion\Run instances (HKEY_USERS, etc).

I don't know if the above us helpful, but I thought I'd mention it.

Thank you SO MUCH for your help. I know you are busy.


---------------Start of OTL.TXT-------------------------------------

OTL logfile created on: 10/12/2011 10:36:12 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.59% Memory free
3.84 Gb Paging File | 2.91 Gb Available in Paging File | 75.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 102.46 Gb Total Space | 14.67 Gb Free Space | 14.32% Space Free | Partition Type: NTFS
Drive E: | 9.33 Gb Total Space | 0.43 Gb Free Space | 4.63% Space Free | Partition Type: NTFS

Computer Name: HPLAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/12 09:41:06 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2011/09/29 17:57:02 | 016,084,992 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/15 15:54:44 | 000,316,736 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/01/11 15:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/03/13 05:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/03/13 05:48:48 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/03/05 10:12:20 | 000,255,272 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
PRC - [2008/12/20 21:16:07 | 000,114,688 | ---- | M] () -- C:\ColdFusion8\db\slserver54\bin\swstrtr.exe
PRC - [2008/12/20 21:16:06 | 001,073,152 | ---- | M] () -- C:\ColdFusion8\db\slserver54\bin\swsoc.exe
PRC - [2008/12/20 21:16:06 | 000,696,320 | ---- | M] () -- C:\ColdFusion8\db\slserver54\bin\swagent.exe
PRC - [2008/12/20 20:57:24 | 000,077,824 | ---- | M] () -- C:\ColdFusion8\jnbridge\CF8DotNetsvc.exe
PRC - [2008/12/20 20:57:24 | 000,003,072 | ---- | M] () -- C:\ColdFusion8\jnbridge\JNBDotNetSide.exe
PRC - [2008/09/04 18:14:24 | 000,226,576 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
PRC - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/12 05:19:55 | 002,743,056 | ---- | M] (Verity, Inc.) -- C:\ColdFusion8\verity\k2\_nti40\bin\k2admin.exe
PRC - [2007/11/01 18:13:26 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
PRC - [2007/05/08 12:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/05/08 12:38:44 | 000,331,552 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe
PRC - [2007/04/22 20:32:42 | 000,221,184 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2007/02/06 21:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007/01/24 15:28:58 | 000,124,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2007/01/09 19:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2006/05/26 21:01:58 | 000,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/05/26 21:01:48 | 001,799,408 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/05/26 21:01:36 | 000,030,448 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/03/07 14:03:02 | 000,169,632 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/03/07 14:02:34 | 000,192,160 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/03/07 14:02:14 | 000,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/02/06 13:50:24 | 001,160,848 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/24 07:46:25 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/09/24 07:34:13 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/09/24 07:34:07 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/09/24 07:33:56 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/09/24 07:32:50 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/09/24 07:32:43 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/09/24 07:31:51 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/05/10 12:12:22 | 007,446,528 | ---- | M] () -- C:\Program Files\SugarSync\QtGui4.dll
MOD - [2011/05/10 12:12:22 | 002,027,520 | ---- | M] () -- C:\Program Files\SugarSync\QtCore4.dll
MOD - [2011/05/10 12:12:22 | 000,671,744 | ---- | M] () -- C:\Program Files\SugarSync\QtNetwork4.dll
MOD - [2011/05/10 12:12:22 | 000,364,544 | ---- | M] () -- C:\Program Files\SugarSync\QtXml4.dll
MOD - [2011/03/02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/11 15:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
MOD - [2009/01/10 18:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2009/01/10 18:14:06 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2008/12/20 21:16:07 | 000,114,688 | ---- | M] () -- C:\ColdFusion8\db\slserver54\bin\swstrtr.exe
MOD - [2008/12/20 21:16:06 | 001,073,152 | ---- | M] () -- C:\ColdFusion8\db\slserver54\bin\swsoc.exe
MOD - [2008/12/20 21:16:06 | 000,696,320 | ---- | M] () -- C:\ColdFusion8\db\slserver54\bin\swagent.exe
MOD - [2008/12/20 20:57:24 | 000,077,824 | ---- | M] () -- C:\ColdFusion8\jnbridge\CF8DotNetsvc.exe
MOD - [2008/12/20 20:57:24 | 000,003,072 | ---- | M] () -- C:\ColdFusion8\jnbridge\JNBDotNetSide.exe
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/12 05:24:25 | 000,062,972 | ---- | M] () -- C:\ColdFusion8\verity\k2\_nti40\bin\vzlib.dll
MOD - [2008/03/12 05:21:26 | 000,038,128 | ---- | M] () -- C:\ColdFusion8\verity\k2\_nti40\bin\libvi18n.dll
MOD - [2008/03/12 05:21:12 | 002,264,196 | ---- | M] () -- C:\ColdFusion8\verity\k2\_nti40\bin\libvdk30.dll
MOD - [2008/03/12 05:21:02 | 000,093,692 | ---- | M] () -- C:\ColdFusion8\verity\k2\_nti40\bin\libvdiag.dll
MOD - [2008/03/12 05:20:33 | 001,014,460 | ---- | M] () -- C:\ColdFusion8\verity\k2\_nti40\bin\libodk.dll
MOD - [2007/11/01 18:13:08 | 000,012,288 | ---- | M] () -- C:\Program Files\CyberLink\PCM4Everio\Kernel\common\CLEverioDetector.dll
MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/15 15:54:44 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/01/11 15:10:52 | 000,082,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/03/13 05:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009/03/05 10:12:20 | 000,255,272 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2008/12/20 21:16:07 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\ColdFusion8\db\slserver54\bin\swstrtr.exe -- (ColdFusion 8 ODBC Server)
SRV - [2008/12/20 21:16:06 | 000,696,320 | ---- | M] () [Auto | Running] -- C:\ColdFusion8\db\slserver54\bin\swagent.exe -- (ColdFusion 8 ODBC Agent)
SRV - [2008/12/20 20:57:24 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\ColdFusion8\jnbridge\CF8DotNetsvc.exe -- (ColdFusion 8 .NET Service)
SRV - [2008/12/20 14:28:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/18 05:11:40 | 000,065,536 | ---- | M] (Macromedia Inc.) [On_Demand | Stopped] -- C:\ColdFusion8\runtime\bin\jrunsvc.exe -- (ColdFusion 8 Application Server)
SRV - [2008/03/12 05:19:55 | 002,743,056 | ---- | M] (Verity, Inc.) [Auto | Running] -- C:\ColdFusion8\verity\k2\_nti40\bin\k2admin.exe -- (ColdFusion 8 Search Server)
SRV - [2007/05/08 12:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/04/22 20:32:42 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/02/06 21:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/06/22 01:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2006/05/26 21:01:52 | 000,115,952 | ---- | M] (symantec) [On_Demand | Stopped] -- c:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/05/26 21:01:48 | 001,799,408 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/05/26 21:01:36 | 000,030,448 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/03/07 14:03:02 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/07 14:02:34 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/06 13:50:24 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/01/24 21:06:58 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/04 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111011.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111011.024\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/28 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/28 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/22 15:42:52 | 000,017,296 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\easytthr.sys -- (easytether)
DRV - [2011/01/12 21:15:08 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/12 21:15:08 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/01/12 21:15:08 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011/01/12 21:15:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/12/15 15:38:22 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/12/15 15:38:14 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/12/15 15:38:10 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctnullport.sys -- (Nmea)
DRV - [2010/12/15 15:35:56 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/06/08 16:36:10 | 000,203,008 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2010/06/08 16:36:10 | 000,157,440 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2010/06/08 16:35:48 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2010/06/08 16:35:48 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2010/06/08 16:35:48 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2010/05/14 18:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C510(UVC)
DRV - [2010/05/14 18:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 17:58:58 | 000,020,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/03/26 21:07:28 | 000,319,488 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drxvi314.sys -- (bcm)
DRV - [2010/03/26 21:04:24 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2010/01/11 15:11:46 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/03/28 19:08:26 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/10/23 01:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/10/15 12:58:34 | 000,024,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/08/21 10:11:36 | 000,537,856 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/08/21 10:11:36 | 000,320,128 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/07/15 21:10:18 | 000,068,730 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2008/06/18 11:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/22 20:25:30 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2007/04/22 20:24:58 | 000,100,095 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2007/04/10 19:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/29 20:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2007/02/27 06:21:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink ™
DRV - [2006/10/17 10:59:06 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/10/17 10:57:58 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2006/10/09 17:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2006/09/19 12:58:58 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/02/06 13:50:22 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/31 14:29:20 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/01/24 21:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/01/24 21:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/12/19 21:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- c:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 21:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- c:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2001/08/17 16:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3872458311-3945496405-2667623613-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-21-3872458311-3945496405-2667623613-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3872458311-3945496405-2667623613-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" =

IE - HKU\S-1-5-21-3872458311-3945496405-2667623613-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-21-3872458311-3945496405-2667623613-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3872458311-3945496405-2667623613-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" =

IE - HKU\S-1-5-21-3872458311-3945496405-2667623613-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3872458311-3945496405-2667623613-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3872458311-3945496405-2667623613-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.dimdimsecure.com;*.local
IE - HKU\S-1-5-21-3872458311-3945496405-2667623613-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:3.1.486
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@dimdim.com/DimdimPlugin: C:\Program Files\Dimdim\Plugin\Application\npDimDimControl.dll (Dimdim, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\WINDOWS\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@nbc.com/DirectPlayer: C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/12/17 22:35:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/17 22:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A81248D0-FD1A-42E5-B66C-BF3665FC338D}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{A81248D0-FD1A-42E5-B66C-BF3665FC338D}\ [2011/07/01 16:00:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5B84D8AF-8107-426D-A30D-2A24B23CA6D5}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{5B84D8AF-8107-426D-A30D-2A24B23CA6D5}\ [2011/07/03 08:48:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{532282D3-9569-4934-906C-96F095A68C09}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{532282D3-9569-4934-906C-96F095A68C09}\ [2011/07/12 05:58:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 08:27:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 08:13:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Administrator\Application Data\Move Networks [2009/06/22 12:53:58 | 000,000,000 | ---D | M]

