Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUM.Disabled.SecurityCenter


  • This topic is locked This topic is locked
62 replies to this topic

#1 Scooter75

Scooter75

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 12 December 2011 - 03:50 AM

Automatic Updates keeps turning off. And when I go to the security center, it won't let me turn it on. The only way I seem to be able to turn it on is by editing the registry. And even then it only lasts for a little while before it turns off again. I use Trend Micro for everyday protection and have used SuperAntiSpyware and Malwarebytes to run every once in a while to get some things Trend didn't.
Trend has been picking up some unauthorized registry edit attempts (I think thats what they were).
SuperAntiSpyware picked up the PUM.Disabled.SecurityCenter
Malwarebytes picked up the PUM.Disabled.SecurityCenter and something that hit my i8042prt file, removed it, and wiped out my onboard keyboard and mouse on my laptop. That has been fixed thanks to BleepingComputer :thumbsup: !
Sounds like a lot to fix to me, but one thing at a time I guess. Thanks

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Scott at 1:22:38 on 2011-12-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.297 [GMT -6:00]
.
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {E2CB7513-8162-48A0-AB12-D4C190595B27}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\LTSVC\LTSVC.exe
C:\WINDOWS\LTSvc\LTSvcMon.exe
C:\WINDOWS\system32\lxeacoms.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\LTSvc\LTTray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10v_ActiveX.exe -update activex
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"
mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [OE] "c:\program files\trend micro\client server security agent\tmas_oe\TMAS_OEMon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\networ~1.lnk - c:\windows\ltsvc\LTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: integristech.com\msp
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261073586037
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.68.162 68.87.74.162
TCP: Interfaces\{B1B73122-A522-4E95-8E49-11A849DED3D4} : DhcpNameServer = 68.87.68.162 68.87.74.162
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\scott\application data\mozilla\firefox\profiles\6s6koxwj.default\
FF - component: c:\program files\trend micro\client server security agent\bho\1009\firefoxextension\components\TmFFExt.dll
FF - plugin: c:\documents and settings\scott\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\trend micro\client server security agent\bho\1009\FirefoxExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\scott\application data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 LTService;Integris Tech Monitoring Service;c:\windows\ltsvc\LTSVC.exe [2011-6-13 12390728]
R2 LTSvcMon;Integris Tech Monitoring Service CheckUp Util;c:\windows\ltsvc\LTSvcMon.exe [2011-6-13 98632]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2010-7-24 262416]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-7-24 36624]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-6-13 57424]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2010-9-21 689416]
S1 MpKsl5104259f;MpKsl5104259f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee58d5f0-28dc-4adb-8aae-e606363355ac}\mpksl5104259f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee58d5f0-28dc-4adb-8aae-e606363355ac}\MpKsl5104259f.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-23 135664]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-5-21 193192]
S3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-23 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-5-1 11520]
.
=============== Created Last 30 ================
.
2011-12-01 00:19:22 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-12-01 00:19:22 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-12-01 00:19:07 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-12-01 00:19:07 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-11-27 01:17:46 0 ---ha-w- c:\documents and settings\scott\local settings\application data\BIT8.tmp
2011-11-26 02:28:21 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-26 02:28:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-10 03:37:29 0 ---ha-w- c:\documents and settings\scott\local settings\application data\BIT7.tmp
.
==================== Find3M ====================
.
2011-12-01 02:50:33 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32(3).dll
.
============= FINISH: 1:24:06.78 ===============

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:10 AM

Posted 13 December 2011 - 02:27 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Automatic Updates keeps turning off. And when I go to the security center, it won't let me turn it on. The only way I seem to be able to turn it on is by editing the registry. And even then it only lasts for a little while before it turns off again. I use Trend Micro for everyday protection and have used SuperAntiSpyware and Malwarebytes to run every once in a while to get some things Trend didn't. 

This is the infection on your computer wrecking havoc. I'm going to hold off on providing a fix for this to you until we can get the infections neutralized.

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



NEXT:




Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Edited by SweetTech, 13 December 2011 - 02:28 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Scooter75

Scooter75
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 14 December 2011 - 01:25 AM

Here are the logs you requested :)

