Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection type


  • This topic is locked This topic is locked
24 replies to this topic

#1 TheGear

TheGear

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 24 December 2011 - 06:13 PM

This system is running Windows 7 with current updates. It's on the same network as my wife's system, and it seems to have become infected at about the same time (although I naturally suspect her as the infection vector :-) Initial symptom was inability to run task manager and extreme sluggishness.

I tried to follow the Preparation Guide but was thwarted by a balky system. When I ran DDS on this system, I got a few hash marks then the system froze to the point of not handling mouse interrupts. In safe mode, DDS got to 54 hash marks and stopped, but the mouse would still move. Hence my diags below were made with OTL, per a recommendation from quietman7 at bleeping computer. I was unable to get the firewall enabled due to "insufficient authority." As the sole user, I have set my login to be standard and have admin passworded. So I just disconnected the network cable.

Please note that the last several times I ran OTL, I never got an Extras.txt output. So I've attached an Extras that is about 24 hours older than the OTL.txt file. I'll be glad to re-run it if you have a suggestion that would produce an Extras file.

I have a GMER run that I'm not submitting because it wasn't in quietman7's instructions.

Thanks for your help!
Bill in SoFla
(system name: Archimedes)

OTL.txt follows -----------------------------------------------------------------
OTL logfile created on: 12/24/2011 2:22:23 PM - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = F:\

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 51.04% Memory free

4.00 Gb Paging File | 2.75 Gb Available in Paging File | 68.86% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 43.47 Gb Total Space | 3.94 Gb Free Space | 9.06% Space Free | Partition Type: NTFS

Drive D: | 7.45 Gb Total Space | 0.60 Gb Free Space | 8.06% Space Free | Partition Type: FAT32

Drive F: | 3.68 Gb Total Space | 3.68 Gb Free Space | 99.86% Space Free | Partition Type: FAT32



Computer Name: ARCHIMEDES | User Name: Root | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days



========== Processes (SafeList) ==========



PRC - F:\OTL.exe (OldTimer Tools)

PRC - C:\Users\Bill\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()

PRC - C:\Users\Bill\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

PRC - C:\Program Files\Office Depot PC Support Agent\esService.exe (Support.com, Inc.)

PRC - C:\Program Files\Office Depot PC Support Agent\escont.exe (Support.com, Inc.)

PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe (Memeo)

PRC - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)

PRC - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Axentra Corporation)

PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe (Memeo Inc.)

PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)

PRC - C:\Program Files\Memeo\AutoBackup\InstantBackup.exe ()

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

PRC - C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe (Livescribe)

PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

PRC - C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)

PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)





========== Modules (No Company Name) ==========



MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()

MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Users\Bill\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll ()

MOD - C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll ()

MOD - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll ()

MOD - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll ()

MOD - C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll ()

MOD - C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll ()

MOD - C:\Program Files\Memeo\AutoBackup\InstantBackup.exe ()

MOD - C:\Program Files\Evernote\Evernote\libtidy.dll ()

MOD - C:\Program Files\Evernote\Evernote\libxml2.dll ()

MOD - C:\Program Files\Evernote\Evernote\libpcre.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Program Files\Memeo\AutoBackup\sqlite3.dll ()





========== Win32 Services (SafeList) ==========



SRV - (OPDHWZGB) -- File not found

SRV - (ED) -- File not found

SRV - (Office Depot PC Support Agent) -- C:\Program Files\Office Depot PC Support Agent\esService.exe (Support.com, Inc.)

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)

SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)

SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)

SRV - (PenCommService) -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe (Livescribe)

SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)





========== Driver Services (SafeList) ==========



DRV - (MpKsl3d12911c) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A22BFEB0-BEB1-450D-8DB3-8C8BB0571F4E}\MpKsl3d12911c.sys (Microsoft Corporation)

DRV - (MpKsl2987c5b3) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A22BFEB0-BEB1-450D-8DB3-8C8BB0571F4E}\MpKsl2987c5b3.sys ()

DRV - (FNETTHJM_152D) -- C:\Windows\System32\drivers\fnetthjm_152D.sys (FNet Co., Ltd.)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)

DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (PulseUsb) -- C:\Windows\System32\drivers\PulseUsb.sys (Windows ® Win 7 DDK provider)

DRV - (PalmUSBD) -- C:\Windows\System32\drivers\PalmUSBD.sys (PalmSource, Inc.)

DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)

DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (mr97310c) -- C:\Windows\System32\drivers\mr97310c.sys (Mars Semiconductor Corp.)

DRV - (JL2004A) -- C:\Windows\System32\drivers\pv_wdm.sys (Windows ® 2000 DDK provider)

DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)

DRV - (Fdusb2J) -- C:\Windows\System32\drivers\Fdusb2J.sys (FUJITSU LIMITED)

DRV - (CAMCHALA) -- C:\Windows\System32\drivers\camc6hal.sys (Conexant Systems Inc.)

DRV - (CAMCAUD) -- C:\Windows\System32\drivers\camc6aud.sys (Conexant Systems Inc.)

DRV - (ICDSX) Sony IC Recorder (SX) -- C:\Windows\System32\drivers\ICDSX.sys (Sony Corporation)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========







IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0







IE - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 21 69 48 38 E6 CB 01 [binary data]

IE - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1051419098-113979859-3048037255-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Musicnotes\npsibelius.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/06 02:29:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/27 14:54:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/27 14:54:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/13 18:49:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins



[2011/12/14 09:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/27 08:33:08 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011/12/14 09:16:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/03/26 08:32:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/12/13 20:37:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2011/09/30 19:45:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/12/13 20:36:16 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/09/03 14:55:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml



O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)

O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1051419098-113979859-3048037255-1001..\Run: [googletalk] C:\Users\Bill\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)

O4 - HKU\S-1-5-21-1051419098-113979859-3048037255-1001..\Run: [SansaDispatch] C:\Users\Bill\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)

O4 - HKU\S-1-5-21-1051419098-113979859-3048037255-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-1051419098-113979859-3048037255-1001..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1051419098-113979859-3048037255-1006..\RunOnce: [RealRhapsody3Reboot] C:\Program Files\Rhapsody\rhapsody.exe (Rhapsody International Inc.)

O4 - Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk = File not found

O4 - Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Palm Registration.lnk = C:\Program Files\Palm\register.exe (Palm/Leader Technologies)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)

O15 - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)

O15 - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)

O15 - HKU\S-1-5-21-1051419098-113979859-3048037255-1001\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)

O15 - HKU\S-1-5-21-1051419098-113979859-3048037255-1006\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)

O15 - HKU\S-1-5-21-1051419098-113979859-3048037255-1006\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA858EE-F3DA-4A1C-9E1B-51C880F2D697}: DhcpNameServer = 172.16.2.1 192.168.1.254 8.8.8.8 8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA858EE-F3DA-4A1C-9E1B-51C880F2D697}: NameServer = 192.168.1.254,68.94.156.1

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*



========== Files/Folders - Created Within 30 Days ==========



[2011/12/22 22:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011/12/22 22:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/12/22 22:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/12/22 08:01:15 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Roaming\HpUpdate

[2011/12/20 18:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos

[2011/12/16 11:09:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun

[2011/12/14 09:27:43 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3

[2011/12/14 09:15:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/12/14 09:15:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/12/14 09:15:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/12/14 03:01:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/12/14 03:01:46 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011/12/14 03:01:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/12/14 03:01:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011/12/14 03:01:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011/12/14 03:01:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011/12/14 02:16:03 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/12/14 02:15:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2011/12/14 02:15:36 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2011/12/14 02:15:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2011/12/14 02:15:31 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011/12/14 02:15:30 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011/12/13 22:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/12/13 19:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn

[2011/12/03 10:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\BatchPDFMerger

[2011/12/03 10:34:10 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Roaming\Adobe