[2008/12/20 14:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/10/01 08:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4xpwxok1.default\extensions
[2010/05/28 10:11:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4xpwxok1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/03 08:15:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4xpwxok1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/10/20 09:28:28 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4xpwxok1.default\extensions\activegs@freetoolsassociation.com
[2011/09/28 07:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/25 14:22:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/15 08:45:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4XPWXOK1.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2011/01/15 08:45:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/01 08:27:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/13 16:47:59 | 000,113,976 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2011/03/03 14:48:47 | 000,447,800 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2010/02/24 15:10:15 | 000,046,392 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2011/06/21 02:37:38 | 000,289,592 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/06/21 02:37:44 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/01/15 08:45:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/25 18:03:10 | 000,071,016 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsharedview.dll
[2011/09/22 21:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/04 15:37:16 | 000,437,643 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 plugin.dimdimsecure.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15054 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll File not found
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-3872458311-3945496405-2667623613-500\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vptray] c:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKU\S-1-5-21-3872458311-3945496405-2667623613-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3872458311-3945496405-2667623613-500..\Run: [DriverScanner] "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000 File not found
O4 - HKU\S-1-5-21-3872458311-3945496405-2667623613-500..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - HKU\S-1-5-21-3872458311-3945496405-2667623613-500..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-3872458311-3945496405-2667623613-500..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)
O4 - HKU\S-1-5-21-3872458311-3945496405-2667623613-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3872458311-3945496405-2667623613-500..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKU\S-1-5-21-3872458311-3945496405-2667623613-1006..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - HKU\S-1-5-21-3872458311-3945496405-2667623613-1007..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RegRunner2008.lnk = C:\installation\RegRunner2008.exe (Bernd Dietzel)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3872458311-3945496405-2667623613-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3872458311-3945496405-2667623613-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3872458311-3945496405-2667623613-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3872458311-3945496405-2667623613-500\..Trusted Domains: gogoinflight.com ([airborne] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FAA5DD4-E418-48F7-A9F0-56FCADE2D4BF}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (c:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\OneCard: DllName - (C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\HP Cityscape Wide.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape Wide.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 19:07:00 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 11:01:00 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{bbb04798-56ef-11df-8f81-001f298942fa}\Shell - "" = AutoRun
O33 - MountPoints2\{bbb04798-56ef-11df-8f81-001f298942fa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bbb04798-56ef-11df-8f81-001f298942fa}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/11 09:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\TT
[2011/10/10 16:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Okahka
[2011/10/10 08:35:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/10/10 08:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RegRunner2008
[2011/10/10 08:32:36 | 000,000,000 | ---D | C] -- C:\installation
[2011/10/09 08:28:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/07 10:48:03 | 000,000,000 | ---D | C] -- C:\gmer
[2011/10/07 10:35:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/07 09:55:33 | 000,000,000 | ---D | C] -- C:\ProcessExplorer
[2011/10/06 09:51:26 | 000,996,648 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\ShellManager10E2D762.dll
[2011/10/06 09:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/10/05 08:45:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/10/04 16:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Favorites BAK
[2011/10/04 14:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/04 13:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/30 09:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2011/09/24 07:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/09/24 07:35:54 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/22 08:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Eqpome
[2011/09/14 08:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\2011 Ski Trip
[2008/12/23 12:37:11 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/12 09:55:05 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/12 09:31:17 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2011/10/12 08:32:14 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/10/11 21:30:06 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/10/11 18:00:05 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\next.job
[2011/10/11 17:55:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/11 09:42:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/11 09:40:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/11 09:39:50 | 2138,361,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/10 08:32:37 | 000,000,555 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RegRunner2008.lnk
[2011/10/07 18:16:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/07 10:34:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/10/06 10:25:03 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/10/06 08:17:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/06 08:11:31 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/04 15:37:16 | 000,437,643 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/04 14:58:41 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/04 14:58:41 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011/10/03 12:54:54 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/10/03 08:17:36 | 000,437,643 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111004-153716.backup
[2011/09/28 07:13:32 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/28 07:13:32 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/27 08:19:27 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/24 07:39:55 | 001,626,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/24 07:32:10 | 000,479,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/24 07:32:10 | 000,083,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/24 07:25:30 | 000,000,376 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/12 16:25:49 | 000,002,373 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\EasyTether.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/10 08:32:37 | 000,000,555 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RegRunner2008.lnk
[2011/10/07 10:34:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/10/06 10:15:17 | 2138,361,856 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/06 09:51:26 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\NEROINSTAEC43759.DB
[2011/10/06 09:48:12 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/10/04 14:58:41 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/04 14:58:41 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011/09/28 07:01:24 | 000,000,330 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/09/28 07:00:25 | 000,000,322 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/09/27 08:13:40 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/24 07:25:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/08/31 08:42:03 | 000,001,264 | ---- | C] () -- C:\WINDOWS\ikMap.INI
[2011/08/29 10:16:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/13 21:32:24 | 000,000,084 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/07/03 08:50:39 | 000,000,204 | ---- | C] () -- C:\WINDOWS\unelimel.dll
[2011/07/01 16:00:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Cvaqerokowu.dat
[2011/07/01 16:00:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fgowuduti.bin
[2011/01/03 15:44:30 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2010/12/24 11:56:17 | 000,041,418 | ---- | C] () -- C:\WINDOWS\System32\uninstall.exe
[2010/12/17 22:30:40 | 000,198,070 | ---- | C] () -- C:\WINDOWS\hpwins05.dat
[2010/12/17 22:30:40 | 000,003,111 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat
[2010/07/11 10:02:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/14 17:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 17:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 17:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 17:47:00 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/07 19:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 19:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/03/23 11:52:18 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/03/23 11:51:00 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2010/03/23 11:51:00 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2010/03/23 11:51:00 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2010/03/23 11:51:00 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2010/03/23 11:51:00 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2010/02/11 21:02:00 | 002,031,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\macxvi200.bin
[2009/12/11 11:18:40 | 000,073,508 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/24 10:44:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2009/04/19 09:27:37 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/04/19 09:27:37 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/04/19 09:27:18 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/04/19 09:27:18 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/04/19 09:27:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat
[2009/04/19 09:26:12 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/04/19 09:26:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/04/19 09:26:11 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/04/19 09:24:54 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/02/22 13:57:52 | 004,421,889 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/02/18 09:57:22 | 000,557,451 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/02/16 13:19:42 | 000,790,190 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/16 12:32:20 | 000,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/02/16 12:30:30 | 000,903,703 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/02/16 12:23:50 | 000,145,081 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/02/16 10:49:30 | 000,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/02/14 11:15:42 | 000,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/02/09 18:28:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/02/09 16:19:18 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/02/09 16:19:12 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/02/09 16:18:52 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/02/09 16:18:32 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/02/09 16:18:24 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/02/09 16:18:20 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/02/09 15:56:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/18 20:07:01 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/01/16 22:45:59 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 18:16:04 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 18:15:36 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 18:15:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/23 12:37:11 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
[2008/12/23 12:37:11 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2008/12/23 12:37:11 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/12/20 23:18:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/20 14:53:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/20 13:08:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/12/19 19:05:46 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/19 19:05:46 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/19 19:05:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/19 19:05:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/19 19:05:46 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/19 19:05:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/12/06 20:26:02 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/12/06 20:25:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/15 12:58:34 | 000,024,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/07/09 04:05:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/16 07:48:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2007/05/16 07:14:58 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/04/22 20:24:58 | 000,100,095 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
[2007/01/19 10:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/25 03:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/25 03:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2004/08/07 09:19:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 09:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:14:52 | 000,479,380 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 09:14:52 | 000,083,264 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 09:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 09:07:40 | 001,626,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 09:02:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 08:59:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 04:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 04:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1998/05/06 22:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll

< End of report >


---------------End of OTL.TXT---------------------------------------


---------------Start of Extras.TXT-------------------------------------

OTL Extras logfile created on: 10/12/2011 10:36:12 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.59% Memory free
3.84 Gb Paging File | 2.91 Gb Available in Paging File | 75.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 102.46 Gb Total Space | 14.67 Gb Free Space | 14.32% Space Free | Partition Type: NTFS
Drive E: | 9.33 Gb Total Space | 0.43 Gb Free Space | 4.63% Space Free | Partition Type: NTFS

Computer Name: HPLAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_USERS\S-1-5-21-3872458311-3945496405-2667623613-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2930:TCP" = 2930:TCP:*:Enabled:ColdFusion
"51800:TCP" = 51800:TCP:*:Enabled:ColdFusion
"54925:UDP" = 54925:UDP:*:Enabled:Brother Network Scanner

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\Program Files\Brother\Brmfl07a\FAXRX.exe" = C:\Program Files\Brother\Brmfl07a\FAXRX.exe:*:Enabled:FAXRX.EXE -- (Brother Industries Ltd.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe" = C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe:*:Enabled:Nero MediaHome 4 -- (Nero AG)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\RealVNC\VNC4\vncviewer.exe" = C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32 -- (RealVNC Ltd.)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Dimdim\Plugin\Application\Dimdim.exe" = C:\Program Files\Dimdim\Plugin\Application\Dimdim.exe:*:Enabled:Dimdim -- ()
"C:\Documents and Settings\All Users\Application Data\Dimdim\Updater\next.exe" = C:\Documents and Settings\All Users\Application Data\Dimdim\Updater\next.exe:*:Enabled:next -- ()
"C:\Program Files\Dimdim\Plugin\Application\myScreen.exe" = C:\Program Files\Dimdim\Plugin\Application\myScreen.exe:*:Enabled:myScreen -- (Dimdim Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01D76D8E-A496-4870-8357-87C6D2B5E807}" = MySQL Server 5.1
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{09885750-A6D7-4536-B7CA-E61AD7DFE5AB}" = Adobe Setup
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6EE3B4-0BD9-4E83-A26C-CE648126C2C0}" = PowerMapper 5 Evaluation
"{0E6B3568-2337-4429-9E14-0D9D8157D45A}" = Network Recording Player
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1485CD45-F42D-46A6-9CFE-24537E481F53}" = L7000_Basic
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{190297F8-14EC-4ECA-BFAC-72843DBFB382}" = Microsoft SharedView
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1CF925D3-1E33-4447-889B-0751D2CF886D}" = Drive Encryption for HP ProtectTools
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{26D3E377-1DCA-4043-9410-B4A9BACF1033}" = Nero 7 Ultra Edition
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3BDFF39A-D8B8-41C1-B877-40D998B052B4}" = Parse-O-Matic
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer
"{429E92A4-159F-4AEC-85A1-D693E1E4274D}" = HP 3D DriveGuard
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4647BF57-21C4-4BC8-BA1B-E57A30EE1D31}" = Sprint SmartView
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{659DA17C-5C44-45EB-99D7-ABC1202138E3}" = PictureMedley
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69fc3b9a-4149-43db-a557-6ed0c8d8ba44}" = Nero MediaHome 4 Help
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}" = HP User Guide Bluetooth Addendum 0062
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C2BEF25F-B7A6-462A-983B-139F06FFEE92}" =
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{950A8D14-C48E-4508-B377-1EA45A18FA3D}" = Camtasia Studio 4
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9615E45B-7670-4D17-9ED5-28B9E936EEDD}" = 7500_7600_7700_Help1
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99ef387e-633e-4cfb-bfa3-ab961b685ddf}" = Nero MediaHome 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}" = Symantec AntiVirus
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FAE73B-4474-4A1D-A343-2FE248F05265}" = EasyTether
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A818DAE1-EBBE-4438-B557-8115955D88E4}" = HP OfficeJet L7300/L7500/7600/7700
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ADDD6985-3A28-44D0-A1BA-FDD19A820491}" = SnagIt 9
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B8421085-B02A-4A50-9FAE-D7DF1593E1AD}" = SamsungSimpleDL_lite
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.1.1
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE66348A-E83F-4982-941F-DFF2F742B851}" = Microsoft Office Live Meeting 2007
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C74D0FA0-1D49-464F-A707-B427EE3385C1}" = HP BIOS Configuration for ProtectTools
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9C641B6-DB5C-4C84-B6C9-9540388DA0DA}" = WebMeeting Plug-in
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E25AA53F-6878-4C64-8130-EB8D678DF303}" = HP User Guides 0064
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F347B7CC-F3F5-4464-8FB2-CC3CB42CC59E}" = Adobe Dreamweaver CS3
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F70C2B4F-B6BF-4BB0-B67A-7ECD589181C5}" = MySQL Tools for 5.0
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{fc33d6e4-faaf-4359-a590-1514919fa2be}" = Nero MediaHome 4 Essentials
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe ColdFusion 8 .NET Integration Services" = Adobe ColdFusion 8 .NET Integration Services
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_7d27d533949941418d33ba1f052e783" = Adobe Dreamweaver CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AndreaMosaic" = AndreaMosaic 3.32.3
"Any Video Converter_is1" = Any Video Converter 3.0.5
"AppInventor Setup" = AppInventor Setup
"AutoHotkey" = AutoHotkey 1.0.48.05
"AviSynth" = AviSynth 2.5
"Bodog Poker_is1" = Bodog Poker
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digital Binoculars_is1" = Uninstall Digital Binoculars Driver
"ExtractNow_is1" = ExtractNow
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Flash Movie Player" = Flash Movie Player 1.5
"FLV Player2.0.25" = FLV Player
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.1
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"Ice Age_is1" = Ice Age
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InFlac" = InFlac 1.1.1
"InfoRapid KnowledgeMap" = InfoRapid KnowledgeMap
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{B8421085-B02A-4A50-9FAE-D7DF1593E1AD}" = SamsungSimpleDL_lite
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Media Player - Codec Pack" = Media Player Codec Pack 3.4.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mosaic Creator_is1" = Mosaic Creator 3.1
"Mosaizer Pro_is1" = Mosaizer Pro v7.2
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"PDF Complete" = PDF Complete
"PokerShortcuts" = PokerShortcuts
"PokerStars" = PokerStars
"PROHYBRIDR" = 2007 Microsoft Office system
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealVNC_is1" = VNC Free Edition 4.1.3
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"RegRunner2008_is1" = RegRunner 3.0.2008.35
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TightVNC_is1" = TightVNC 1.3.10
"Uninstall Adobe ColdFusion 8" = Adobe ColdFusion 8
"Uninstall_is1" = Uninstall 1.0.0.1
"Video Cutter_is1" = Video Cutter 1.0
"VLC media player" = VLC media player 1.1.9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebMeeting Plug-in" = WebMeeting Plug-in
"WGA" = Windows Genuine Advantage Validation Tool
"Winamp" = Winamp
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3c
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3872458311-3945496405-2667623613-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CarbonPoker" = CarbonPoker
"f031ef6ac137efc5" = Dell Driver Download Manager
"GoToMeeting" = GoToMeeting 4.5.0.457
"Move Media Player" = Move Media Player
"Notepad App" = Notepad App
"SugarSync" = SugarSync Manager
"User Feel Recording Application" = User Feel Recording Application

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/5/2011 8:31:42 AM | Computer Name = HPLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/12/2011 8:36:39 AM | Computer Name = HPLAPTOP | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\Documents and Settings\Administrator\Local
Settings\Temp\VBRA42E.dll by: Manual Quarantine Scan scan. Action: Clean failed.
Action Description: The file was left unchanged.