23:45:27.0779 0500 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
23:45:28.0311 0500 ============================================================
23:45:28.0311 0500 Current date / time: 2011/12/13 23:45:28.0311
23:45:28.0311 0500 SystemInfo:
23:45:28.0311 0500
23:45:28.0311 0500 OS Version: 5.1.2600 ServicePack: 3.0
23:45:28.0311 0500 Product type: Workstation
23:45:28.0311 0500 ComputerName: SCOTT
23:45:28.0311 0500 UserName: Scott
23:45:28.0311 0500 Windows directory: C:\WINDOWS
23:45:28.0311 0500 System windows directory: C:\WINDOWS
23:45:28.0311 0500 Processor architecture: Intel x86
23:45:28.0311 0500 Number of processors: 1
23:45:28.0311 0500 Page size: 0x1000
23:45:28.0311 0500 Boot type: Normal boot
23:45:28.0311 0500 ============================================================
23:45:39.0686 0500 Initialize success
23:47:05.0998 3804 ============================================================
23:47:05.0998 3804 Scan started
23:47:05.0998 3804 Mode: Manual; SigCheck; TDLFS;
23:47:05.0998 3804 ============================================================
23:47:28.0639 3804 Abiosdsk - ok
23:47:29.0998 3804 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:47:48.0654 3804 abp480n5 - ok
23:47:49.0779 3804 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:47:50.0420 3804 ACPI - ok
23:47:51.0232 3804 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:47:51.0811 3804 ACPIEC - ok
23:47:52.0748 3804 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:47:53.0326 3804 adpu160m - ok
23:47:54.0373 3804 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:47:54.0873 3804 aec - ok
23:47:55.0826 3804 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:47:56.0701 3804 AFD - ok
23:47:57.0982 3804 AFGMp50 - ok
23:47:58.0889 3804 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
23:47:59.0686 3804 AFGSp50 - ok
23:48:00.0373 3804 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:48:01.0420 3804 agp440 - ok
23:48:02.0936 3804 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:48:03.0451 3804 agpCPQ - ok
23:48:04.0326 3804 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:48:04.0686 3804 Aha154x - ok
23:48:05.0795 3804 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:48:06.0482 3804 aic78u2 - ok
23:48:07.0576 3804 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:48:08.0107 3804 aic78xx - ok
23:48:09.0107 3804 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:48:09.0576 3804 AliIde - ok
23:48:10.0436 3804 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:48:10.0982 3804 alim1541 - ok
23:48:12.0029 3804 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:48:12.0592 3804 amdagp - ok
23:48:13.0420 3804 AmdK8 (a2d5f093f9cb160c183c77015704f156) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:48:13.0717 3804 AmdK8 - ok
23:48:14.0779 3804 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
23:48:15.0561 3804 amsint - ok
23:48:16.0357 3804 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:48:16.0748 3804 Arp1394 - ok
23:48:17.0951 3804 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
23:48:18.0654 3804 asc - ok
23:48:19.0529 3804 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:48:19.0764 3804 asc3350p - ok
23:48:20.0373 3804 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:48:20.0639 3804 asc3550 - ok
23:48:21.0498 3804 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:48:22.0248 3804 AsyncMac - ok
23:48:23.0436 3804 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:48:23.0951 3804 atapi - ok
23:48:24.0436 3804 Atdisk - ok
23:48:25.0123 3804 ati2mtag (d5537cc8cc9a86668e3903bd53caa83c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:48:27.0592 3804 ati2mtag - ok
23:48:28.0701 3804 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:48:29.0436 3804 Atmarpc - ok
23:48:30.0404 3804 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:48:30.0920 3804 audstub - ok
23:48:32.0264 3804 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23:48:33.0092 3804 BCM43XX - ok
23:48:33.0732 3804 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:48:34.0217 3804 Beep - ok
23:48:35.0373 3804 CAMCAUD (48612c10c0771600e6c571daca3c582d) C:\WINDOWS\system32\drivers\camc6aud.sys
23:48:35.0717 3804 CAMCAUD - ok
23:48:36.0607 3804 CAMCHALA (35ffaae9af28b27fcf215cecaeea585a) C:\WINDOWS\system32\drivers\camc6hal.sys
23:48:37.0936 3804 CAMCHALA - ok
23:48:38.0826 3804 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:48:39.0451 3804 cbidf - ok
23:48:40.0357 3804 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:48:40.0654 3804 cbidf2k - ok
23:48:41.0404 3804 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:48:41.0748 3804 cd20xrnt - ok
23:48:42.0420 3804 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:48:43.0217 3804 Cdaudio - ok
23:48:44.0123 3804 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:48:44.0607 3804 Cdfs - ok
23:48:45.0873 3804 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:48:46.0717 3804 Cdrom - ok
23:48:47.0264 3804 Changer - ok
23:48:47.0857 3804 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:48:48.0264 3804 CmBatt - ok
23:48:49.0186 3804 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:48:49.0561 3804 CmdIde - ok
23:48:50.0701 3804 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:48:51.0248 3804 Compbatt - ok
23:48:52.0357 3804 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:48:53.0217 3804 Cpqarray - ok
23:48:53.0889 3804 cpuz135 - ok
23:48:55.0186 3804 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:48:55.0732 3804 dac2w2k - ok
23:48:56.0686 3804 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:48:57.0201 3804 dac960nt - ok
23:48:58.0186 3804 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:48:58.0795 3804 Disk - ok
23:49:00.0420 3804 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:49:02.0404 3804 dmboot - ok
23:49:03.0498 3804 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:49:04.0311 3804 dmio - ok
23:49:05.0311 3804 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:49:06.0264 3804 dmload - ok
23:49:07.0561 3804 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:49:08.0154 3804 DMusic - ok
23:49:09.0045 3804 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:49:09.0389 3804 dpti2o - ok
23:49:10.0029 3804 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:49:10.0389 3804 drmkaud - ok
23:49:11.0264 3804 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:49:11.0686 3804 Fastfat - ok
23:49:12.0654 3804 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:49:12.0967 3804 Fdc - ok
23:49:13.0842 3804 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:49:14.0232 3804 Fips - ok
23:49:15.0201 3804 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:49:15.0592 3804 Flpydisk - ok
23:49:16.0139 3804 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:49:16.0498 3804 FltMgr - ok
23:49:17.0107 3804 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:49:17.0482 3804 Fs_Rec - ok
23:49:18.0186 3804 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:49:18.0592 3804 Ftdisk - ok
23:49:19.0092 3804 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:49:19.0326 3804 GEARAspiWDM - ok
23:49:20.0014 3804 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:49:20.0639 3804 Gpc - ok
23:49:21.0342 3804 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:49:21.0732 3804 HidUsb - ok
23:49:22.0889 3804 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
23:49:23.0420 3804 hpn - ok
23:49:24.0420 3804 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:49:25.0139 3804 HTTP - ok
23:49:26.0248 3804 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
23:49:26.0592 3804 i2omgmt - ok
23:49:27.0186 3804 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:49:27.0561 3804 i2omp - ok
23:49:28.0326 3804 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:49:28.0686 3804 i8042prt - ok
23:49:29.0420 3804 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:49:29.0842 3804 Imapi - ok
23:49:30.0920 3804 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:49:31.0436 3804 ini910u - ok
23:49:32.0482 3804 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:49:32.0889 3804 IntelIde - ok
23:49:34.0014 3804 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:49:34.0451 3804 Ip6Fw - ok
23:49:35.0092 3804 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:49:35.0514 3804 IpFilterDriver - ok
23:49:36.0170 3804 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:49:36.0373 3804 IpInIp - ok
23:49:37.0357 3804 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:49:37.0936 3804 IpNat - ok
23:49:38.0529 3804 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:49:39.0482 3804 IPSec - ok
23:49:40.0389 3804 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:49:41.0529 3804 IRENUM - ok
23:49:43.0404 3804 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:49:43.0982 3804 isapnp - ok
23:49:45.0279 3804 ivusb - ok
23:49:46.0670 3804 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:49:47.0232 3804 Kbdclass - ok
23:49:48.0279 3804 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:49:48.0857 3804 kbdhid - ok
23:49:49.0623 3804 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:49:50.0123 3804 kmixer - ok
23:49:50.0982 3804 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:49:51.0420 3804 KSecDD - ok
23:49:52.0342 3804 lbrtfdc - ok
23:49:52.0842 3804 MBAMSwissArmy - ok
23:49:52.0998 3804 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:49:53.0373 3804 mnmdd - ok
23:49:54.0107 3804 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:49:54.0514 3804 Modem - ok
23:49:55.0154 3804 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:49:55.0498 3804 Mouclass - ok
23:49:56.0045 3804 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:49:56.0592 3804 mouhid - ok
23:49:57.0311 3804 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:49:57.0764 3804 MountMgr - ok
23:49:58.0451 3804 MpKsl5104259f - ok
23:49:59.0639 3804 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:50:00.0545 3804 mraid35x - ok
23:50:03.0592 3804 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:50:04.0764 3804 MRxDAV - ok
23:50:05.0779 3804 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:50:07.0951 3804 MRxSmb - ok
23:50:09.0326 3804 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:50:09.0764 3804 Msfs - ok
23:50:11.0014 3804 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:50:11.0592 3804 MSKSSRV - ok
23:50:12.0779 3804 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:50:13.0482 3804 MSPCLOCK - ok
23:50:15.0014 3804 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:50:15.0545 3804 MSPQM - ok
23:50:16.0514 3804 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:50:16.0982 3804 mssmbios - ok
23:50:17.0951 3804 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:50:18.0357 3804 Mup - ok
23:50:19.0389 3804 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
23:50:19.0842 3804 mxnic - ok
23:50:20.0857 3804 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:50:21.0623 3804 NDIS - ok