[2011/12/03 10:34:10 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Local\Adobe

[2011/12/03 09:36:20 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Roaming\Google

[2011/12/03 09:36:18 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Local\Google

[2011/11/26 18:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real

[2011/11/26 17:39:11 | 000,000,000 | ---D | C] -- C:\Users\Root\AppData\Roaming\Real

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



========== Files - Modified Within 30 Days ==========



[2011/12/24 14:08:13 | 000,022,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/24 14:08:13 | 000,022,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/24 14:03:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/24 14:00:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/12/24 07:59:15 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1051419098-113979859-3048037255-1001Core.job

[2011/12/24 07:58:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/24 07:45:10 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1051419098-113979859-3048037255-1001UA.job

[2011/12/24 00:03:42 | 000,000,000 | ---- | M] () -- C:\Users\Root\defogger_reenable

[2011/12/23 11:34:12 | 000,346,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/12/22 22:21:54 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/12/22 22:10:05 | 000,002,503 | ---- | M] () -- C:\Users\Root\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2011/12/22 22:10:04 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2011/12/22 22:08:51 | 000,001,768 | ---- | M] () -- C:\Windows\System32\mapisvc.inf

[2011/12/21 18:16:39 | 000,635,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/12/21 18:16:39 | 000,111,548 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/12/13 20:36:12 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/12/13 20:36:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/12/13 20:36:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/12/13 20:36:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2011/12/13 19:44:14 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2011/12/13 18:49:53 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk

[2011/12/09 12:47:27 | 005,875,200 | ---- | M] () -- C:\Windows\System32\pdftk.exe

[2011/12/09 12:47:27 | 000,978,432 | ---- | M] (GNU <www.gnu.org>) -- C:\Windows\System32\libiconv2.dll

[2011/12/09 02:12:22 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk

[2011/12/03 18:39:36 | 000,000,931 | ---- | M] () -- C:\Users\Root\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk

[2011/12/03 18:39:36 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Rhapsody.lnk

[2011/12/03 09:35:20 | 000,001,407 | ---- | M] () -- C:\Users\Root\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



========== Files Created - No Company Name ==========



[2011/12/24 00:03:42 | 000,000,000 | ---- | C] () -- C:\Users\Root\defogger_reenable

[2011/12/22 22:21:54 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/12/22 22:10:05 | 000,002,503 | ---- | C] () -- C:\Users\Root\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2011/12/13 19:44:14 | 000,001,811 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2011/12/13 18:49:53 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk

[2011/12/03 09:35:20 | 000,001,407 | ---- | C] () -- C:\Users\Root\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/11/26 19:04:41 | 000,000,931 | ---- | C] () -- C:\Users\Root\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk

[2011/11/26 19:04:41 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk

[2011/11/08 13:56:25 | 000,007,629 | ---- | C] () -- C:\Users\Root\AppData\Local\Resmon.ResmonCfg

[2011/10/16 23:05:18 | 000,003,440 | ---- | C] () -- C:\Windows\System32\drivers\JL2004A_PhotoViewer_Tools.sys

[2011/10/05 10:21:59 | 000,084,784 | ---- | C] () -- C:\Windows\fciv.exe

[2011/08/24 22:56:21 | 000,018,884 | ---- | C] () -- C:\Windows\HPSETUP.INI

[2011/08/09 21:17:24 | 000,073,110 | ---- | C] () -- C:\Windows\hpqins16.dat

[2011/08/06 02:28:18 | 000,023,124 | ---- | C] () -- C:\Windows\hpqins15.dat

[2011/08/05 16:53:46 | 000,207,289 | ---- | C] () -- C:\Windows\hpwins28.dat

[2011/08/05 14:30:55 | 000,000,206 | ---- | C] () -- C:\Windows\Readiris.ini

[2011/01/27 08:36:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/12/21 10:55:41 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll

[2010/12/21 10:55:41 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll

[2010/12/21 10:55:41 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe

[2010/12/21 10:55:40 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll

[2010/12/21 10:55:40 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll

[2010/11/06 09:46:25 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI

[2010/10/28 14:44:50 | 005,875,200 | ---- | C] () -- C:\Windows\System32\pdftk.exe

[2010/10/05 10:25:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2010/07/20 11:57:01 | 000,000,092 | ---- | C] () -- C:\Windows\TraceSrv.ini

[2010/07/07 13:26:26 | 000,835,584 | ---- | C] () -- C:\Windows\tls7912d.dll

[2010/07/07 13:26:26 | 000,040,960 | ---- | C] () -- C:\Windows\uninstallrq.exe

[2010/07/04 00:45:46 | 005,927,424 | ---- | C] () -- C:\Windows\System32\Drs732.dll

[2010/05/15 21:12:32 | 000,004,528 | ---- | C] () -- C:\Windows\System32\SETBROWS.EXE

[2010/05/15 17:53:48 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

[2010/05/04 13:30:29 | 000,000,604 | -H-- | C] () -- C:\ProgramData\T2

[2010/05/04 13:30:29 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier

[2010/03/13 15:16:22 | 000,124,264 | ---- | C] () -- C:\Windows\System32\mp3dec.dll

[2010/03/13 15:16:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dsp_trc.dll

[2010/03/13 15:16:22 | 000,010,600 | ---- | C] () -- C:\Windows\System32\IcdSptSvps.dll

[2010/02/27 23:32:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009/08/18 02:18:40 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat

[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 23:33:53 | 000,346,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/13 21:05:48 | 000,635,046 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009/07/13 21:05:48 | 000,111,548 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/06/26 16:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2008/12/01 20:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2008/12/01 20:08:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2008/10/30 14:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2004/01/13 18:46:34 | 000,172,032 | ---- | C] () -- C:\Windows\System32\tifmicon.dll



< End of report >

Extras.txt ----------------------------------------------------------------------

OTL Extras logfile created on: 12/23/2011 4:05:03 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = F:\

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.21% Memory free

4.00 Gb Paging File | 3.55 Gb Available in Paging File | 88.70% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 43.47 Gb Total Space | 3.91 Gb Free Space | 8.99% Space Free | Partition Type: NTFS

Drive D: | 7.45 Gb Total Space | 0.60 Gb Free Space | 8.06% Space Free | Partition Type: FAT32

Drive F: | 3.68 Gb Total Space | 3.68 Gb Free Space | 99.96% Space Free | Partition Type: FAT32



Computer Name: ARCHIMEDES | User Name: Root | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days



========== Extra Registry (SafeList) ==========





========== File Associations ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)



========== Shell Spawning ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)



========== Security Center Settings ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0



========== Firewall Settings ==========



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1



========== Authorized Applications List ==========





========== HKEY_LOCAL_MACHINE Uninstall List ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp

"{050BAE16-CCDD-4BA0-96A1-E2C6E1EAF113}" = Readiris Pro 12 for IRIScan Anywhere 2

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)

"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27

"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2BDBD1DE-2959-407F-BBC2-C9B2828CEDF2}" = HPSSupply

"{2c557f98-ef74-4a1e-a856-9df2f633b41f}" = Sophos confic-a Cleanup Tool

"{2D8A6B2A-236D-498E-9E0C-FEE06A330166}" = Livescribe Desktop Vision Objects Elements

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1

"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3763D09F-65C6-41B4-BA69-48AFC85D305C}" = Quest PowerGUIŽ 3.1

"{3763D09F-65C6-41B4-BA69-48AFC85D305C}_Qs" = Quest PowerGUIŽ 3.1

"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights

"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{41DB5F38-B7CB-4B66-AEA9-07058D4FBABA}" = Livescribe Desktop Documentation

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax

"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources

"{479F8C12-576B-4A58-AB78-4B70F7012AA8}" = DIRECTV2PC Playback Advisor

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{5154ABB1-E14A-4343-8ECB-038CC0E06DF0}" = Livescribe Smartpen Driver