Error - 10/12/2011 8:41:14 AM | Computer Name = HPLAPTOP | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\Documents and Settings\Administrator\Local
Settings\Temp\VBRA42E.dll by: Manual Quarantine Scan scan. Action: Clean was partially
successful.. Action Description: Clean was partially successful.

Error - 10/12/2011 8:41:14 AM | Computer Name = HPLAPTOP | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.Gen in File: c:\documents and settings\administrator\local
settings\Temp\VBRA42E.dll by: Manual Quarantine Scan scan. Action: Clean failed.
Action Description: The file was left unchanged. Risk: in File: Internet browser
temporary file cache by: Manual Quarantine Scan scan. Action: Clean failed : Leave
Alone failed. Action Description: The file was deleted successfully.

Error - 10/12/2011 8:41:29 AM | Computer Name = HPLAPTOP | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\Documents and Settings\Administrator\Local
Settings\Temp\VBR910B.dll by: Manual Quarantine Scan scan. Action: Clean failed.
Action Description: The file was left unchanged.

Error - 10/12/2011 8:41:31 AM | Computer Name = HPLAPTOP | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\Documents and Settings\Administrator\Local
Settings\Temp\VBR910B.dll by: Manual Quarantine Scan scan. Action: Clean was partially
successful.. Action Description: Clean was partially successful.

Error - 10/12/2011 8:41:31 AM | Computer Name = HPLAPTOP | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.Gen in File: c:\documents and settings\administrator\local
settings\Temp\VBR910B.dll by: Manual Quarantine Scan scan. Action: Clean failed.
Action Description: The file was left unchanged. Risk: in File: Internet browser
temporary file cache by: Manual Quarantine Scan scan. Action: Clean failed : Leave
Alone failed. Action Description: The file was deleted successfully.

Error - 10/12/2011 9:31:32 AM | Computer Name = HPLAPTOP | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Excel.

Error - 10/12/2011 9:44:57 AM | Computer Name = HPLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.29.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/12/2011 9:47:41 AM | Computer Name = HPLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

[ OSession Events ]
Error - 9/1/2010 9:34:17 AM | Computer Name = HPLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 162 seconds with 120 seconds of active time. This session ended with a crash.

Error - 9/1/2010 9:34:47 AM | Computer Name = HPLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 21 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/1/2010 9:35:12 AM | Computer Name = HPLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 19 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/1/2010 11:35:13 AM | Computer Name = HPLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 7192 seconds with 1380 seconds of active time. This session ended with a
crash.

Error - 9/1/2010 11:35:55 AM | Computer Name = HPLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 35 seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/31/2011 9:19:16 AM | Computer Name = HPLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 774783
seconds with 8820 seconds of active time. This session ended with a crash.

Error - 8/31/2011 9:21:01 AM | Computer Name = HPLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 66
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/11/2011 9:43:18 AM | Computer Name = HPLAPTOP | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 10/11/2011 9:43:19 AM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 10/11/2011 9:43:48 AM | Computer Name = HPLAPTOP | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 10/11/2011 9:44:17 AM | Computer Name = HPLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 10/11/2011 9:44:37 AM | Computer Name = HPLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 10/11/2011 9:45:02 AM | Computer Name = HPLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 10/11/2011 9:52:35 AM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7000
Description = The MBAMSwissArmy service failed to start due to the following error:
%%2

Error - 10/11/2011 5:55:00 PM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 10/11/2011 5:55:30 PM | Computer Name = HPLAPTOP | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 10/12/2011 9:45:29 AM | Computer Name = HPLAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >


---------------End of Extras.TXT---------------------------------------



---------------Start of Report.TXT---------------------------------------

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF1062000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5709824 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1D8000 C:\WINDOWS\System32\igxpdx32.DLL 2605056 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1613824 bytes (Intel Corporation, Component GHAL Driver)
0xA253B000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111011.024\navex15.sys 1572864 bytes (Symantec Corporation, AV Engine)
0xF0EAE000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1392640 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xA6BEB000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1204224 bytes (Agere Systems, SoftModem Device Driver)
0xA53A3000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 815104 bytes
0xF7205000 iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xF712F000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF0DF4000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xA54E6000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA5581000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 401408 bytes (Symantec Corporation, SPBBC Driver)
0xA5488000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF00F8000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA568E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA6B43000 c:\Program Files\Symantec AntiVirus\savrt.sys 360448 bytes (Symantec Corporation, AutoProtect)
0xA4437000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA6D4D000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 299008 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xBF454000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA313F000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF00BB000 C:\WINDOWS\system32\DRIVERS\NWADIenum.sys 249856 bytes (Novatel Wireless Inc, NWADI Interface Bus Enumerator)
0xA5653000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 241664 bytes (Symantec Corporation, Network Dispatch Driver)
0xF0DBD000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 225280 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xA3FD1000 C:\WINDOWS\system32\drivers\RMCast.sys 204800 bytes (Microsoft Corporation, Reliable Multicast Transport)
0xF0156000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7358000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA52AE000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7102000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA26E6000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 176128 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xA233C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA5556000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xF1002000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA5605000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF72E4000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA562D000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA6D29000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF102A000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF024E000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA55E3000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA6B21000 C:\Program Files\Symantec\SYMEVENT.SYS 139264 bytes (Symantec Corporation, Symantec Event Library)
0xA6528000 C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys 135168 bytes (AuthenTec, Inc., (TEST) Slide Fingerprint USB Driver)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF71E5000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF730A000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA546A000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xF7329000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF70D0000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA23CE000 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ugryipow.sys 102400 bytes
0xA6D11000 C:\WINDOWS\system32\drivers\AEAudio.sys 98304 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
0xF72CC000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF70EA000 SafeBoot.sys 98304 bytes
0xF71BC000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xA4330000 C:\WINDOWS\system32\drivers\mqac.sys 94208 bytes (Microsoft Corporation, Windows NT MQ Access Control Device Driver)
0xF0197000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA36FE000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA2527000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111011.024\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
0xF0E6F000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xA6B0D000 c:\Program Files\Symantec AntiVirus\Savrtpel.sys 81920 bytes (Symantec Corporation, SAVRTPEL)
0xF104E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA56E7000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF71D3000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7347000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF0186000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA5F3A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7627000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7497000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xA730E000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7637000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA373B000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA731E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF74A7000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF74F7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF67B4000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7677000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF74C7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF67A4000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF7667000 C:\WINDOWS\system32\DRIVERS\dfmirage.sys 49152 bytes (DemoForge, LLC, Mirage Driver)
0xF7547000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA5F1A000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7617000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF74B7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7687000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF74D7000 SbAlg.sys 45056 bytes (SafeBoot N.V., SafeBoot FIPS AES Algorithm (256 bit))
0xF7647000 C:\WINDOWS\system32\DRIVERS\Accelerometer.sys 40960 bytes (Hewlett-Packard Corporation, HP Accelerometer)
0xF7487000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF76B7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7507000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA2F2F000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 40960 bytes (Symantec Corporation, Redirector Filter Driver)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA33E0000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF74E7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7657000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7517000 hpdskflt.sys 36864 bytes (Hewlett-Packard Corporation, HP Disk Filter)
0xF67C4000 C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS 36864 bytes (Infineon Technologies AG, Infineon Trusted Platform Module)
0xF7567000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA438F000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF7557000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF6754000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF5C74000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7877000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xA6438000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7727000 C:\WINDOWS\system32\DRIVERS\pctnullport.sys 32768 bytes (PCTEL Inc., Null-modem emulator)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF786F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF773F000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xF7717000 BMLoad.sys 24576 bytes (Bytemobile, Inc., Bytemobile Kernel Driver Loader)
0xF7867000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7807000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7827000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77EF000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xAA208000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF77FF000 C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0xF781F000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xA8FDB000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xA8FE3000 C:\WINDOWS\system32\Drivers\PROCEXP141.SYS 20480 bytes
0xF7887000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF788F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77E7000 C:\WINDOWS\System32\drivers\swmsflt.sys 20480 bytes (-, Sierra Wireless USB Mass Storage Filter Driver)
0xF77A7000 C:\WINDOWS\System32\Drivers\tcpipBM.SYS 20480 bytes (Bytemobile, Inc., Bytemobile Kernel Network Provider)
0xF787F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77AF000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA62DC000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF789F000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF796B000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF70A0000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7054000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xF70A8000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA6BC3000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF78A3000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF1972000 C:\WINDOWS\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Development Company, L.P., HP Tablet PC Key Button HID Driver)
0xF15D4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF795B000 C:\WINDOWS\system32\DRIVERS\easytthr.sys 12288 bytes (Mobile Stream, EasyTether Network Driver)
0xA3CF9000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA2BC4000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7973000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA7B4E000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF796F000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF798F000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7A17000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7991000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF79E5000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A33000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A2B000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A2F000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF79F7000 C:\WINDOWS\System32\Drivers\RsvLock.SYS 8192 bytes (SafeBoot International, SafeBoot Reserved Files Lock Driver)
0xF7993000 SbFsLock.sys 8192 bytes (SafeBoot International, SafeBoot FS Locker)
0xF7A2D000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF7A31000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A27000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF798D000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7BA5000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7AFC000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7AF6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A50000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\SafeBoot.sys]


---------------End of Report.TXT---------------------------------------

#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:18 AM

Posted 13 October 2011 - 07:48 AM

Hi-

Thanks for the logs and the info. Let's see about draining this swamp.

First, please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.8.0) from Kaspersky's website.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.

    To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.

  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. C:\TDSSKiller.2.5.0_23.07.2010_15.31.43_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Next, download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


In your reply, copy in the contents of the TDSSKiller report and the ComboFix report. How is your computer running now?
Shannon

#5 gogogators

gogogators
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 13 October 2011 - 04:56 PM

I downloaded and ran TDSS. It found one thing: Safeboot. It provides 3 options: Skip, Copy to Quarantine, Delete. I selected Delete, since it seemed the closest to Cure. I then clicked continue to reboot. At this point, my PC would blue screen a second after attempting to load XP. It would then go to the 'start windows in safe mode, etc' menu. I tried to start windows normally multiple times, but it was an endless loop. The only way out was to do the 'last known good config'. Doing this allowed XP to come up. I then ran TDSS a second time and it found the same thing. It is now sitting at the Skip, Copy to Quarantine, Delete menu again. Please let me know what you suggest I do from here. I have provided logs from both TDSS runs below.

Thanks again for your help.