23:50:22.0311 3804 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:50:22.0701 3804 NdisTapi - ok
23:50:23.0686 3804 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:50:24.0248 3804 Ndisuio - ok
23:50:25.0045 3804 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:50:25.0561 3804 NdisWan - ok
23:50:26.0326 3804 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:50:26.0732 3804 NDProxy - ok
23:50:27.0748 3804 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:50:28.0014 3804 NetBIOS - ok
23:50:28.0795 3804 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:50:29.0467 3804 NetBT - ok
23:50:29.0857 3804 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:50:30.0217 3804 NIC1394 - ok
23:50:30.0764 3804 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:50:31.0404 3804 Npfs - ok
23:50:32.0732 3804 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:50:33.0607 3804 Ntfs - ok
23:50:34.0498 3804 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:50:35.0264 3804 Null - ok
23:50:38.0154 3804 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:50:42.0264 3804 nv - ok
23:50:42.0982 3804 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:50:43.0389 3804 NwlnkFlt - ok
23:50:44.0154 3804 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:50:44.0436 3804 NwlnkFwd - ok
23:50:45.0170 3804 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:50:45.0607 3804 ohci1394 - ok
23:50:46.0232 3804 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
23:50:46.0482 3804 P3 - ok
23:50:46.0982 3804 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:50:47.0357 3804 Parport - ok
23:50:47.0842 3804 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:50:48.0248 3804 PartMgr - ok
23:50:49.0029 3804 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:50:49.0295 3804 ParVdm - ok
23:50:50.0123 3804 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:50:50.0545 3804 PCI - ok
23:50:51.0092 3804 PCIDump - ok
23:50:51.0842 3804 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:50:52.0389 3804 PCIIde - ok
23:50:53.0029 3804 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:50:53.0420 3804 Pcmcia - ok
23:50:54.0248 3804 PDCOMP - ok
23:50:55.0139 3804 PDFRAME - ok
23:50:56.0311 3804 PDRELI - ok
23:50:56.0857 3804 PDRFRAME - ok
23:50:57.0342 3804 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
23:50:57.0936 3804 perc2 - ok
23:50:58.0982 3804 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:50:59.0482 3804 perc2hib - ok
23:51:00.0545 3804 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:51:01.0389 3804 PptpMiniport - ok
23:51:02.0482 3804 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
23:51:02.0779 3804 Processor - ok
23:51:03.0998 3804 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:51:04.0404 3804 PSched - ok
23:51:05.0420 3804 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:51:05.0842 3804 Ptilink - ok
23:51:07.0170 3804 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:51:07.0764 3804 ql1080 - ok
23:51:08.0342 3804 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:51:09.0061 3804 Ql10wnt - ok
23:51:10.0186 3804 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:51:10.0561 3804 ql12160 - ok
23:51:11.0670 3804 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:51:12.0326 3804 ql1240 - ok
23:51:13.0139 3804 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:51:13.0654 3804 ql1280 - ok
23:51:14.0607 3804 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:51:15.0014 3804 RasAcd - ok
23:51:16.0029 3804 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:51:16.0514 3804 Rasl2tp - ok
23:51:17.0076 3804 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:51:17.0467 3804 RasPppoe - ok
23:51:18.0264 3804 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:51:18.0592 3804 Raspti - ok
23:51:19.0342 3804 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:51:20.0014 3804 Rdbss - ok
23:51:20.0701 3804 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:51:21.0170 3804 RDPCDD - ok
23:51:22.0436 3804 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:51:23.0451 3804 rdpdr - ok
23:51:24.0607 3804 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:51:25.0232 3804 RDPWD - ok
23:51:26.0592 3804 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:51:27.0311 3804 redbook - ok
23:51:28.0248 3804 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
23:51:28.0936 3804 RimUsb - ok
23:51:30.0123 3804 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
23:51:30.0436 3804 RimVSerPort - ok
23:51:32.0717 3804 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
23:51:33.0592 3804 ROOTMODEM - ok
23:51:34.0467 3804 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:51:34.0764 3804 SASDIFSV - ok
23:51:35.0373 3804 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:51:35.0764 3804 SASKUTIL - ok
23:51:36.0982 3804 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:51:37.0357 3804 Secdrv - ok
23:51:38.0279 3804 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:51:38.0748 3804 serenum - ok
23:51:39.0529 3804 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:51:39.0936 3804 Serial - ok
23:51:40.0826 3804 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:51:41.0107 3804 Sfloppy - ok
23:51:41.0576 3804 Simbad - ok
23:51:42.0186 3804 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:51:42.0498 3804 sisagp - ok
23:51:43.0248 3804 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:51:43.0529 3804 Sparrow - ok
23:51:44.0326 3804 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:51:44.0545 3804 splitter - ok
23:51:45.0482 3804 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:51:45.0842 3804 sr - ok
23:51:47.0092 3804 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:51:47.0420 3804 Srv - ok
23:51:48.0248 3804 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:51:48.0607 3804 swenum - ok
23:51:49.0357 3804 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:51:49.0920 3804 swmidi - ok
23:51:50.0561 3804 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
23:51:50.0857 3804 symc810 - ok
23:51:51.0623 3804 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:51:51.0920 3804 symc8xx - ok
23:51:52.0686 3804 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:51:53.0076 3804 sym_hi - ok
23:51:54.0420 3804 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:51:54.0842 3804 sym_u3 - ok
23:51:55.0545 3804 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:51:55.0904 3804 sysaudio - ok
23:51:56.0561 3804 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:51:56.0936 3804 Tcpip - ok
23:51:57.0951 3804 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:51:58.0326 3804 TDPIPE - ok
23:51:59.0248 3804 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:52:00.0217 3804 TDTCP - ok
23:52:00.0936 3804 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:52:01.0420 3804 TermDD - ok
23:52:02.0186 3804 tmactmon (0868d7c7a793987dc9a1e3a3b6904466) C:\WINDOWS\system32\drivers\tmactmon.sys
23:52:02.0295 3804 tmactmon - ok
23:52:02.0920 3804 tmcomm (c4ddce6124bf6a711ab14d8153eac61d) C:\WINDOWS\system32\drivers\tmcomm.sys
23:52:03.0139 3804 tmcomm - ok
23:52:03.0889 3804 tmevtmgr (63660bb99905a6d78024467b3ec022a1) C:\WINDOWS\system32\drivers\tmevtmgr.sys
23:52:03.0998 3804 tmevtmgr - ok
23:52:05.0076 3804 TmFilter (717e406972bbc07f8fb2a989416cab73) C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys
23:52:05.0482 3804 TmFilter - ok
23:52:05.0889 3804 TmPreFilter (379c4f99994a56b66e11d1e32bb22a1c) C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys
23:52:06.0014 3804 TmPreFilter - ok
23:52:06.0654 3804 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
23:52:06.0857 3804 tmtdi - ok
23:52:07.0514 3804 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
23:52:07.0795 3804 TosIde - ok
23:52:08.0357 3804 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:52:08.0811 3804 Udfs - ok
23:52:09.0373 3804 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
23:52:09.0654 3804 ultra - ok
23:52:10.0389 3804 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:52:11.0576 3804 Update - ok
23:52:13.0373 3804 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:52:13.0701 3804 USBAAPL - ok
23:52:14.0357 3804 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:52:14.0764 3804 usbccgp - ok
23:52:15.0436 3804 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:52:15.0889 3804 usbehci - ok
23:52:16.0686 3804 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:52:17.0092 3804 usbhub - ok
23:52:17.0842 3804 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:52:18.0295 3804 usbohci - ok
23:52:19.0139 3804 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:52:19.0545 3804 usbprint - ok
23:52:21.0107 3804 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:52:21.0561 3804 usbscan - ok
23:52:22.0279 3804 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:52:22.0748 3804 USBSTOR - ok
23:52:23.0264 3804 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:52:23.0498 3804 usbuhci - ok
23:52:24.0217 3804 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:52:24.0686 3804 VgaSave - ok
23:52:25.0342 3804 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:52:25.0904 3804 viaagp - ok
23:52:26.0561 3804 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:52:26.0904 3804 ViaIde - ok
23:52:27.0498 3804 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:52:28.0201 3804 VolSnap - ok
23:52:29.0654 3804 VSApiNt (642eb152cb980ad9181b2161066be629) C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys
23:52:33.0451 3804 VSApiNt - ok
23:52:34.0045 3804 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:52:34.0467 3804 Wanarp - ok
23:52:35.0107 3804 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
23:52:35.0420 3804 WDC_SAM - ok
23:52:36.0248 3804 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
23:52:37.0107 3804 Wdf01000 - ok
23:52:37.0436 3804 WDICA - ok
23:52:39.0061 3804 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:52:39.0514 3804 wdmaud - ok
23:52:40.0607 3804 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:52:41.0061 3804 WudfPf - ok
23:52:42.0045 3804 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:52:42.0342 3804 WudfRd - ok
23:52:43.0467 3804 yukonwxp (e279c4e1287751dffa0a1f3ec4097491) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
23:52:44.0123 3804 yukonwxp - ok
23:52:44.0170 3804 MBR (0x1B8) (531fc014d164cd37522434edd791ec31) \Device\Harddisk0\DR0
23:53:13.0107 3804 \Device\Harddisk0\DR0 - ok
23:53:13.0186 3804 Boot (0x1200) (ee7598571e9b5c53f18016ce5cccc8d4) \Device\Harddisk0\DR0\Partition0
23:53:13.0357 3804 \Device\Harddisk0\DR0\Partition0 - ok
23:53:13.0357 3804 ============================================================
23:53:13.0357 3804 Scan finished
23:53:13.0357 3804 ============================================================
23:53:13.0482 0712 Detected object count: 0
23:53:13.0482 0712 Actual detected object count: 0




OTL logfile created on: 12/14/2011 12:03:32 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 322.67 Mb Available Physical Memory | 31.57% Memory free
2.40 Gb Paging File | 1.42 Gb Available in Paging File | 59.35% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.45 Gb Total Space | 48.99 Gb Free Space | 55.38% Space Free | Partition Type: NTFS

Computer Name: SCOTT | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/14 00:01:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
PRC - [2011/12/13 23:44:23 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Scott\Desktop\tdsskiller.exe
PRC - [2011/12/13 23:25:13 | 001,274,696 | ---- | M] (LabTech Software) -- C:\WINDOWS\LTSvc\LTTray.exe
PRC - [2011/11/29 22:41:36 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/11/26 21:35:45 | 000,098,632 | ---- | M] (LabTech Software) -- C:\WINDOWS\LTSvc\LTSvcMon.exe
PRC - [2011/10/26 08:26:02 | 012,390,728 | ---- | M] (LabTech Software) -- C:\WINDOWS\LTSvc\LTSVC.exe
PRC - [2011/08/22 22:33:44 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/03/09 10:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/03/09 10:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 10:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 10:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2011/02/24 20:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/24 20:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 20:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/01/23 19:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
PRC - [2011/01/23 19:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2010/07/29 01:40:28 | 000,959,824 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2010/07/28 23:19:24 | 001,358,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2010/07/28 23:13:46 | 001,316,176 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2010/07/05 09:51:30 | 000,345,424 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/04/16 14:48:06 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
PRC - [2010/04/14 14:45:21 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeacoms.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/07/15 16:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/13 23:28:18 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/12/13 23:28:17 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/10/16 11:57:59 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/10/16 11:57:58 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/16 11:57:38 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/16 11:57:38 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
MOD - [2011/10/16 11:57:29 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/16 11:57:21 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/10/16 11:57:19 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
MOD - [2011/10/16 11:57:18 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MOD - [2011/10/16 11:57:17 | 000,015,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll
MOD - [2011/10/16 11:57:13 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/16 11:56:51 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll
MOD - [2011/10/16 11:54:57 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/16 11:54:51 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/16 11:54:24 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/16 11:53:21 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/10/16 11:50:23 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/16 11:49:38 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/16 11:46:24 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/10/16 11:46:22 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/16 11:46:15 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/16 11:46:13 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/10/16 11:45:54 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/10/16 11:45:53 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/16 11:45:50 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/10/16 11:45:46 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/16 11:45:35 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/10/16 11:45:09 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/08/17 01:47:23 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/17 01:47:20 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/09 10:29:38 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2011/03/09 10:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2011/03/09 10:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2011/02/24 20:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/02/24 19:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/02/15 12:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 12:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 12:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 12:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 11:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2011/01/28 02:00:00 | 003,668,992 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2011/01/23 19:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
MOD - [2011/01/23 19:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2010/07/05 09:51:30 | 000,345,424 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
MOD - [2010/04/05 04:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2010/04/05 04:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epstring.dll
MOD - [2010/04/05 04:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010/04/05 04:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizard.dll
MOD - [2010/04/05 04:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\customui.dll
MOD - [2010/04/05 04:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epfunct.dll
MOD - [2010/04/05 04:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\eputil.dll
MOD - [2010/04/05 04:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\imagutil.dll
MOD - [2010/04/01 11:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 11:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2010/02/21 17:45:46 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/02/21 17:45:44 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/02/21 17:45:44 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2010/02/21 17:45:43 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/02/21 17:45:39 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/02/21 17:45:39 | 000,023,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2010/02/21 17:45:39 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/02/21 17:45:39 | 000,012,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2010/02/21 17:45:38 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/02/21 17:45:38 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/02/21 17:45:38 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/02/21 17:45:38 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/02/21 17:45:37 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/04 07:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxeadrpp.dll
MOD - [2009/05/27 06:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeadatr.dll
MOD - [2009/04/07 13:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/09 23:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 08:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/20 02:48:43 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\LXEAsmr.dll
MOD - [2009/02/20 02:48:03 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\LXEAsm.dll
MOD - [2008/05/21 20:28:17 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Printable Web\resource.dll
MOD - [2008/05/21 20:28:12 | 000,180,224 | ---- | M] () -- C:\Program Files\Lexmark Printable Web\bho.dll
MOD - [2008/04/14 05:42:04 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/10/12 16:28:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/26 21:35:45 | 000,098,632 | ---- | M] (LabTech Software) [Auto | Running] -- C:\WINDOWS\LTSvc\LTSvcMon.exe -- (LTSvcMon)
SRV - [2011/10/26 08:26:02 | 012,390,728 | ---- | M] (LabTech Software) [Auto | Running] -- C:\WINDOWS\LTSVC\LTSVC.exe -- (LTService)
SRV - [2011/08/22 22:33:44 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/03/09 10:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 10:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 10:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2011/02/24 20:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/07/28 23:19:24 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2010/07/28 23:13:46 | 001,316,176 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2010/07/05 09:51:30 | 000,345,424 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/04/14 14:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxeacoms.exe -- (lxea_device)
SRV - [2010/04/14 14:45:14 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/07/15 16:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)


========== Driver Services (SafeList) ==========

DRV - [2011/08/17 01:42:11 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/17 01:42:11 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/12 09:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmxpflt.sys -- (TmFilter)
DRV - [2011/07/12 09:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 09:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\vsapint.sys -- (VSApiNt)
DRV - [2011/02/16 15:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2011/02/15 12:17:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/08/20 13:53:00 | 000,177,232 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/08/20 13:53:00 | 000,067,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/08/20 13:53:00 | 000,057,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/07/15 16:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2006/10/12 16:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/06/28 22:01:58 | 001,241,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/06 15:47:06 | 000,352,000 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/06/06 15:46:16 | 000,038,144 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/30 08:24:00 | 000,230,400 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/11 16:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001/08/17 07:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-3910105853-2765510345-4218497802-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3910105853-2765510345-4218497802-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3910105853-2765510345-4218497802-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3910105853-2765510345-4218497802-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3910105853-2765510345-4218497802-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:5.8.0.1092
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Scott\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Scott\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2011/06/13 13:36:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/30 23:47:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/30 23:47:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Scott\Application Data\Move Networks [2010/02/13 15:45:56 | 000,000,000 | ---D | M]

[2010/11/04 18:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Extensions
[2010/11/24 22:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\6s6koxwj.default\extensions
[2010/11/10 19:29:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\6s6koxwj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/04 17:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/13 15:45:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\SCOTT\APPLICATION DATA\MOVE NETWORKS
[2010/07/22 01:06:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/13 13:36:20 | 000,000,000 | ---D | M] (Trend Micro NSC Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\CLIENT SERVER SECURITY AGENT\BHO\1009\FIREFOXEXTENSION