Log from first TDSS run:


16:25:14.0500 5020 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
16:25:14.0843 5020 ============================================================
16:25:14.0843 5020 Current date / time: 2011/10/13 16:25:14.0843
16:25:14.0843 5020 SystemInfo:
16:25:14.0843 5020
16:25:14.0843 5020 OS Version: 5.1.2600 ServicePack: 3.0
16:25:14.0843 5020 Product type: Workstation
16:25:14.0843 5020 ComputerName: HPLAPTOP
16:25:14.0843 5020 UserName: Administrator
16:25:14.0843 5020 Windows directory: C:\WINDOWS
16:25:14.0843 5020 System windows directory: C:\WINDOWS
16:25:14.0843 5020 Processor architecture: Intel x86
16:25:14.0843 5020 Number of processors: 2
16:25:14.0843 5020 Page size: 0x1000
16:25:14.0843 5020 Boot type: Normal boot
16:25:14.0843 5020 ============================================================
16:25:15.0218 5020 Initialize success
16:25:22.0640 3944 ============================================================
16:25:22.0640 3944 Scan started
16:25:22.0640 3944 Mode: Manual;
16:25:22.0640 3944 ============================================================
16:25:23.0171 3944 Abiosdsk - ok
16:25:23.0187 3944 abp480n5 - ok
16:25:23.0234 3944 Accelerometer (ac24b66995aff48be6b2f8cc3ca843c7) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
16:25:23.0234 3944 Accelerometer - ok
16:25:23.0281 3944 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:25:23.0281 3944 ACPI - ok
16:25:23.0328 3944 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:25:23.0328 3944 ACPIEC - ok
16:25:23.0453 3944 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
16:25:23.0453 3944 ADIHdAudAddService - ok
16:25:23.0500 3944 adpu160m - ok
16:25:23.0515 3944 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
16:25:23.0515 3944 AEAudio - ok
16:25:23.0593 3944 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:25:23.0609 3944 aec - ok
16:25:23.0656 3944 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
16:25:23.0656 3944 AFD - ok
16:25:23.0781 3944 AgereSoftModem (3712986cc3abf0dc656b43525b9d1279) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:25:23.0812 3944 AgereSoftModem - ok
16:25:23.0906 3944 Aha154x - ok
16:25:23.0921 3944 aic78u2 - ok
16:25:23.0937 3944 aic78xx - ok
16:25:24.0000 3944 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:25:24.0000 3944 AliIde - ok
16:25:24.0078 3944 amsint - ok
16:25:24.0140 3944 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
16:25:24.0140 3944 androidusb - ok
16:25:24.0218 3944 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:25:24.0218 3944 Arp1394 - ok
16:25:24.0234 3944 asc - ok
16:25:24.0265 3944 asc3350p - ok
16:25:24.0281 3944 asc3550 - ok
16:25:24.0359 3944 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:25:24.0359 3944 AsyncMac - ok
16:25:24.0500 3944 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:25:24.0500 3944 atapi - ok
16:25:24.0515 3944 Atdisk - ok
16:25:24.0546 3944 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:25:24.0546 3944 Atmarpc - ok
16:25:24.0609 3944 ATSWPDRV (293e8cc3c246a89f4cca75b024ad757f) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
16:25:24.0609 3944 ATSWPDRV - ok
16:25:24.0656 3944 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:25:24.0671 3944 audstub - ok
16:25:24.0812 3944 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
16:25:24.0828 3944 AVGIDSDriver - ok
16:25:24.0890 3944 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
16:25:24.0890 3944 AVGIDSEH - ok
16:25:24.0937 3944 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
16:25:24.0937 3944 AVGIDSFilter - ok
16:25:24.0968 3944 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
16:25:24.0968 3944 AVGIDSShim - ok
16:25:25.0015 3944 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:25:25.0015 3944 Avgldx86 - ok
16:25:25.0156 3944 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:25:25.0156 3944 Avgmfx86 - ok
16:25:25.0171 3944 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:25:25.0187 3944 Avgrkx86 - ok
16:25:25.0218 3944 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:25:25.0234 3944 Avgtdix - ok
16:25:25.0359 3944 b57w2k (74a65415dfaad20f06e7550fa9b6e012) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:25:25.0375 3944 b57w2k - ok
16:25:25.0468 3944 bcm (54c533ae49cdf9c4630e80379a1090fe) C:\WINDOWS\system32\DRIVERS\drxvi314.sys
16:25:25.0468 3944 bcm - ok
16:25:25.0656 3944 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:25:25.0687 3944 BCM43XX - ok
16:25:25.0812 3944 bcmbusctr (44a70e32615770a4ec60e0267c0c8408) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
16:25:25.0812 3944 bcmbusctr - ok
16:25:25.0875 3944 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:25:25.0875 3944 Beep - ok
16:25:25.0890 3944 BMLoad - ok
16:25:25.0953 3944 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
16:25:25.0953 3944 BrScnUsb - ok
16:25:26.0000 3944 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
16:25:26.0015 3944 BrSerIf - ok
16:25:26.0046 3944 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
16:25:26.0046 3944 BrUsbSer - ok
16:25:26.0171 3944 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
16:25:26.0187 3944 BVRPMPR5 - ok
16:25:26.0234 3944 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:25:26.0234 3944 cbidf2k - ok
16:25:26.0281 3944 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:25:26.0281 3944 CCDECODE - ok
16:25:26.0296 3944 cd20xrnt - ok
16:25:26.0343 3944 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:25:26.0343 3944 Cdaudio - ok
16:25:26.0468 3944 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:25:26.0468 3944 Cdfs - ok
16:25:26.0515 3944 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:25:26.0531 3944 Cdrom - ok
16:25:26.0531 3944 Changer - ok
16:25:26.0578 3944 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:25:26.0578 3944 CmBatt - ok
16:25:26.0593 3944 CmdIde - ok
16:25:26.0640 3944 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:25:26.0640 3944 Compbatt - ok
16:25:26.0687 3944 CompFilter (13612d5107c9b65bef347f449bcaf54d) C:\WINDOWS\system32\DRIVERS\lvbusflt.sys
16:25:26.0703 3944 CompFilter - ok
16:25:26.0734 3944 Cpqarray - ok
16:25:26.0750 3944 dac2w2k - ok
16:25:26.0765 3944 dac960nt - ok
16:25:26.0812 3944 dfmirage (d8cd6a2a94f545858eec6117f0d5dff4) C:\WINDOWS\system32\DRIVERS\dfmirage.sys
16:25:26.0812 3944 dfmirage - ok
16:25:26.0843 3944 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:25:26.0843 3944 Disk - ok
16:25:26.0921 3944 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:25:26.0937 3944 dmboot - ok
16:25:27.0062 3944 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:25:27.0078 3944 dmio - ok
16:25:27.0109 3944 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:25:27.0109 3944 dmload - ok
16:25:27.0156 3944 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:25:27.0156 3944 DMusic - ok
16:25:27.0187 3944 dpti2o - ok
16:25:27.0203 3944 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:25:27.0203 3944 drmkaud - ok
16:25:27.0281 3944 easytether (5d67e5f2ca692f7dba2568182b394541) C:\WINDOWS\system32\DRIVERS\easytthr.sys
16:25:27.0281 3944 easytether - ok
16:25:27.0343 3944 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:25:27.0343 3944 Fastfat - ok
16:25:27.0484 3944 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:25:27.0484 3944 Fdc - ok
16:25:27.0500 3944 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:25:27.0515 3944 Fips - ok
16:25:27.0531 3944 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:25:27.0546 3944 Flpydisk - ok
16:25:27.0562 3944 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:25:27.0578 3944 FltMgr - ok
16:25:27.0640 3944 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:25:27.0640 3944 Fs_Rec - ok
16:25:27.0781 3944 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:25:27.0781 3944 Ftdisk - ok
16:25:27.0843 3944 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:25:27.0859 3944 GEARAspiWDM - ok
16:25:27.0921 3944 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:25:27.0921 3944 Gpc - ok
16:25:28.0078 3944 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
16:25:28.0078 3944 HBtnKey - ok
16:25:28.0171 3944 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:25:28.0171 3944 HDAudBus - ok
16:25:28.0250 3944 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:25:28.0250 3944 HidUsb - ok
16:25:28.0390 3944 hpdskflt (4f586a990238ab147099bc76c07c566e) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
16:25:28.0390 3944 hpdskflt - ok
16:25:28.0421 3944 hpn - ok
16:25:28.0468 3944 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
16:25:28.0468 3944 HpqKbFiltr - ok
16:25:28.0531 3944 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:25:28.0546 3944 HPZid412 - ok
16:25:28.0593 3944 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:25:28.0593 3944 HPZipr12 - ok
16:25:28.0750 3944 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:25:28.0750 3944 HPZius12 - ok
16:25:28.0812 3944 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:25:28.0828 3944 HTTP - ok
16:25:28.0937 3944 i2omgmt - ok
16:25:28.0953 3944 i2omp - ok
16:25:29.0000 3944 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:25:29.0000 3944 i8042prt - ok
16:25:29.0281 3944 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:25:29.0500 3944 ialm - ok
16:25:29.0656 3944 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:25:29.0671 3944 iaStor - ok
16:25:29.0734 3944 ICAM3NT5 (7e9dce459be666ab54f67e77cb7d1297) C:\WINDOWS\system32\Drivers\Icam3.sys
16:25:29.0734 3944 ICAM3NT5 - ok
16:25:29.0796 3944 IFXTPM (f67554da27d5b55efcb6c7cb4818fbfd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
16:25:29.0796 3944 IFXTPM - ok
16:25:29.0937 3944 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:25:29.0937 3944 Imapi - ok
16:25:29.0968 3944 ini910u - ok
16:25:30.0000 3944 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:25:30.0000 3944 IntelIde - ok
16:25:30.0046 3944 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:25:30.0046 3944 intelppm - ok
16:25:30.0078 3944 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:25:30.0093 3944 Ip6Fw - ok
16:25:30.0125 3944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:25:30.0125 3944 IpFilterDriver - ok
16:25:30.0281 3944 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:25:30.0281 3944 IpInIp - ok
16:25:30.0328 3944 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:25:30.0328 3944 IpNat - ok
16:25:30.0390 3944 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:25:30.0406 3944 IPSec - ok
16:25:30.0437 3944 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:25:30.0453 3944 IRENUM - ok
16:25:30.0484 3944 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:25:30.0484 3944 isapnp - ok
16:25:30.0640 3944 JL2005C (4974d83c18642355c00287286cf33939) C:\WINDOWS\system32\Drivers\jl2005c.sys
16:25:30.0656 3944 JL2005C - ok
16:25:30.0703 3944 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:25:30.0703 3944 Kbdclass - ok
16:25:30.0734 3944 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:25:30.0734 3944 kbdhid - ok
16:25:30.0765 3944 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:25:30.0781 3944 kmixer - ok
16:25:30.0828 3944 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:25:30.0828 3944 KSecDD - ok
16:25:30.0953 3944 lbrtfdc - ok
16:25:31.0015 3944 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
16:25:31.0015 3944 LVPr2Mon - ok
16:25:31.0109 3944 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
16:25:31.0109 3944 LVRS - ok
16:25:31.0546 3944 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
16:25:31.0781 3944 LVUVC - ok
16:25:31.0921 3944 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
16:25:31.0921 3944 MBAMProtector - ok
16:25:32.0000 3944 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:25:32.0000 3944 mnmdd - ok
16:25:32.0062 3944 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:25:32.0062 3944 Modem - ok
16:25:32.0125 3944 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:25:32.0125 3944 Mouclass - ok
16:25:32.0250 3944 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:25:32.0250 3944 mouhid - ok
16:25:32.0312 3944 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:25:32.0312 3944 MountMgr - ok
16:25:32.0359 3944 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
16:25:32.0359 3944 MPE - ok
16:25:32.0406 3944 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
16:25:32.0421 3944 MQAC - ok
16:25:32.0531 3944 mraid35x - ok
16:25:32.0593 3944 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:25:32.0593 3944 MRxDAV - ok
16:25:32.0640 3944 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:25:32.0671 3944 MRxSmb - ok
16:25:32.0828 3944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:25:32.0828 3944 Msfs - ok
16:25:32.0875 3944 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:25:32.0875 3944 MSKSSRV - ok
16:25:32.0906 3944 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:25:32.0921 3944 MSPCLOCK - ok
16:25:32.0953 3944 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:25:32.0953 3944 MSPQM - ok
16:25:33.0015 3944 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:25:33.0031 3944 mssmbios - ok
16:25:33.0171 3944 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:25:33.0171 3944 MSTEE - ok
16:25:33.0218 3944 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:25:33.0218 3944 Mup - ok
16:25:33.0265 3944 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:25:33.0265 3944 NABTSFEC - ok
16:25:33.0437 3944 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:25:33.0437 3944 NDIS - ok
16:25:33.0500 3944 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:25:33.0500 3944 NdisIP - ok
16:25:33.0546 3944 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:25:33.0546 3944 NdisTapi - ok
16:25:33.0593 3944 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:25:33.0593 3944 Ndisuio - ok
16:25:33.0750 3944 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:25:33.0765 3944 NdisWan - ok
16:25:33.0812 3944 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:25:33.0812 3944 NDProxy - ok
16:25:33.0859 3944 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:25:33.0859 3944 NetBIOS - ok
16:25:33.0906 3944 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:25:33.0906 3944 NetBT - ok
16:25:33.0968 3944 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:25:33.0968 3944 NIC1394 - ok
16:25:34.0250 3944 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\WINDOWS\system32\DRIVERS\pctnullport.sys
16:25:34.0250 3944 Nmea - ok
16:25:34.0312 3944 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:25:34.0312 3944 Npfs - ok
16:25:34.0359 3944 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:25:34.0359 3944 Ntfs - ok
16:25:34.0500 3944 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:25:34.0500 3944 Null - ok
16:25:34.0578 3944 NWADI (93213c7ec08e01e37a935bf144e75df6) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
16:25:34.0578 3944 NWADI - ok
16:25:34.0625 3944 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:25:34.0625 3944 NwlnkFlt - ok
16:25:34.0671 3944 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:25:34.0671 3944 NwlnkFwd - ok
16:25:34.0796 3944 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
16:25:34.0796 3944 NWUSBModem - ok
16:25:34.0859 3944 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
16:25:34.0875 3944 NWUSBPort - ok
16:25:34.0906 3944 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
16:25:34.0906 3944 NWUSBPort2 - ok
16:25:35.0046 3944 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:25:35.0046 3944 ohci1394 - ok
16:25:35.0125 3944 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:25:35.0125 3944 Parport - ok
16:25:35.0140 3944 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:25:35.0140 3944 PartMgr - ok
16:25:35.0203 3944 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:25:35.0203 3944 ParVdm - ok
16:25:35.0328 3944 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
16:25:35.0343 3944 PCASp50 - ok
16:25:35.0406 3944 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:25:35.0406 3944 PCI - ok
16:25:35.0421 3944 PCIDump - ok
16:25:35.0437 3944 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:25:35.0437 3944 PCIIde - ok
16:25:35.0453 3944 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:25:35.0453 3944 Pcmcia - ok
16:25:35.0500 3944 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys
16:25:35.0500 3944 pcouffin - ok
16:25:35.0546 3944 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
16:25:35.0546 3944 PCTINDIS5 - ok
16:25:35.0640 3944 PDCOMP - ok
16:25:35.0656 3944 PDFRAME - ok
16:25:35.0671 3944 PDRELI - ok
16:25:35.0687 3944 PDRFRAME - ok
16:25:35.0703 3944 perc2 - ok
16:25:35.0703 3944 perc2hib - ok
16:25:35.0796 3944 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:25:35.0796 3944 PptpMiniport - ok
16:25:35.0812 3944 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:25:35.0812 3944 PSched - ok
16:25:35.0828 3944 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:25:35.0828 3944 Ptilink - ok
16:25:35.0859 3944 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:25:35.0859 3944 PxHelp20 - ok
16:25:35.0875 3944 ql1080 - ok
16:25:35.0890 3944 Ql10wnt - ok
16:25:35.0906 3944 ql12160 - ok
16:25:35.0906 3944 ql1240 - ok
16:25:35.0921 3944 ql1280 - ok
16:25:35.0953 3944 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:25:35.0953 3944 RasAcd - ok
16:25:35.0984 3944 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
16:25:35.0984 3944 Rasirda - ok
16:25:36.0203 3944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:25:36.0218 3944 Rasl2tp - ok
16:25:36.0265 3944 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:25:36.0265 3944 RasPppoe - ok
16:25:36.0421 3944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:25:36.0437 3944 Raspti - ok
16:25:36.0500 3944 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:25:36.0515 3944 Rdbss - ok
16:25:36.0531 3944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:25:36.0531 3944 RDPCDD - ok
16:25:36.0562 3944 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:25:36.0562 3944 rdpdr - ok
16:25:36.0625 3944 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:25:36.0640 3944 RDPWD - ok
16:25:36.0765 3944 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:25:36.0765 3944 redbook - ok
16:25:36.0828 3944 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
16:25:36.0828 3944 RimUsb - ok
16:25:36.0890 3944 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
16:25:36.0906 3944 RimVSerPort - ok
16:25:37.0031 3944 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
16:25:37.0031 3944 RMCAST - ok
16:25:37.0093 3944 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:25:37.0093 3944 ROOTMODEM - ok
16:25:37.0156 3944 RsvLock (0de27c94a562d0360fb520c42068cca0) C:\WINDOWS\system32\drivers\RsvLock.sys
16:25:37.0156 3944 RsvLock - ok
16:25:37.0265 3944 SafeBoot (4ccee8fcfe54262443bb348adb1f7f52) C:\WINDOWS\system32\drivers\SafeBoot.sys
16:25:37.0265 3944 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\SafeBoot.sys. md5: 4ccee8fcfe54262443bb348adb1f7f52
16:25:37.0265 3944 SafeBoot ( LockedFile.Multi.Generic ) - warning
16:25:37.0265 3944 SafeBoot - detected LockedFile.Multi.Generic (1)
16:25:37.0296 3944 SbAlg (f6367fb350f8e5d3f6dd8040e4c0e33b) C:\WINDOWS\system32\drivers\SbAlg.sys
16:25:37.0312 3944 SbAlg - ok
16:25:37.0328 3944 SbFsLock (df4a90b29b878e8cd95a1ac8f94ca954) C:\WINDOWS\system32\drivers\SbFsLock.sys
16:25:37.0328 3944 SbFsLock - ok
16:25:37.0390 3944 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:25:37.0406 3944 Secdrv - ok
16:25:37.0453 3944 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:25:37.0453 3944 serenum - ok
16:25:37.0562 3944 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:25:37.0562 3944 Serial - ok
16:25:37.0609 3944 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:25:37.0609 3944 Sfloppy - ok
16:25:37.0625 3944 Simbad - ok
16:25:37.0687 3944 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:25:37.0687 3944 SLIP - ok
16:25:37.0734 3944 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
16:25:37.0734 3944 SMCIRDA - ok
16:25:37.0828 3944 Sparrow - ok
16:25:37.0921 3944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:25:37.0921 3944 splitter - ok
16:25:37.0953 3944 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:25:37.0953 3944 sr - ok
16:25:38.0000 3944 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:25:38.0015 3944 Srv - ok
16:25:38.0078 3944 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
16:25:38.0078 3944 ssadbus - ok
16:25:38.0187 3944 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
16:25:38.0187 3944 ssadmdfl - ok
16:25:38.0312 3944 ssadmdm (9afaa23421622c392b55508fa9613949) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
16:25:38.0312 3944 ssadmdm - ok
16:25:38.0375 3944 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:25:38.0375 3944 StillCam - ok
16:25:38.0484 3944 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:25:38.0484 3944 streamip - ok
16:25:38.0562 3944 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:25:38.0562 3944 swenum - ok
16:25:38.0593 3944 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:25:38.0593 3944 swmidi - ok
16:25:38.0656 3944 swmsflt (e6c797b33a454840245c0c96e7f08b0a) C:\WINDOWS\System32\drivers\swmsflt.sys
16:25:38.0656 3944 swmsflt - ok
16:25:38.0765 3944 swmx00 (af88ae62b84d016eb5bdc12ddf1005a3) C:\WINDOWS\system32\DRIVERS\swmx00.sys
16:25:38.0765 3944 swmx00 - ok
16:25:38.0812 3944 SWNC5E00 (24bce62e4da07c6488e3a7ff37a6b6ae) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
16:25:38.0812 3944 SWNC5E00 - ok
16:25:38.0843 3944 symc810 - ok
16:25:38.0875 3944 symc8xx - ok
16:25:38.0890 3944 sym_hi - ok
16:25:38.0890 3944 sym_u3 - ok
16:25:38.0953 3944 SynTP (926e0bb4cac05d9a0c3b59dc16fe2f1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:25:38.0953 3944 SynTP - ok
16:25:39.0078 3944 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:25:39.0078 3944 sysaudio - ok
16:25:39.0156 3944 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:25:39.0156 3944 Tcpip - ok
16:25:39.0203 3944 tcpipBM (4bed0c7fdf414d1bd26bf33ea673ca49) C:\WINDOWS\system32\drivers\tcpipBM.sys
16:25:39.0203 3944 tcpipBM - ok
16:25:39.0250 3944 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:25:39.0250 3944 TDPIPE - ok
16:25:39.0406 3944 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:25:39.0406 3944 TDTCP - ok
16:25:39.0453 3944 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:25:39.0453 3944 TermDD - ok
16:25:39.0484 3944 TosIde - ok
16:25:39.0515 3944 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:25:39.0515 3944 Udfs - ok
16:25:39.0531 3944 ultra - ok
16:25:39.0546 3944 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:25:39.0562 3944 Update - ok
16:25:39.0640 3944 USB28xxBGA (23e192f610e267b73cfee0004c07658d) C:\WINDOWS\system32\DRIVERS\emBDA.sys
16:25:39.0640 3944 USB28xxBGA - ok
16:25:39.0781 3944 USB28xxOEM (9066c185084f04d08b109df93d2a13cc) C:\WINDOWS\system32\DRIVERS\emOEM.sys
16:25:39.0796 3944 USB28xxOEM - ok
16:25:39.0890 3944 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:25:39.0890 3944 USBAAPL - ok
16:25:39.0921 3944 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:25:39.0921 3944 usbaudio - ok
16:25:40.0000 3944 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:25:40.0000 3944 usbccgp - ok
16:25:40.0109 3944 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:25:40.0109 3944 usbehci - ok
16:25:40.0171 3944 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:25:40.0171 3944 usbhub - ok
16:25:40.0218 3944 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:25:40.0218 3944 usbohci - ok
16:25:40.0281 3944 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:25:40.0281 3944 usbprint - ok
16:25:40.0375 3944 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:25:40.0390 3944 usbscan - ok
16:25:40.0406 3944 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:25:40.0406 3944 USBSTOR - ok
16:25:40.0468 3944 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:25:40.0468 3944 usbuhci - ok
16:25:40.0546 3944 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:25:40.0562 3944 usbvideo - ok
16:25:40.0640 3944 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:25:40.0640 3944 VgaSave - ok
16:25:40.0687 3944 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:25:40.0687 3944 ViaIde - ok
16:25:40.0718 3944 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:25:40.0718 3944 VolSnap - ok
16:25:40.0828 3944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:25:40.0828 3944 Wanarp - ok
16:25:40.0921 3944 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:25:40.0937 3944 Wdf01000 - ok
16:25:41.0015 3944 WDICA - ok
16:25:41.0125 3944 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:25:41.0125 3944 wdmaud - ok
16:25:41.0203 3944 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:25:41.0203 3944 WmiAcpi - ok
16:25:41.0250 3944 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:25:41.0250 3944 WS2IFSL - ok
16:25:41.0359 3944 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:25:41.0359 3944 WSTCODEC - ok
16:25:41.0453 3944 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:25:41.0453 3944 WudfPf - ok
16:25:41.0500 3944 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:25:41.0500 3944 WudfRd - ok
16:25:41.0546 3944 MBR (0x1B8) (4f02a8d4048a138c450ed7f867eb0144) \Device\Harddisk0\DR0
16:25:41.0750 3944 \Device\Harddisk0\DR0 - ok
16:25:41.0750 3944 Boot (0x1200) (428eaa245b96cbe1adac217dcf6ad8d7) \Device\Harddisk0\DR0\Partition0
16:25:41.0750 3944 \Device\Harddisk0\DR0\Partition0 - ok
16:25:41.0750 3944 Boot (0x1200) (d41098949a47e209d69638a304ba3449) \Device\Harddisk0\DR0\Partition1
16:25:41.0750 3944 \Device\Harddisk0\DR0\Partition1 - ok
16:25:41.0765 3944 ============================================================
16:25:41.0765 3944 Scan finished
16:25:41.0765 3944 ============================================================
16:25:41.0765 4864 Detected object count: 1
16:25:41.0765 4864 Actual detected object count: 1
16:26:24.0578 4864 HKLM\SYSTEM\ControlSet001\services\SafeBoot - will be deleted on reboot
16:26:24.0578 4864 HKLM\SYSTEM\ControlSet003\services\SafeBoot - will be deleted on reboot
16:26:24.0578 4864 C:\WINDOWS\system32\drivers\SafeBoot.sys - will be deleted on reboot
16:26:24.0578 4864 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Delete
16:26:45.0453 3376 Deinitialize success