Hosts file not found
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
O4 - HKLM..\Run: [OE] C:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\S-1-5-21-3910105853-2765510345-4218497802-1006..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - HKU\S-1-5-21-3910105853-2765510345-4218497802-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Network Monitoring Tray.lnk = C:\WINDOWS\LTSvc\LTTray.exe (LabTech Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3910105853-2765510345-4218497802-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3910105853-2765510345-4218497802-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: integristech.com ([msp] * in Trusted sites)
O15 - HKU\S-1-5-21-3910105853-2765510345-4218497802-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261073586037 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.162 68.87.74.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1B73122-A522-4E95-8E49-11A849DED3D4}: DhcpNameServer = 68.87.68.162 68.87.74.162
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 12:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1d7413a0-8edc-11df-8830-0014a547041b}\Shell - "" = AutoRun
O33 - MountPoints2\{1d7413a0-8edc-11df-8830-0014a547041b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1d7413a0-8edc-11df-8830-0014a547041b}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{1d7413a4-8edc-11df-8830-0014a547041b}\Shell - "" = AutoRun
O33 - MountPoints2\{1d7413a4-8edc-11df-8830-0014a547041b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1d7413a4-8edc-11df-8830-0014a547041b}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{40028f91-1b1f-11df-8786-0014a547041b}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe
O33 - MountPoints2\{94b31906-1b91-11e0-88f9-0014a547041b}\Shell - "" = AutoRun
O33 - MountPoints2\{94b31906-1b91-11e0-88f9-0014a547041b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{94b31906-1b91-11e0-88f9-0014a547041b}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{9f52d294-1dd0-11df-878a-0014a547041b}\Shell - "" = AutoRun
O33 - MountPoints2\{9f52d294-1dd0-11df-878a-0014a547041b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f52d294-1dd0-11df-878a-0014a547041b}\Shell\AutoRun\command - "" = I:\Windows\Setup.exe
O33 - MountPoints2\{c61c17ec-f257-11de-875b-0014a547041b}\Shell - "" = AutoRun
O33 - MountPoints2\{c61c17ec-f257-11de-875b-0014a547041b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c61c17ec-f257-11de-875b-0014a547041b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{e52abbcf-0967-11df-8770-0014a547041b}\Shell - "" = AutoRun
O33 - MountPoints2\{e52abbcf-0967-11df-8770-0014a547041b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e52abbcf-0967-11df-8770-0014a547041b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/14 00:01:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2011/12/13 23:44:22 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Scott\Desktop\tdsskiller.exe
[2011/12/12 04:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Desktop\Computer Diagnostic Tools
[2011/12/08 01:22:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Scott\Start Menu\Programs\Administrative Tools
[2011/11/30 19:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Desktop\GETxPUD
[2011/11/30 18:19:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/11/30 18:19:07 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2011/11/29 22:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/26 20:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/25 19:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Belkin
[2011/11/23 20:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/23 20:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/21 00:06:43 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoin.dll
[2011/05/21 00:04:53 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEAhcp.dll
[2011/05/21 00:04:52 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeainpa.dll
[2011/05/21 00:04:52 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaiesc.dll
[2011/05/21 00:04:51 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaserv.dll
[2011/05/21 00:04:51 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeausb1.dll
[2011/05/21 00:04:50 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeapmui.dll
[2011/05/21 00:04:50 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxealmpm.dll
[2011/05/21 00:04:49 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaih.exe
[2011/05/21 00:04:48 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeahbn3.dll
[2011/05/21 00:04:47 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoms.exe
[2011/05/21 00:04:46 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomc.dll
[2011/05/21 00:04:46 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomm.dll
[2011/05/21 00:04:45 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacfg.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Scott\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Scott\Local Settings\Application Data\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/14 00:01:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2011/12/13 23:44:23 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Scott\Desktop\tdsskiller.exe
[2011/12/13 23:29:05 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/13 23:27:28 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2011/12/13 23:25:42 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/13 23:25:02 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/13 23:25:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/13 23:24:58 | 1071,824,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/12 04:37:04 | 000,200,192 | ---- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/08 01:13:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Scott\defogger_reenable
[2011/11/30 20:50:33 | 000,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2011/11/29 23:37:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/26 20:44:55 | 000,001,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/26 19:17:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{62750D86-79A2-40BE-8B9C-CB2D7B437B87}
[2011/11/25 11:44:04 | 000,447,410 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/25 11:44:03 | 000,072,628 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/23 12:50:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/16 18:25:28 | 000,001,829 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Scott\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Scott\Local Settings\Application Data\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/08 01:13:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\defogger_reenable
[2011/11/26 20:44:55 | 000,001,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/26 19:17:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{62750D86-79A2-40BE-8B9C-CB2D7B437B87}
[2011/11/09 21:37:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{C896197B-1832-45D3-869B-9025FEA6FA12}
[2011/10/24 16:08:42 | 000,879,672 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/13 13:24:35 | 000,177,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/06/13 13:24:35 | 000,067,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2011/06/13 13:24:35 | 000,057,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2011/06/12 00:44:29 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18079524
[2011/05/21 00:06:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxeavs.dll
[2011/05/21 00:06:29 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxeagcfg.dll
[2011/05/21 00:06:27 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeacui.dll
[2011/05/21 00:06:27 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeacuir.dll
[2011/05/21 00:05:08 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxearwrd.ini
[2011/05/21 00:04:54 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEAinst.dll
[2011/05/21 00:04:49 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxeains.dll
[2011/05/21 00:04:49 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxeainsb.dll
[2011/05/21 00:04:49 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxeainsr.dll
[2011/05/21 00:04:49 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxeajswr.dll
[2011/05/21 00:04:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxeagrd.dll
[2011/05/21 00:04:47 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeacu.dll
[2011/05/21 00:04:47 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeacub.dll
[2011/05/21 00:04:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeacur.dll
[2011/03/20 08:54:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/14 00:06:45 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/14 00:06:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/02/14 00:06:39 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/14 00:06:39 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/14 00:06:38 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/13 23:07:33 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEAsmr.dll
[2011/02/13 23:07:32 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEAsm.dll
[2010/11/04 18:00:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/13 18:46:39 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/16 11:19:30 | 000,200,192 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/01 17:03:00 | 000,019,772 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/29 21:53:38 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/12/28 16:02:09 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\FASTWiz.html
[2009/12/19 18:35:08 | 000,000,070 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/12/19 18:35:08 | 000,000,022 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/12/17 12:51:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/17 12:12:15 | 000,014,638 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/12/16 16:26:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/12/16 16:26:36 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/12/16 16:26:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/12/16 14:39:52 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2009/12/16 14:34:46 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/12/16 14:34:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/12/16 14:34:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/12/16 14:34:13 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/12/16 14:34:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/12/16 14:33:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/12/16 14:32:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/12/16 14:32:57 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/12/16 14:30:42 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/12/16 14:29:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/06/10 15:59:16 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/27 04:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 03:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 12:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 12:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 10:12:43 | 000,000,465 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 10:12:43 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 10:12:10 | 000,447,410 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 10:12:10 | 000,072,628 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 04:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 04:54:01 | 000,142,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >




OTL Extras logfile created on: 12/14/2011 12:03:32 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 322.67 Mb Available Physical Memory | 31.57% Memory free
2.40 Gb Paging File | 1.42 Gb Available in Paging File | 59.35% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.45 Gb Total Space | 48.99 Gb Free Space | 55.38% Space Free | Partition Type: NTFS

Computer Name: SCOTT | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"42000:UDP" = 42000:UDP:LocalSubNet:Enabled:allowagent
"42001:UDP" = 42001:UDP:LocalSubNet:Enabled:allowagent
"42002:UDP" = 42002:UDP:LocalSubNet:Enabled:allowagent
"42003:UDP" = 42003:UDP:LocalSubNet:Enabled:allowagent
"4999:TCP" = 4999:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4998:TCP" = 4998:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4997:TCP" = 4997:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"42004:UDP" = 42004:UDP:LocalSubNet:Enabled:allowagent
"162:UDP" = 162:UDP:LocalSubNet:Enabled:allowagent
"4996:TCP" = 4996:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"27959:TCP" = 27959:TCP:*:Enabled:Trend Micro Client/Server Security Agent Listener

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe" = C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe:*:Enabled:SlingPlayer -- (Sling Media Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\WINDOWS\system32\lxeacoms.exe" = C:\WINDOWS\system32\lxeacoms.exe:*:Enabled:S300-S400 Series Server -- ( )
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
"C:\WINDOWS\LTsvc\LTSVC.exe" = C:\WINDOWS\LTsvc\LTSVC.exe:*:Enabled:AgentService -- (LabTech Software)
"C:\WINDOWS\LTsvc\LTSVCmon.exe" = C:\WINDOWS\LTsvc\LTSVCmon.exe:*:Enabled:AgentMonitor -- (LabTech Software)
"C:\WINDOWS\LTsvc\LTTray.exe" = C:\WINDOWS\LTsvc\LTTray.exe:*:Enabled:AgentTray -- (LabTech Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{10D331D2-A17B-47BF-BFA7-3F316736EC06}" = WD Software Upgrader
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359C6ED0-EAA2-012B-ACF9-000000000000}" = TurboTax 2009 wariper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{42C950AF-FE8C-479D-98F0-FD15D6BBE47B}" = TouchCopy 09
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}" = BlackBerry Device Software Updater
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90E00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{DBD63176-CA6A-4E3B-8D09-8D0592F869EF}" = Socrates Media Product Browser
"{E371C150-A9F1-49CE-ACC1-51AEFD01C1D4}_is1" = Turbo Tax Audit Support Center 3.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"CNXT_AUDIO" = Conexant AC-Link Audio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.9.0 (Full)
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfficeScanNT" = Trend Micro Client/Server Security Agent
"TurboTax 2009" = TurboTax 2009
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebSlingPlayer ActiveX" = WebSlingPlayer ActiveX
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zuma's Revenge!" = Zuma's Revenge!

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3910105853-2765510345-4218497802-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/18/2011 1:48:30 AM | Computer Name = SCOTT | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.4, faulting module
jaucheck.exe, version 2.0.2.4, fault address 0x0000c940.

Error - 11/22/2011 4:38:28 PM | Computer Name = SCOTT | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/22/2011 4:39:43 PM | Computer Name = SCOTT | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/22/2011 4:41:23 PM | Computer Name = SCOTT | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/23/2011 4:16:54 PM | Computer Name = SCOTT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 11/23/2011 4:22:04 PM | Computer Name = SCOTT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17103, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/24/2011 11:44:59 AM | Computer Name = SCOTT | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.4, faulting module
jaucheck.exe, version 2.0.2.4, fault address 0x0000c940.

Error - 11/25/2011 11:10:00 PM | Computer Name = SCOTT | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.4, faulting module
jaucheck.exe, version 2.0.2.4, fault address 0x0000c940.

Error - 12/2/2011 1:48:41 AM | Computer Name = SCOTT | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.4, faulting module
jaucheck.exe, version 2.0.2.4, fault address 0x0000c940.

Error - 12/14/2011 1:31:38 AM | Computer Name = SCOTT | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.4, faulting module
jaucheck.exe, version 2.0.2.4, fault address 0x0000c940.