Log from second TDSS run:

17:47:31.0046 3808 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
17:47:31.0390 3808 ============================================================
17:47:31.0390 3808 Current date / time: 2011/10/13 17:47:31.0390
17:47:31.0390 3808 SystemInfo:
17:47:31.0390 3808
17:47:31.0390 3808 OS Version: 5.1.2600 ServicePack: 3.0
17:47:31.0390 3808 Product type: Workstation
17:47:31.0390 3808 ComputerName: HPLAPTOP
17:47:31.0390 3808 UserName: Administrator
17:47:31.0390 3808 Windows directory: C:\WINDOWS
17:47:31.0390 3808 System windows directory: C:\WINDOWS
17:47:31.0390 3808 Processor architecture: Intel x86
17:47:31.0390 3808 Number of processors: 2
17:47:31.0390 3808 Page size: 0x1000
17:47:31.0390 3808 Boot type: Normal boot
17:47:31.0390 3808 ============================================================
17:47:31.0968 3808 Initialize success
17:47:44.0312 3412 ============================================================
17:47:44.0312 3412 Scan started
17:47:44.0312 3412 Mode: Manual;
17:47:44.0312 3412 ============================================================
17:47:45.0234 3412 Abiosdsk - ok
17:47:45.0234 3412 abp480n5 - ok
17:47:45.0281 3412 Accelerometer (ac24b66995aff48be6b2f8cc3ca843c7) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
17:47:45.0281 3412 Accelerometer - ok
17:47:45.0343 3412 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:47:45.0343 3412 ACPI - ok
17:47:45.0359 3412 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:47:45.0359 3412 ACPIEC - ok
17:47:45.0390 3412 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
17:47:45.0390 3412 ADIHdAudAddService - ok
17:47:45.0500 3412 adpu160m - ok
17:47:45.0531 3412 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
17:47:45.0531 3412 AEAudio - ok
17:47:45.0593 3412 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:47:45.0609 3412 aec - ok
17:47:45.0656 3412 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
17:47:45.0671 3412 AFD - ok
17:47:45.0843 3412 AgereSoftModem (3712986cc3abf0dc656b43525b9d1279) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:47:45.0875 3412 AgereSoftModem - ok
17:47:45.0984 3412 Aha154x - ok
17:47:46.0000 3412 aic78u2 - ok
17:47:46.0015 3412 aic78xx - ok
17:47:46.0062 3412 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:47:46.0062 3412 AliIde - ok
17:47:46.0078 3412 amsint - ok
17:47:46.0125 3412 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
17:47:46.0125 3412 androidusb - ok
17:47:46.0203 3412 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:47:46.0203 3412 Arp1394 - ok
17:47:46.0312 3412 asc - ok
17:47:46.0328 3412 asc3350p - ok
17:47:46.0343 3412 asc3550 - ok
17:47:46.0421 3412 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:47:46.0421 3412 AsyncMac - ok
17:47:46.0453 3412 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:47:46.0453 3412 atapi - ok
17:47:46.0484 3412 Atdisk - ok
17:47:46.0515 3412 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:47:46.0515 3412 Atmarpc - ok
17:47:46.0578 3412 ATSWPDRV (293e8cc3c246a89f4cca75b024ad757f) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
17:47:46.0578 3412 ATSWPDRV - ok
17:47:46.0718 3412 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:47:46.0718 3412 audstub - ok
17:47:46.0781 3412 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
17:47:46.0781 3412 AVGIDSDriver - ok
17:47:46.0843 3412 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
17:47:46.0843 3412 AVGIDSEH - ok
17:47:46.0968 3412 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
17:47:46.0968 3412 AVGIDSFilter - ok
17:47:47.0015 3412 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
17:47:47.0015 3412 AVGIDSShim - ok
17:47:47.0078 3412 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
17:47:47.0078 3412 Avgldx86 - ok
17:47:47.0109 3412 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
17:47:47.0109 3412 Avgmfx86 - ok
17:47:47.0265 3412 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
17:47:47.0265 3412 Avgrkx86 - ok
17:47:47.0296 3412 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
17:47:47.0312 3412 Avgtdix - ok
17:47:47.0375 3412 b57w2k (74a65415dfaad20f06e7550fa9b6e012) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:47:47.0375 3412 b57w2k - ok
17:47:47.0437 3412 bcm (54c533ae49cdf9c4630e80379a1090fe) C:\WINDOWS\system32\DRIVERS\drxvi314.sys
17:47:47.0453 3412 bcm - ok
17:47:47.0625 3412 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:47:47.0656 3412 BCM43XX - ok
17:47:47.0812 3412 bcmbusctr (44a70e32615770a4ec60e0267c0c8408) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
17:47:47.0812 3412 bcmbusctr - ok
17:47:47.0859 3412 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:47:47.0859 3412 Beep - ok
17:47:47.0875 3412 BMLoad - ok
17:47:47.0921 3412 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
17:47:47.0921 3412 BrScnUsb - ok
17:47:47.0984 3412 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
17:47:47.0984 3412 BrSerIf - ok
17:47:48.0109 3412 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
17:47:48.0109 3412 BrUsbSer - ok
17:47:48.0156 3412 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
17:47:48.0156 3412 BVRPMPR5 - ok
17:47:48.0203 3412 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:47:48.0218 3412 cbidf2k - ok
17:47:48.0343 3412 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:47:48.0343 3412 CCDECODE - ok
17:47:48.0359 3412 cd20xrnt - ok
17:47:48.0406 3412 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:47:48.0406 3412 Cdaudio - ok
17:47:48.0453 3412 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:47:48.0453 3412 Cdfs - ok
17:47:48.0515 3412 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:47:48.0515 3412 Cdrom - ok
17:47:48.0625 3412 Changer - ok
17:47:48.0671 3412 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:47:48.0671 3412 CmBatt - ok
17:47:48.0687 3412 CmdIde - ok
17:47:48.0734 3412 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:47:48.0734 3412 Compbatt - ok
17:47:48.0765 3412 CompFilter (13612d5107c9b65bef347f449bcaf54d) C:\WINDOWS\system32\DRIVERS\lvbusflt.sys
17:47:48.0765 3412 CompFilter - ok
17:47:48.0781 3412 Cpqarray - ok
17:47:48.0796 3412 dac2w2k - ok
17:47:48.0812 3412 dac960nt - ok
17:47:48.0859 3412 dfmirage (d8cd6a2a94f545858eec6117f0d5dff4) C:\WINDOWS\system32\DRIVERS\dfmirage.sys
17:47:48.0859 3412 dfmirage - ok
17:47:48.0875 3412 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:47:48.0875 3412 Disk - ok
17:47:48.0937 3412 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:47:48.0953 3412 dmboot - ok
17:47:49.0109 3412 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:47:49.0109 3412 dmio - ok
17:47:49.0156 3412 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:47:49.0156 3412 dmload - ok
17:47:49.0203 3412 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:47:49.0203 3412 DMusic - ok
17:47:49.0234 3412 dpti2o - ok
17:47:49.0250 3412 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:47:49.0250 3412 drmkaud - ok
17:47:49.0328 3412 easytether (5d67e5f2ca692f7dba2568182b394541) C:\WINDOWS\system32\DRIVERS\easytthr.sys
17:47:49.0343 3412 easytether - ok
17:47:49.0500 3412 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:47:49.0515 3412 Fastfat - ok
17:47:49.0562 3412 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:47:49.0562 3412 Fdc - ok
17:47:49.0593 3412 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:47:49.0593 3412 Fips - ok
17:47:49.0625 3412 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:47:49.0625 3412 Flpydisk - ok
17:47:49.0781 3412 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:47:49.0781 3412 FltMgr - ok
17:47:49.0828 3412 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:47:49.0828 3412 Fs_Rec - ok
17:47:49.0843 3412 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:47:49.0859 3412 Ftdisk - ok
17:47:49.0906 3412 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:47:49.0906 3412 GEARAspiWDM - ok
17:47:49.0968 3412 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:47:49.0984 3412 Gpc - ok
17:47:50.0140 3412 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
17:47:50.0140 3412 HBtnKey - ok
17:47:50.0203 3412 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:47:50.0203 3412 HDAudBus - ok
17:47:50.0265 3412 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:47:50.0265 3412 HidUsb - ok
17:47:50.0406 3412 hpdskflt (4f586a990238ab147099bc76c07c566e) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
17:47:50.0406 3412 hpdskflt - ok
17:47:50.0437 3412 hpn - ok
17:47:50.0500 3412 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
17:47:50.0515 3412 HpqKbFiltr - ok
17:47:50.0656 3412 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:47:50.0656 3412 HPZid412 - ok
17:47:50.0734 3412 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:47:50.0734 3412 HPZipr12 - ok
17:47:50.0750 3412 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:47:50.0765 3412 HPZius12 - ok
17:47:50.0796 3412 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:47:50.0812 3412 HTTP - ok
17:47:50.0875 3412 i2omgmt - ok
17:47:50.0921 3412 i2omp - ok
17:47:50.0968 3412 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:47:50.0968 3412 i8042prt - ok
17:47:51.0218 3412 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:47:51.0421 3412 ialm - ok
17:47:51.0578 3412 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\DRIVERS\iaStor.sys
17:47:51.0578 3412 iaStor - ok
17:47:51.0640 3412 ICAM3NT5 (7e9dce459be666ab54f67e77cb7d1297) C:\WINDOWS\system32\Drivers\Icam3.sys
17:47:51.0640 3412 ICAM3NT5 - ok
17:47:51.0796 3412 IFXTPM (f67554da27d5b55efcb6c7cb4818fbfd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
17:47:51.0796 3412 IFXTPM - ok
17:47:51.0843 3412 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:47:51.0843 3412 Imapi - ok
17:47:51.0859 3412 ini910u - ok
17:47:51.0906 3412 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:47:51.0906 3412 IntelIde - ok
17:47:51.0921 3412 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:47:51.0921 3412 intelppm - ok
17:47:52.0078 3412 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:47:52.0078 3412 Ip6Fw - ok
17:47:52.0125 3412 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:47:52.0125 3412 IpFilterDriver - ok
17:47:52.0171 3412 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:47:52.0171 3412 IpInIp - ok
17:47:52.0218 3412 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:47:52.0218 3412 IpNat - ok
17:47:52.0359 3412 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:47:52.0359 3412 IPSec - ok
17:47:52.0375 3412 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:47:52.0375 3412 IRENUM - ok
17:47:52.0406 3412 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:47:52.0406 3412 isapnp - ok
17:47:52.0468 3412 JL2005C (4974d83c18642355c00287286cf33939) C:\WINDOWS\system32\Drivers\jl2005c.sys
17:47:52.0468 3412 JL2005C - ok
17:47:52.0625 3412 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:47:52.0625 3412 Kbdclass - ok
17:47:52.0640 3412 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:47:52.0640 3412 kbdhid - ok
17:47:52.0687 3412 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:47:52.0687 3412 kmixer - ok
17:47:52.0734 3412 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:47:52.0750 3412 KSecDD - ok
17:47:52.0765 3412 lbrtfdc - ok
17:47:52.0796 3412 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
17:47:52.0812 3412 LVPr2Mon - ok
17:47:52.0953 3412 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
17:47:52.0953 3412 LVRS - ok
17:47:53.0296 3412 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
17:47:53.0546 3412 LVUVC - ok
17:47:53.0687 3412 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
17:47:53.0687 3412 MBAMProtector - ok
17:47:53.0734 3412 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:47:53.0750 3412 mnmdd - ok
17:47:53.0796 3412 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:47:53.0796 3412 Modem - ok
17:47:53.0843 3412 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:47:53.0843 3412 Mouclass - ok
17:47:53.0984 3412 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:47:53.0984 3412 mouhid - ok
17:47:54.0031 3412 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:47:54.0031 3412 MountMgr - ok
17:47:54.0078 3412 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
17:47:54.0078 3412 MPE - ok
17:47:54.0234 3412 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
17:47:54.0234 3412 MQAC - ok
17:47:54.0234 3412 mraid35x - ok
17:47:54.0296 3412 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:47:54.0296 3412 MRxDAV - ok
17:47:54.0359 3412 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:47:54.0390 3412 MRxSmb - ok
17:47:54.0546 3412 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:47:54.0546 3412 Msfs - ok
17:47:54.0578 3412 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:47:54.0578 3412 MSKSSRV - ok
17:47:54.0609 3412 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:47:54.0609 3412 MSPCLOCK - ok
17:47:54.0625 3412 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:47:54.0625 3412 MSPQM - ok
17:47:54.0656 3412 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:47:54.0656 3412 mssmbios - ok
17:47:54.0703 3412 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:47:54.0703 3412 MSTEE - ok
17:47:54.0828 3412 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:47:54.0828 3412 Mup - ok
17:47:54.0890 3412 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:47:54.0890 3412 NABTSFEC - ok
17:47:54.0937 3412 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:47:54.0937 3412 NDIS - ok
17:47:55.0062 3412 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:47:55.0062 3412 NdisIP - ok
17:47:55.0125 3412 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:47:55.0125 3412 NdisTapi - ok
17:47:55.0187 3412 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:47:55.0187 3412 Ndisuio - ok
17:47:55.0281 3412 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:47:55.0281 3412 NdisWan - ok
17:47:55.0343 3412 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:47:55.0343 3412 NDProxy - ok
17:47:55.0375 3412 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:47:55.0375 3412 NetBIOS - ok
17:47:55.0421 3412 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:47:55.0421 3412 NetBT - ok
17:47:55.0562 3412 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:47:55.0562 3412 NIC1394 - ok
17:47:55.0671 3412 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\WINDOWS\system32\DRIVERS\pctnullport.sys
17:47:55.0671 3412 Nmea - ok
17:47:55.0718 3412 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:47:55.0718 3412 Npfs - ok
17:47:55.0734 3412 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:47:55.0750 3412 Ntfs - ok
17:47:55.0890 3412 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:47:55.0890 3412 Null - ok
17:47:55.0937 3412 NWADI (93213c7ec08e01e37a935bf144e75df6) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
17:47:55.0937 3412 NWADI - ok
17:47:55.0968 3412 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:47:55.0968 3412 NwlnkFlt - ok
17:47:56.0000 3412 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:47:56.0000 3412 NwlnkFwd - ok
17:47:56.0171 3412 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
17:47:56.0171 3412 NWUSBModem - ok
17:47:56.0218 3412 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
17:47:56.0218 3412 NWUSBPort - ok
17:47:56.0250 3412 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
17:47:56.0250 3412 NWUSBPort2 - ok
17:47:56.0406 3412 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:47:56.0406 3412 ohci1394 - ok
17:47:56.0437 3412 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:47:56.0437 3412 Parport - ok
17:47:56.0453 3412 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:47:56.0453 3412 PartMgr - ok
17:47:56.0500 3412 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:47:56.0500 3412 ParVdm - ok
17:47:56.0562 3412 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
17:47:56.0562 3412 PCASp50 - ok
17:47:56.0703 3412 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:47:56.0703 3412 PCI - ok
17:47:56.0718 3412 PCIDump - ok
17:47:56.0750 3412 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:47:56.0750 3412 PCIIde - ok
17:47:56.0765 3412 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:47:56.0765 3412 Pcmcia - ok
17:47:56.0812 3412 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys
17:47:56.0812 3412 pcouffin - ok
17:47:56.0859 3412 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
17:47:56.0875 3412 PCTINDIS5 - ok
17:47:56.0984 3412 PDCOMP - ok
17:47:57.0000 3412 PDFRAME - ok
17:47:57.0015 3412 PDRELI - ok
17:47:57.0015 3412 PDRFRAME - ok
17:47:57.0031 3412 perc2 - ok
17:47:57.0046 3412 perc2hib - ok
17:47:57.0109 3412 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:47:57.0109 3412 PptpMiniport - ok
17:47:57.0125 3412 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:47:57.0125 3412 PSched - ok
17:47:57.0140 3412 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:47:57.0140 3412 Ptilink - ok
17:47:57.0171 3412 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:47:57.0187 3412 PxHelp20 - ok
17:47:57.0187 3412 ql1080 - ok
17:47:57.0203 3412 Ql10wnt - ok
17:47:57.0218 3412 ql12160 - ok
17:47:57.0234 3412 ql1240 - ok
17:47:57.0234 3412 ql1280 - ok
17:47:57.0265 3412 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:47:57.0265 3412 RasAcd - ok
17:47:57.0281 3412 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
17:47:57.0281 3412 Rasirda - ok
17:47:57.0296 3412 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:47:57.0296 3412 Rasl2tp - ok
17:47:57.0437 3412 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:47:57.0437 3412 RasPppoe - ok
17:47:57.0468 3412 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:47:57.0484 3412 Raspti - ok
17:47:57.0515 3412 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:47:57.0515 3412 Rdbss - ok
17:47:57.0531 3412 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:47:57.0531 3412 RDPCDD - ok
17:47:57.0562 3412 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:47:57.0578 3412 rdpdr - ok
17:47:57.0718 3412 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:47:57.0718 3412 RDPWD - ok
17:47:57.0765 3412 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:47:57.0765 3412 redbook - ok
17:47:57.0828 3412 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
17:47:57.0828 3412 RimUsb - ok
17:47:57.0968 3412 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
17:47:57.0968 3412 RimVSerPort - ok
17:47:58.0015 3412 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
17:47:58.0015 3412 RMCAST - ok
17:47:58.0062 3412 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
17:47:58.0062 3412 ROOTMODEM - ok
17:47:58.0203 3412 RsvLock (0de27c94a562d0360fb520c42068cca0) C:\WINDOWS\system32\drivers\RsvLock.sys
17:47:58.0203 3412 RsvLock - ok
17:47:58.0234 3412 SafeBoot (4ccee8fcfe54262443bb348adb1f7f52) C:\WINDOWS\system32\drivers\SafeBoot.sys
17:47:58.0234 3412 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\SafeBoot.sys. md5: 4ccee8fcfe54262443bb348adb1f7f52
17:47:58.0234 3412 SafeBoot ( LockedFile.Multi.Generic ) - warning
17:47:58.0234 3412 SafeBoot - detected LockedFile.Multi.Generic (1)
17:47:58.0250 3412 SbAlg (f6367fb350f8e5d3f6dd8040e4c0e33b) C:\WINDOWS\system32\drivers\SbAlg.sys
17:47:58.0250 3412 SbAlg - ok
17:47:58.0265 3412 SbFsLock (df4a90b29b878e8cd95a1ac8f94ca954) C:\WINDOWS\system32\drivers\SbFsLock.sys
17:47:58.0265 3412 SbFsLock - ok
17:47:58.0328 3412 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:47:58.0328 3412 Secdrv - ok
17:47:58.0375 3412 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:47:58.0375 3412 serenum - ok
17:47:58.0515 3412 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:47:58.0515 3412 Serial - ok
17:47:58.0562 3412 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:47:58.0562 3412 Sfloppy - ok
17:47:58.0578 3412 Simbad - ok
17:47:58.0625 3412 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:47:58.0625 3412 SLIP - ok
17:47:58.0687 3412 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
17:47:58.0687 3412 SMCIRDA - ok
17:47:58.0796 3412 Sparrow - ok
17:47:58.0843 3412 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:47:58.0843 3412 splitter - ok
17:47:58.0875 3412 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:47:58.0875 3412 sr - ok
17:47:58.0906 3412 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:47:58.0921 3412 Srv - ok
17:47:58.0968 3412 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
17:47:58.0984 3412 ssadbus - ok
17:47:59.0109 3412 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
17:47:59.0109 3412 ssadmdfl - ok
17:47:59.0171 3412 ssadmdm (9afaa23421622c392b55508fa9613949) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
17:47:59.0171 3412 ssadmdm - ok
17:47:59.0218 3412 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
17:47:59.0218 3412 StillCam - ok
17:47:59.0375 3412 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:47:59.0375 3412 streamip - ok
17:47:59.0421 3412 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:47:59.0421 3412 swenum - ok
17:47:59.0437 3412 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:47:59.0453 3412 swmidi - ok
17:47:59.0500 3412 swmsflt (e6c797b33a454840245c0c96e7f08b0a) C:\WINDOWS\System32\drivers\swmsflt.sys
17:47:59.0500 3412 swmsflt - ok
17:47:59.0640 3412 swmx00 (af88ae62b84d016eb5bdc12ddf1005a3) C:\WINDOWS\system32\DRIVERS\swmx00.sys
17:47:59.0640 3412 swmx00 - ok
17:47:59.0687 3412 SWNC5E00 (24bce62e4da07c6488e3a7ff37a6b6ae) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
17:47:59.0687 3412 SWNC5E00 - ok
17:47:59.0703 3412 symc810 - ok
17:47:59.0718 3412 symc8xx - ok
17:47:59.0734 3412 sym_hi - ok
17:47:59.0750 3412 sym_u3 - ok
17:47:59.0796 3412 SynTP (926e0bb4cac05d9a0c3b59dc16fe2f1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:47:59.0796 3412 SynTP - ok
17:47:59.0843 3412 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:47:59.0843 3412 sysaudio - ok
17:48:00.0000 3412 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:48:00.0000 3412 Tcpip - ok
17:48:00.0062 3412 tcpipBM (4bed0c7fdf414d1bd26bf33ea673ca49) C:\WINDOWS\system32\drivers\tcpipBM.sys
17:48:00.0062 3412 tcpipBM - ok
17:48:00.0125 3412 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:48:00.0125 3412 TDPIPE - ok
17:48:00.0140 3412 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:48:00.0140 3412 TDTCP - ok
17:48:00.0250 3412 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:48:00.0250 3412 TermDD - ok
17:48:00.0296 3412 TosIde - ok
17:48:00.0328 3412 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:48:00.0328 3412 Udfs - ok
17:48:00.0343 3412 ultra - ok
17:48:00.0375 3412 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:48:00.0390 3412 Update - ok
17:48:00.0453 3412 USB28xxBGA (23e192f610e267b73cfee0004c07658d) C:\WINDOWS\system32\DRIVERS\emBDA.sys
17:48:00.0468 3412 USB28xxBGA - ok
17:48:00.0671 3412 USB28xxOEM (9066c185084f04d08b109df93d2a13cc) C:\WINDOWS\system32\DRIVERS\emOEM.sys
17:48:00.0671 3412 USB28xxOEM - ok
17:48:00.0765 3412 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:48:00.0765 3412 USBAAPL - ok
17:48:00.0812 3412 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:48:00.0812 3412 usbaudio - ok
17:48:00.0875 3412 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:48:00.0890 3412 usbccgp - ok
17:48:00.0984 3412 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:48:00.0984 3412 usbehci - ok
17:48:01.0031 3412 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:48:01.0031 3412 usbhub - ok
17:48:01.0062 3412 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:48:01.0062 3412 usbohci - ok
17:48:01.0125 3412 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:48:01.0125 3412 usbprint - ok
17:48:01.0218 3412 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:48:01.0218 3412 usbscan - ok
17:48:01.0234 3412 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:48:01.0234 3412 USBSTOR - ok
17:48:01.0281 3412 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:48:01.0281 3412 usbuhci - ok
17:48:01.0328 3412 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:48:01.0343 3412 usbvideo - ok
17:48:01.0421 3412 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:48:01.0421 3412 VgaSave - ok
17:48:01.0500 3412 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:48:01.0500 3412 ViaIde - ok
17:48:01.0515 3412 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:48:01.0515 3412 VolSnap - ok
17:48:01.0562 3412 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:48:01.0562 3412 Wanarp - ok
17:48:01.0625 3412 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:48:01.0625 3412 Wdf01000 - ok
17:48:01.0734 3412 WDICA - ok
17:48:01.0781 3412 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:48:01.0796 3412 wdmaud - ok
17:48:01.0843 3412 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:48:01.0843 3412 WmiAcpi - ok
17:48:01.0906 3412 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:48:01.0906 3412 WS2IFSL - ok
17:48:02.0046 3412 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:48:02.0046 3412 WSTCODEC - ok
17:48:02.0109 3412 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:48:02.0109 3412 WudfPf - ok
17:48:02.0156 3412 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:48:02.0156 3412 WudfRd - ok
17:48:02.0203 3412 MBR (0x1B8) (4f02a8d4048a138c450ed7f867eb0144) \Device\Harddisk0\DR0
17:48:02.0390 3412 \Device\Harddisk0\DR0 - ok
17:48:02.0390 3412 Boot (0x1200) (428eaa245b96cbe1adac217dcf6ad8d7) \Device\Harddisk0\DR0\Partition0
17:48:02.0390 3412 \Device\Harddisk0\DR0\Partition0 - ok
17:48:02.0390 3412 Boot (0x1200) (d41098949a47e209d69638a304ba3449) \Device\Harddisk0\DR0\Partition1
17:48:02.0390 3412 \Device\Harddisk0\DR0\Partition1 - ok
17:48:02.0406 3412 ============================================================
17:48:02.0406 3412 Scan finished
17:48:02.0406 3412 ============================================================
17:48:02.0406 3756 Detected object count: 1
17:48:02.0406 3756 Actual detected object count: 1