[ System Events ]
Error - 12/7/2011 1:21:10 AM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 12/7/2011 1:21:55 AM | Computer Name = SCOTT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.130 for the Network Card with network
address 0014A547041B has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/7/2011 11:15:01 PM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService
service to connect.

Error - 12/7/2011 11:15:01 PM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 12/12/2011 1:55:21 AM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService
service to connect.

Error - 12/12/2011 1:55:21 AM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 12/14/2011 1:25:09 AM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService
service to connect.

Error - 12/14/2011 1:25:09 AM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 12/14/2011 1:36:17 AM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Trend Micro Client/Server
Security Agent Proxy Service service to connect.

Error - 12/14/2011 1:36:17 AM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7000
Description = The Trend Micro Client/Server Security Agent Proxy Service service
failed to start due to the following error: %%1053


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:10 AM

Posted 15 December 2011 - 01:07 AM

Hi!

Thanks for posting the logs! I can see some things that require our attention in your log files.

We'll be addressing those items shortly.

Did you happen to open these ports?

"42000:UDP" = 42000:UDP:LocalSubNet:Enabled:allowagent
"42001:UDP" = 42001:UDP:LocalSubNet:Enabled:allowagent
"42002:UDP" = 42002:UDP:LocalSubNet:Enabled:allowagent
"42003:UDP" = 42003:UDP:LocalSubNet:Enabled:allowagent
"4999:TCP" = 4999:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4998:TCP" = 4998:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4997:TCP" = 4997:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"42004:UDP" = 42004:UDP:LocalSubNet:Enabled:allowagent
"162:UDP" = 162:UDP:LocalSubNet:Enabled:allowagent
"4996:TCP" = 4996:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O4 - HKU\S-1-5-21-3910105853-2765510345-4218497802-1006..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
    O33 - MountPoints2\{1d7413a0-8edc-11df-8830-0014a547041b}\Shell - "" = AutoRun
    O33 - MountPoints2\{1d7413a0-8edc-11df-8830-0014a547041b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1d7413a0-8edc-11df-8830-0014a547041b}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{1d7413a4-8edc-11df-8830-0014a547041b}\Shell - "" = AutoRun
    O33 - MountPoints2\{1d7413a4-8edc-11df-8830-0014a547041b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1d7413a4-8edc-11df-8830-0014a547041b}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{40028f91-1b1f-11df-8786-0014a547041b}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe
    O33 - MountPoints2\{94b31906-1b91-11e0-88f9-0014a547041b}\Shell - "" = AutoRun
    O33 - MountPoints2\{94b31906-1b91-11e0-88f9-0014a547041b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{94b31906-1b91-11e0-88f9-0014a547041b}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{9f52d294-1dd0-11df-878a-0014a547041b}\Shell - "" = AutoRun
    O33 - MountPoints2\{9f52d294-1dd0-11df-878a-0014a547041b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9f52d294-1dd0-11df-878a-0014a547041b}\Shell\AutoRun\command - "" = I:\Windows\Setup.exe
    O33 - MountPoints2\{c61c17ec-f257-11de-875b-0014a547041b}\Shell - "" = AutoRun
    O33 - MountPoints2\{c61c17ec-f257-11de-875b-0014a547041b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c61c17ec-f257-11de-875b-0014a547041b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
    O33 - MountPoints2\{e52abbcf-0967-11df-8770-0014a547041b}\Shell - "" = AutoRun
    O33 - MountPoints2\{e52abbcf-0967-11df-8770-0014a547041b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e52abbcf-0967-11df-8770-0014a547041b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    [2011/11/26 19:17:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{62750D86-79A2-40BE-8B9C-CB2D7B437B87}
    [2011/11/26 19:17:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{62750D86-79A2-40BE-8B9C-CB2D7B437B87}
    [2011/11/09 21:37:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{C896197B-1832-45D3-869B-9025FEA6FA12}
    [2011/06/12 00:44:29 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18079524
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Scooter75

Scooter75
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 15 December 2011 - 01:28 AM

I am not sure about opening the ports. I may have inadvertantly open them or something. I know that I don't remember opening them on purpose. Maybe during an installation fo a program or something?

Also, during one of the scans you toldme to run, my TREND picked up some things that it blocked. I have received these warnings before (at random it seems) and it always denies the operation. I have the behavior monitoring log if you would like me to post.

Should I go ahead and continue with the OTL fix and the ComboFix?

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:10 AM

Posted 15 December 2011 - 02:38 AM

Hi!

I am not sure about opening the ports. I may have inadvertantly open them or something. I know that I don't remember opening them on purpose. Maybe during an installation fo a program or something?

Okay, I'll probably close those ports then.

Also, during one of the scans you toldme to run, my TREND picked up some things that it blocked. I have received these warnings before (at random it seems) and it always denies the operation. I have the behavior monitoring log if you would like me to post.

Yes, please post the log file.

Should I go ahead and continue with the OTL fix and the ComboFix?

Yes, please run those now.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Scooter75

Scooter75
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 15 December 2011 - 03:45 AM

When I started running the OTL fix, a window popped up and stated

"Cannot create file C:\WINDOWS\System32\drivers\etc\Hosts."

I didn't do anything for a long time and the status display on the bottom appears to be frozen on resetting hosts files? Or something like that. After a while I closed the popped up window and nothing has changed so far. How long should it take to run this program? I am going to bed now and will leave it overnight. Maybe some progress will happen by tomorrow morning.

Thanks
Scott

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:10 AM

Posted 15 December 2011 - 04:56 AM

Hi Scott!

That sometimes happens when I try and fix an issue with a users host file.

Please run this script instead:

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O4 - HKU\S-1-5-21-3910105853-2765510345-4218497802-1006..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
    O33 - MountPoints2\{1d7413a0-8edc-11df-8830-0014a547041b}\Shell - "" = AutoRun
    O33 - MountPoints2\{1d7413a0-8edc-11df-8830-0014a547041b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1d7413a0-8edc-11df-8830-0014a547041b}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{1d7413a4-8edc-11df-8830-0014a547041b}\Shell - "" = AutoRun
    O33 - MountPoints2\{1d7413a4-8edc-11df-8830-0014a547041b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1d7413a4-8edc-11df-8830-0014a547041b}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{40028f91-1b1f-11df-8786-0014a547041b}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe
    O33 - MountPoints2\{94b31906-1b91-11e0-88f9-0014a547041b}\Shell - "" = AutoRun
    O33 - MountPoints2\{94b31906-1b91-11e0-88f9-0014a547041b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{94b31906-1b91-11e0-88f9-0014a547041b}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{9f52d294-1dd0-11df-878a-0014a547041b}\Shell - "" = AutoRun
    O33 - MountPoints2\{9f52d294-1dd0-11df-878a-0014a547041b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9f52d294-1dd0-11df-878a-0014a547041b}\Shell\AutoRun\command - "" = I:\Windows\Setup.exe
    O33 - MountPoints2\{c61c17ec-f257-11de-875b-0014a547041b}\Shell - "" = AutoRun
    O33 - MountPoints2\{c61c17ec-f257-11de-875b-0014a547041b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c61c17ec-f257-11de-875b-0014a547041b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
    O33 - MountPoints2\{e52abbcf-0967-11df-8770-0014a547041b}\Shell - "" = AutoRun
    O33 - MountPoints2\{e52abbcf-0967-11df-8770-0014a547041b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e52abbcf-0967-11df-8770-0014a547041b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    [2011/11/26 19:17:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{62750D86-79A2-40BE-8B9C-CB2D7B437B87}
    [2011/11/26 19:17:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{62750D86-79A2-40BE-8B9C-CB2D7B437B87}
    [2011/11/09 21:37:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{C896197B-1832-45D3-869B-9025FEA6FA12}
    [2011/06/12 00:44:29 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18079524
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [CreateRestorePoint]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Scooter75

Scooter75
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 15 December 2011 - 11:09 PM

Here are the logs you requested.