#6 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:18 AM

Posted 13 October 2011 - 08:07 PM

Hi-

'Skip' it and run ComboFix
Shannon

#7 gogogators

gogogators
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 13 October 2011 - 09:00 PM

Ok, skipped it and ran combofix. Here's the log:

ComboFix 11-10-13.05 - Administrator 10/13/2011 21:34:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.943 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Roaming
c:\documents and settings\Administrator\Application Data\Roaming\HoldemManager\config\FTPRushTables.xml
c:\documents and settings\Administrator\g2mdlhlpx.exe
c:\windows\iun6002.exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\uninstall.exe
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-09-14 to 2011-10-14 )))))))))))))))))))))))))))))))
.
.
2011-10-13 20:26 . 2011-10-13 20:26 94896 ----a-w- c:\windows\system32\drivers\46196857.sys
2011-10-13 12:36 . 2011-10-13 22:19 -------- d-----w- c:\program files\eMusic Download Manager
2011-10-13 11:19 . 2011-10-13 11:19 -------- d-----w- C:\$AVG
2011-10-13 03:30 . 2011-10-13 03:30 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-13 01:57 . 2011-10-13 01:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012
2011-10-13 01:31 . 2011-10-13 01:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG Secure Search
2011-10-13 01:31 . 2011-10-13 01:31 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-10-13 01:31 . 2011-10-13 01:31 -------- d-----w- c:\program files\AVG Secure Search
2011-10-13 01:30 . 2011-10-13 12:16 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-13 01:30 . 2011-10-13 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-10-13 01:28 . 2011-10-13 01:28 -------- d-----w- c:\program files\AVG
2011-10-13 01:25 . 2011-10-13 01:25 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-13 01:17 . 2011-10-13 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-10 20:11 . 2011-10-10 20:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Okahka
2011-10-10 12:32 . 2011-10-11 11:37 -------- d-----w- C:\installation
2011-10-07 14:48 . 2011-10-07 14:48 -------- d-----w- C:\gmer
2011-10-07 13:55 . 2011-10-07 13:55 -------- d-----w- C:\ProcessExplorer
2011-10-06 13:51 . 2007-07-02 20:02 996648 ----a-w- c:\windows\system32\ShellManager10E2D762.dll
2011-10-06 13:48 . 2011-10-06 13:48 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-05 12:45 . 2011-10-05 12:47 -------- dc-h--w- c:\windows\ie8
2011-10-04 17:01 . 2011-10-04 17:01 -------- d-----w- c:\program files\Trend Micro
2011-09-30 13:00 . 2011-09-30 13:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics
2011-09-28 11:13 . 2011-10-01 12:27 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-09-27 12:13 . 2011-09-23 01:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-09-27 12:13 . 2011-10-01 12:27 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-09-27 12:13 . 2011-10-01 12:27 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-09-27 12:13 . 2011-10-01 12:27 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-09-27 12:13 . 2011-09-23 01:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-09-27 12:13 . 2011-10-01 12:27 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-09-27 12:13 . 2011-10-01 12:27 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-09-24 11:50 . 2011-09-24 11:50 -------- d-----w- c:\windows\system32\MpEngineStore
2011-09-24 11:35 . 2011-09-27 12:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-22 12:54 . 2011-09-24 10:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Eqpome
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-13 10:30 . 2011-09-13 10:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2004-08-04 08:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 21:00 . 2010-10-31 12:52 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-08 10:08 . 2011-08-08 10:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-01-13 20:47 . 2010-02-24 19:10 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2011-03-03 18:48 . 2010-02-24 19:10 447800 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-02-24 19:10 . 2010-02-24 19:10 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2011-06-21 06:37 . 2011-06-21 06:37 289592 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-10-01 12:27 . 2011-09-28 11:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-10-13 01:31 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-13 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-09-29 21:57 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-09-29 21:57 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-09-29 21:57 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-09-29 21:57 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-09-04 226576]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2011-09-29 16084992]
"EasyTether"="c:\program files\Mobile Stream\EasyTether\easytthr.exe" [2011-05-22 48648]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-07 177456]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-21 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-10 806912]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2010-12-15 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-12-15 316736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-13 218440]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
RegRunner2008.lnk - c:\installation\RegRunner2008.exe [2011-10-10 1134592]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Brother\\Brmfl07a\\FAXRX.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\MySQL\\MySQL Server 5.1\\bin\\mysqld.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Dimdim\\Plugin\\Application\\Dimdim.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Dimdim\\Updater\\next.exe"=
"c:\\Program Files\\Dimdim\\Plugin\\Application\\myScreen.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2930:TCP"= 2930:TCP:ColdFusion
"51800:TCP"= 51800:TCP:ColdFusion
"54925:UDP"= 54925:UDP:Brother Network Scanner
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [4/22/2007 8:24 PM 100095]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [10/9/2006 5:31 PM 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [3/29/2007 8:54 PM 13696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [4/22/2007 8:25 PM 5808]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 4:00 AM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 4:00 AM 14336]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 ColdFusion 8 .NET Service;ColdFusion 8 .NET Service;c:\coldfusion8\jnbridge\CF8DotNetsvc.exe [12/20/2008 8:57 PM 77824]
R2 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;c:\coldfusion8\db\slserver54\bin\swagent.exe "ColdFusion 8 ODBC Agent" --> c:\coldfusion8\db\slserver54\bin\swagent.exe ColdFusion 8 ODBC Agent [?]
R2 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;c:\coldfusion8\db\slserver54\bin\swstrtr.exe "ColdFusion 8 ODBC Server" --> c:\coldfusion8\db\slserver54\bin\swstrtr.exe ColdFusion 8 ODBC Server [?]
R2 ColdFusion 8 Search Server;ColdFusion 8 Search Server;c:\coldfusion8\verity\k2\_nti40\bin\k2admin.exe [12/20/2008 8:56 PM 2743056]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [4/22/2007 8:32 PM 221184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/31/2010 8:53 AM 366152]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [1/11/2010 3:10 PM 82944]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [12/6/2008 8:29 PM 540448]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [3/13/2009 5:50 AM 65536]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/12/2011 9:31 PM 246600]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [3/28/2009 7:08 PM 31896]
R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [7/1/2011 1:44 PM 17296]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [9/19/2006 12:58 PM 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/31/2010 8:52 AM 22216]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/23/2008 12:37 PM 47360]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 12:10 PM 135664]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [7/1/2011 2:05 PM 30312]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2/11/2010 9:03 PM 319488]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2/11/2010 9:02 PM 51456]
S3 ColdFusion 8 Application Server;ColdFusion 8 Application Server;c:\coldfusion8\runtime\bin\jrunsvc.exe [12/20/2008 8:56 PM 65536]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [5/14/2010 5:58 PM 20704]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 12:10 PM 135664]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [6/8/2010 4:35 PM 174720]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [7/1/2011 2:05 PM 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [7/1/2011 2:05 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [7/1/2011 2:05 PM 136680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Camtasia]
2007-03-13 17:22 128207 ----a-w- c:\windows\Sprint\Install\Camtasia\Config.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\QuickTime_7_5_5]
2008-09-12 14:17 114475 ----a-w- c:\program files\Active_Setups\QuickTime_7_5_5\Quicktime_Activesetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 21:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:10]
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:10]
.
2011-10-13 c:\windows\Tasks\next.job
- c:\documents and settings\All Users\Application Data\Dimdim\Updater\next.exe [2010-11-11 14:58]
.
2011-10-13 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-10-04 19:31]
.
2011-10-13 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-10-04 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = *.dimdimsecure.com;*.local
uInternet Settings,ProxyServer = localhost:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: gogoinflight.com\airborne
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5FAA5DD4-E418-48F7-A9F0-56FCADE2D4BF}: NameServer = 8.8.8.8,8.8.4.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4xpwxok1.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4c4f6309-4f2f-4c5e-9dbc-6f9ea5f79d85%7D&mid=67b8c3942b4847d1b3aad1566f6dab09-a23f9e1848d0af3528ecad151bc3b4cae7d5cabf&ds=AVG&v=8.0.0.34.1&lang=en&pr=pr&d=2011-10-12%2021%3A31%3A03&sap=ku&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-DriverScanner - c:\program files\Uniblue\DriverScanner\launcher.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
Notify-NavLogon - (no file)
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-AndreaMosaic - c:\windows\iun6002.exe
AddRemove-HaaliMkx - c:\windows\system32\uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL
AddRemove-{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F} - c:\documents and settings\Administrator\Local Settings\Application Data\{964C8871-6315-4FC5-8A47-F4C420428929}\NBCDirectInstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-13 21:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3872458311-3945496405-2667623613-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,ca,a3,ff,9e,d3,0a,40,90,98,37,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,ca,a3,ff,9e,d3,0a,40,90,98,37,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1304)
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll
c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\windows\system32\xenroll.dll
c:\windows\system32\WININET.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll
c:\windows\SbHpNp.DLL
.
- - - - - - - > 'lsass.exe'(1364)
c:\windows\SbHpNp.DLL
.
- - - - - - - > 'explorer.exe'(7808)
c:\windows\system32\WININET.dll
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\coldfusion8\jnbridge\JNBDotNetSide.exe
c:\coldfusion8\db\slserver54\bin\swagent.exe
c:\coldfusion8\db\slserver54\bin\swstrtr.exe
c:\coldfusion8\db\slserver54\bin\swsoc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\AVG\AVG2012\avgui.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-10-13 21:57:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-14 01:57
.
Pre-Run: 15,665,283,072 bytes free
Post-Run: 17,385,988,096 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 77259394D7502CF2B422E3CD1E1EC1E8

#8 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:18 AM

Posted 14 October 2011 - 07:39 AM

Hi-

SafeBoot.sys is part of your HP disk encryption software. It is ok for it to be locked.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Select your Platform: Windows x86 Offline.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java™ 6 Update in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u27-windows-i586.exe to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Next, please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

In your reply, please let me know how your computer is doing now, and copy in the contents of the MBAM report.
Shannon

#9 gogogators

gogogators
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 14 October 2011 - 02:14 PM

I mentioned a few posts ago that the win32.agent.chh was being introduced whenever Norton's liveupdate found an update. I've been running a rather old version of Norton (LiveUpdate keeps the definitions up to date, but the application was from 2008 or 2009), so I decided to uninstall Norton, and install AVG Anti-virus 2012 Pro. Doing this seems to have cleared up the original issue. In addition, when I scanned my PC with AVG it found a bunch of stuff that Norton wasn't finding, and that Spybot and MBAM wasn't finding (both of the latter have been running on my PC for a while now). Along with doing everything you've advised me to do, I've also done the above, as well as scanning my PC with Norton Power Eraser (it found 2 things).

For now, nothing is detecting anything new, but I've come to learn that is probably a false sense of security.

I'm attaching the MBAM log (which doesn't show any problems). If you have any further steps for me to take, please let me know. Thanks again for your help. Its VERY appreciated.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7946

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/14/2011 3:09:18 PM
mbam-log-2011-10-14 (15-09-18).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 446288
Time elapsed: 2 hour(s), 48 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:18 AM

Posted 15 October 2011 - 06:50 AM

Hi-

I think that between us, we did a pretty good job of cleaning up your computer. It is time to clear off the tools that we used and for me to leave you with some words of advice.

First, to re-enable your Emulation drivers, double click Defogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • Defogger might ask to reboot the machine - click OK

Next, please set your system to hide all 'hidden' files.
  • Click Start, open My Computer, select the Tools menu and click Folder Options.
  • Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
  • Check the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.

Next, we will uninstall ComboFix
  • Click on the Start button in your system tray
  • click on Run
  • key in the following in bold type:
    • combofix /Uninstall
  • click on Ok

Then, we should remove the tools we used and we will do that with OTL-
  • Double click on the Posted Image icon on your desktop.
  • Click the "CleanUp" button.
  • Restart your computer when prompted.

Please take the time to read below to secure your machine and take the necessary steps to keep it clean.

One of the most common questions found when cleaning Spyware or other Malware is "how did my machine get infected?". There are a variety of reasons, but the most common ones are that you are going to sites that you are not practicing Safe Internet, you are not running the proper security software, and that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future.

Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a pop up appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop ups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a pop up that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Visit Microsoft's Windows Update Site Frequently

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period. another recommended, and free, AntiSpyware program is Malwarebytes' Anti-Malware (MBAM).

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update your Java runtimes regularly

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Download the latest version here - http://java.sun.com/javase/downloads/index.jsp. You want to select the JRE version.
Follow this list and your potential for being infected again will reduce dramatically.

Good Luck!!

Shannon

#11 gogogators

gogogators
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 15 October 2011 - 08:40 AM

Ok, thanks again for your help. One final question. You directed me to update JRE v6. There is a v7, should I go to v7 or stay at v6 (and why)?

#12 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:18 AM

Posted 15 October 2011 - 11:38 AM

Hi-

I would go with V7. It has been out for a few months now and should have the on-release bugs out of it. I just downloaded/installed it myself.
Shannon

#13 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:18 AM

Posted 19 October 2011 - 08:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users