========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3910105853-2765510345-4218497802-1006\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d7413a0-8edc-11df-8830-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d7413a0-8edc-11df-8830-0014a547041b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d7413a0-8edc-11df-8830-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d7413a0-8edc-11df-8830-0014a547041b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d7413a0-8edc-11df-8830-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d7413a0-8edc-11df-8830-0014a547041b}\ not found.
File "E:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d7413a4-8edc-11df-8830-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d7413a4-8edc-11df-8830-0014a547041b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d7413a4-8edc-11df-8830-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d7413a4-8edc-11df-8830-0014a547041b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d7413a4-8edc-11df-8830-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d7413a4-8edc-11df-8830-0014a547041b}\ not found.
File "E:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40028f91-1b1f-11df-8786-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40028f91-1b1f-11df-8786-0014a547041b}\ not found.
File E:\wd_windows_tools\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b31906-1b91-11e0-88f9-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b31906-1b91-11e0-88f9-0014a547041b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b31906-1b91-11e0-88f9-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b31906-1b91-11e0-88f9-0014a547041b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b31906-1b91-11e0-88f9-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b31906-1b91-11e0-88f9-0014a547041b}\ not found.
File "E:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f52d294-1dd0-11df-878a-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f52d294-1dd0-11df-878a-0014a547041b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f52d294-1dd0-11df-878a-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f52d294-1dd0-11df-878a-0014a547041b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f52d294-1dd0-11df-878a-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f52d294-1dd0-11df-878a-0014a547041b}\ not found.
File I:\Windows\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c61c17ec-f257-11de-875b-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c61c17ec-f257-11de-875b-0014a547041b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c61c17ec-f257-11de-875b-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c61c17ec-f257-11de-875b-0014a547041b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c61c17ec-f257-11de-875b-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c61c17ec-f257-11de-875b-0014a547041b}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e52abbcf-0967-11df-8770-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e52abbcf-0967-11df-8770-0014a547041b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e52abbcf-0967-11df-8770-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e52abbcf-0967-11df-8770-0014a547041b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e52abbcf-0967-11df-8770-0014a547041b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e52abbcf-0967-11df-8770-0014a547041b}\ not found.
File G:\LaunchU3.exe -a not found.
File C:\Documents and Settings\Scott\Local Settings\Application Data\{62750D86-79A2-40BE-8B9C-CB2D7B437B87} not found.
File C:\Documents and Settings\Scott\Local Settings\Application Data\{62750D86-79A2-40BE-8B9C-CB2D7B437B87} not found.
File C:\Documents and Settings\Scott\Local Settings\Application Data\{C896197B-1832-45D3-869B-9025FEA6FA12} not found.
File C:\Documents and Settings\All Users\Application Data\18079524 not found.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?
C:\Documents and Settings\Scott\Desktop\Computer Diagnostic Tools\cmd.bat deleted successfully.
C:\Documents and Settings\Scott\Desktop\Computer Diagnostic Tools\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Scott\Desktop\Computer Diagnostic Tools\cmd.bat deleted successfully.
C:\Documents and Settings\Scott\Desktop\Computer Diagnostic Tools\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 2836 bytes

User: Administrator.SCOTT
->Flash cache emptied: 41620 bytes

User: All Users

User: Default User
->Flash cache emptied: 41620 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 7532 bytes

User: Scott
->Flash cache emptied: 2207098 bytes

Total Flash Files Cleaned = 2.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12152011_174558

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





ComboFix 11-12-15.02 - Scott 12/15/2011 18:32:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.593 [GMT -6:00]
Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Outdated* {E2CB7513-8162-48A0-AB12-D4C190595B27}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.SCOTT\WINDOWS
c:\documents and settings\All Users\Application Data\_r_a_p_.tmp
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Scott\WINDOWS
c:\windows\$NtUninstallKB191$
c:\windows\$NtUninstallKB191$\3347892019\@
c:\windows\$NtUninstallKB191$\3347892019\bckfg.tmp
c:\windows\$NtUninstallKB191$\3347892019\cfg.ini
c:\windows\$NtUninstallKB191$\3347892019\Desktop.ini
c:\windows\$NtUninstallKB191$\3347892019\keywords
c:\windows\$NtUninstallKB191$\3347892019\kwrd.dll
c:\windows\$NtUninstallKB191$\3347892019\L\iopiovam
c:\windows\$NtUninstallKB191$\3347892019\lsflt7.ver
c:\windows\$NtUninstallKB191$\3347892019\U\00000001.@
c:\windows\$NtUninstallKB191$\3347892019\U\00000002.@
c:\windows\$NtUninstallKB191$\3347892019\U\00000004.@
c:\windows\$NtUninstallKB191$\3347892019\U\80000000.@
c:\windows\$NtUninstallKB191$\3347892019\U\80000004.@
c:\windows\$NtUninstallKB191$\3347892019\U\80000032.@
c:\windows\$NtUninstallKB191$\3992623479
c:\windows\system32\_004085_.tmp.dll
c:\windows\system32\_004086_.tmp.dll
c:\windows\system32\_004108_.tmp.dll
c:\windows\system32\_004109_.tmp.dll
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-15 07:47 . 2011-12-15 07:47 -------- d-----w- C:\_OTL
2011-12-01 00:19 . 2008-04-14 11:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-12-01 00:19 . 2008-04-14 11:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-12-01 00:19 . 2008-04-14 06:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-12-01 00:19 . 2008-04-14 06:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-11-27 01:17 . 2011-11-27 01:17 0 ---ha-w- c:\documents and settings\Scott\Local Settings\Application Data\BIT8.tmp
2011-11-26 02:28 . 2011-11-26 02:28 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 02:50 . 2009-12-16 20:31 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-10 03:37 . 2011-11-10 03:37 0 ---ha-w- c:\documents and settings\Scott\Local Settings\Application Data\BIT7.tmp
2011-09-26 16:41 . 2009-12-16 20:34 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2009-12-16 20:34 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-15 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2011-01-24 148280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-07-29 959824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2011-11-29 1274696]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-17 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\WINDOWS\\system32\\lxeacoms.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\LTsvc\\LTSVC.exe"=
"c:\\WINDOWS\\LTsvc\\LTSVCmon.exe"=
"c:\\WINDOWS\\LTsvc\\LTTray.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4999:TCP"= 4999:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4998:TCP"= 4998:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4997:TCP"= 4997:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4996:TCP"= 4996:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"27959:TCP"= 27959:TCP:Trend Micro Client/Server Security Agent Listener
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 12:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 11:48 AM 116608]
R2 LTService;Integris Tech Monitoring Service;c:\windows\LTSvc\LTSVC.exe [6/13/2011 1:39 PM 12390728]
R2 LTSvcMon;Integris Tech Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [6/13/2011 1:42 PM 98632]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\tmxpflt.sys [7/24/2010 5:57 PM 262416]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [7/24/2010 5:57 PM 36624]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 10:07 AM 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [3/9/2011 10:18 AM 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 10:16 AM 484352]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [6/13/2011 1:24 PM 57424]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [9/21/2010 7:59 PM 689416]
S1 MpKsl5104259f;MpKsl5104259f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE58D5F0-28DC-4ADB-8AAE-E606363355AC}\MpKsl5104259f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE58D5F0-28DC-4ADB-8AAE-E606363355AC}\MpKsl5104259f.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2009 11:16 AM 135664]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [5/21/2011 12:06 AM 193192]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2009 11:16 AM 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/1/2011 1:44 PM 11520]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 17:16]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 17:16]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: integristech.com\msp
TCP: DhcpNameServer = 68.87.68.162 68.87.74.162
FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\6s6koxwj.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Scott\Application Data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-15 21:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxeacoms.exe
c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-12-15 21:46:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-16 03:45
.
Pre-Run: 52,624,994,304 bytes free
Post-Run: 55,866,445,824 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E8B98470B53DA1F037DB0B62677BF31B

My computer seems to be running alright.
Scott

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:10 AM

Posted 16 December 2011 - 02:40 AM

Good Evening Scott!

We will be performing a couple of fixes in this post.

But first, I need to warn you of the following:

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Back-Up Registry
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:

regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.


NEXT:



ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
Folder::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4999:TCP"=-
"4998:TCP"=-
"4997:TCP"=-
"4996:TCP"=-
Driver::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



My computer seems to be running alright.

Could you please elaborate on this a bit more?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Scooter75

Scooter75
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 16 December 2011 - 06:11 AM

ComboFix 11-12-16.01 - Scott 12/16/2011 4:22.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.469 [GMT -6:00]
Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Scott\Desktop\CFScript.txt
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Outdated* {E2CB7513-8162-48A0-AB12-D4C190595B27}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 10:07 . 2011-12-16 10:08 94150212 ----a-w- C:\registrybackup.reg
2011-12-15 07:47 . 2011-12-15 07:47 -------- d-----w- C:\_OTL
2011-12-01 00:19 . 2008-04-14 11:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-12-01 00:19 . 2008-04-14 11:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-12-01 00:19 . 2008-04-14 06:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-12-01 00:19 . 2008-04-14 06:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-11-27 01:17 . 2011-11-27 01:17 0 ---ha-w- c:\documents and settings\Scott\Local Settings\Application Data\BIT8.tmp
2011-11-26 02:28 . 2011-11-26 02:28 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 02:50 . 2009-12-16 20:31 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-10 03:37 . 2011-11-10 03:37 0 ---ha-w- c:\documents and settings\Scott\Local Settings\Application Data\BIT7.tmp
2011-09-26 16:41 . 2009-12-16 20:34 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2009-12-16 20:34 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-16_03.35.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-16 10:24 . 2011-12-16 10:24 16384 c:\windows\Temp\Perflib_Perfdata_7f4.dat
+ 2011-12-16 10:31 . 2011-12-16 10:31 16384 c:\windows\Temp\Perflib_Perfdata_6d0.dat
+ 2011-10-12 11:08 . 2011-12-16 10:31 69136 c:\windows\LTSvc\screenhooks.dll
- 2011-10-12 11:08 . 2011-12-16 00:52 69136 c:\windows\LTSvc\screenhooks.dll
- 2011-11-27 03:34 . 2011-12-16 00:52 42560 c:\windows\LTSvc\SCHook.dll
+ 2011-11-27 03:34 . 2011-12-16 10:31 42560 c:\windows\LTSvc\SCHook.dll
- 2011-10-12 11:08 . 2011-12-16 00:52 14648 c:\windows\LTSvc\sas.dll
+ 2011-10-12 11:08 . 2011-12-16 10:31 14648 c:\windows\LTSvc\sas.dll
- 2011-07-15 21:52 . 2011-12-16 00:52 32256 c:\windows\LTSvc\Interfaces.dll
+ 2011-07-15 21:52 . 2011-12-16 10:31 32256 c:\windows\LTSvc\Interfaces.dll
+ 2011-10-12 11:08 . 2011-12-16 10:31 421704 c:\windows\LTSvc\wodVPN.dll
- 2011-10-12 11:08 . 2011-12-16 00:52 421704 c:\windows\LTSvc\wodVPN.dll
- 2011-08-23 04:37 . 2011-12-16 00:52 107008 c:\windows\LTSvc\vnchooks.dll
+ 2011-08-23 04:37 . 2011-12-16 10:31 107008 c:\windows\LTSvc\vnchooks.dll
+ 2011-11-27 03:34 . 2011-12-16 10:31 819200 c:\windows\LTSvc\tvnserver.exe
- 2011-11-27 03:34 . 2011-12-16 00:52 819200 c:\windows\LTSvc\tvnserver.exe
+ 2011-12-16 10:31 . 2011-12-16 10:31 218624 c:\windows\LTSvc\LSR.exe
- 2011-12-16 00:52 . 2011-12-16 00:52 218624 c:\windows\LTSvc\LSR.exe
+ 2011-10-12 11:08 . 2011-12-16 10:31 980808 c:\windows\LTSvc\labvnc.exe
- 2011-10-12 11:08 . 2011-12-16 00:52 980808 c:\windows\LTSvc\labvnc.exe
+ 2011-06-13 19:41 . 2011-12-16 10:31 112192 c:\windows\LTSvc\cad.exe
- 2011-06-13 19:41 . 2011-12-16 00:52 112192 c:\windows\LTSvc\cad.exe
+ 2011-11-30 04:31 . 2011-12-16 10:31 1274696 c:\windows\LTSvc\LTTray.exe
- 2011-11-30 04:31 . 2011-12-16 00:52 1274696 c:\windows\LTSvc\LTTray.exe
- 2011-10-12 11:08 . 2011-12-16 00:52 1448960 c:\windows\LTSvc\cpuidsdk.dll
+ 2011-10-12 11:08 . 2011-12-16 10:31 1448960 c:\windows\LTSvc\cpuidsdk.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-15 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2011-01-24 148280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-07-29 959824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2011-11-29 1274696]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-17 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\WINDOWS\\system32\\lxeacoms.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\LTsvc\\LTSVC.exe"=
"c:\\WINDOWS\\LTsvc\\LTSVCmon.exe"=
"c:\\WINDOWS\\LTsvc\\LTTray.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27959:TCP"= 27959:TCP:Trend Micro Client/Server Security Agent Listener
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 12:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 11:48 AM 116608]
R2 LTService;Integris Tech Monitoring Service;c:\windows\LTSvc\LTSVC.exe [6/13/2011 1:39 PM 12390728]
R2 LTSvcMon;Integris Tech Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [6/13/2011 1:42 PM 98632]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\tmxpflt.sys [7/24/2010 5:57 PM 262416]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [7/24/2010 5:57 PM 36624]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 10:07 AM 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [3/9/2011 10:18 AM 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 10:16 AM 484352]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [6/13/2011 1:24 PM 57424]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [9/21/2010 7:59 PM 689416]
S1 MpKsl5104259f;MpKsl5104259f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE58D5F0-28DC-4ADB-8AAE-E606363355AC}\MpKsl5104259f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE58D5F0-28DC-4ADB-8AAE-E606363355AC}\MpKsl5104259f.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2009 11:16 AM 135664]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [5/21/2011 12:06 AM 193192]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2009 11:16 AM 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/1/2011 1:44 PM 11520]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 17:16]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 17:16]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: integristech.com\msp
TCP: DhcpNameServer = 68.87.68.162 68.87.74.162
FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\6s6koxwj.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Scott\Application Data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-16 04:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2348)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxeacoms.exe
c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-12-16 04:49:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-16 10:49
.
Pre-Run: 55,795,847,168 bytes free
Post-Run: 55,787,409,408 bytes free
.
- - End Of File - - ACE9BAB07E533BE4643F27158556D24D

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:10 AM

Posted 17 December 2011 - 02:29 AM

Hi Scott!

Your logs are looking better.

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please visit the following link here for information on how you can reset your Windows Updates components.

Link: http://support.microsoft.com/kb/971058

This should take care of the issue with not being able to keep the Automatic Update setting on and to prevent it from shutting off on you again.

Edited by SweetTech, 17 December 2011 - 02:31 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 Scooter75

Scooter75
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 18 December 2011 - 12:16 AM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8389

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/17/2011 8:38:02 PM
mbam-log-2011-12-17 (20-38-02).txt

Scan type: Quick scan
Objects scanned: 188427
Time elapsed: 10 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP36\A0003978.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP38\A0004036.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP38\A0004078.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP39\A0004154.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP39\A0005078.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0005132.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0005403.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0006403.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0006682.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0007682.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0007842.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0007879.sys a variant of Win32/Rootkit.Kryptik.FJ trojan





Results of screen317's Security Check version 0.99.28
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Trend Micro Client/Server Security Agent
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 21
Java version out of date!
Adobe Flash Player ( 10.1.102.64) Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox ((3.6.12)) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Trend Micro Client Server Security Agent Misc xpupg.exe
Trend Micro Client Server Security Agent pccntupd.exe
``````````End of Log````````````





As of this morning Trend was still blocking something from writing to my registries. Not sure if its related or not.

#14 Scooter75

Scooter75
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 18 December 2011 - 02:52 AM

I followed the instructions on that microsoft website link you gave me. It didn't fix my Automatic Update problem.

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:10 AM

Posted 18 December 2011 - 03:56 AM

Hi!

These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP36\A0003978.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP38\A0004036.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP38\A0004078.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP39\A0004154.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP39\A0005078.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0005132.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0005403.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0006403.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0006682.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0007682.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0007842.sys a variant of Win32/Rootkit.Kryptik.FJ trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP40\A0007879.sys a variant of Win32/Rootkit.Kryptik.FJ trojan


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

You have an outdated version of Internet Explorer installed. I suggest you update it to the latest version which is currently 9.

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586-s.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Update FireFox
You're currently using an outdated version of Firefox. The latest version of Firefox is 8.0.1.

You can get the latest version of Firefox by accessing the Posted Image menu in Firefox and then selecting Posted Image.

Please make sure that you Posted Image again after updating to the latest version to make sure that you have in fact received the latest version.



NEXT:



Please do the following:

Back-Up Registry
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:

regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
    "NoAutoUpdate"=dword:00000000
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users