"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{59A43E1E-96F6-41B1-8BFB-2154F38F9883}" = IRIScan Anywhere 2

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz

"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)

"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam

"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10

"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express

"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7529F48C-E388-3F33-B6D9-9589650E3C06}" = Strawberry Perl

"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)

"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{88704942-56A8-4EEC-A121-77687677DEE5}" = Microsoft WorldWide Telescope

"{88F92798-59AB-474F-B40D-1EC5F782F7EE}" = Ulead VideoStudio 9.0

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup

"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel

"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr

"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10

"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9583E990-868C-4BE3-98FE-D48043C844BF}" = Cardiris Pro 5

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10

"{9A9478F6-FC52-4618-B4B8-9105BB168DF6}" = Alternate Transfer 5010

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9B4E2E01-D726-414F-947D-8CE4EC074EB6}" = HP Scanjet G3110

"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A75BC59B-10BF-6B87-DCC7-3501F158ACC6}" = Times Reader

"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA8BED0D-2A37-4738-8CCC-1E9FB6A09368}" = IRIScan Anywhere 2 Control Panel

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}" = Palm

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network

"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation

"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes

"{BA1E2E21-F556-499E-8EBF-50CCEFBB87FA}" = Livescribe Desktop

"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)

"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10

"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10

"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

"{E5364E6E-3070-43F3-B9D6-9958A0A7F519}" = hpg3110

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{EB807EB6-5179-48B7-98D4-7B4934A57A81}" = Documents To Go

"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0EB3969-C007-4ABE-9245-990C5E021A8F}_is1" = Sibelius Sounds Essentials for Sibelius 6

"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{F630C9AE-A4B8-4AC3-AB3D-B981AC6F7306}" = Livescribe Desktop Print Your Own Paper

"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.1

"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10

"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21

"33CF9043AEABC922A586BFE1F989AE9522CE493B" = Windows Driver Package - Livescribe (PulseUsb) DigitalPen (08/03/2010 2.2.6.0)

"7-Zip" = 7-Zip 9.22beta

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adolix Split and Merge PDF_is1" = Adolix Split and Merge PDF v2.1

"ATT-PRT22" = ATT-PRT22

"Audacity_is1" = Audacity 1.2.6

"Belarc Advisor" = Belarc Advisor 8.1

"CameraUserGuide-PSELPH300HS_IXUS220HS" = Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide

"CameraWindowDC8" = Canon Utilities CameraWindow DC 8

"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader

"Conexant PCI Audio" = Conexant AC-Link Audio

"Cool Timer_is1" = Cool Timer 3.6

"Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 3.1

"GPL Ghostscript 8.56" = GPL Ghostscript 8.56

"GPL Ghostscript Fonts" = GPL Ghostscript Fonts

"Handbrake" = Handbrake 0.9.4

"HP Document Manager" = HP Document Manager 2.0

"HP Download Manager" = HP Download Manager

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"ImgBurn" = ImgBurn

"IndeoŽ software" = IndeoŽ software

"InstallShield_{479F8C12-576B-4A58-AB78-4B70F7012AA8}" = DIRECTV2PC Playback Advisor

"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.

"Juice" = Juice 2.2

"LAME for Audacity_is1" = LAME v3.98.2 for Audacity

"LivescribeDesktop" = Livescribe Desktop

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"Microsoft Security Client" = Microsoft Security Essentials

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube

"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)

"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)

"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3

"MyCamera" = Canon Utilities MyCamera

"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin

"Native Instruments Kontakt Player Sibelius" = Native Instruments Kontakt Player Sibelius

"Native Instruments Sibelius Player" = Native Instruments Sibelius Player

"Neuratron PhotoScore Ultimate" = Neuratron PhotoScore Ultimate

"Office Depot PC Support Agent" = Office Depot PC Support Agent

"Photo Viewer_is1" = Uninstall Photo Viewer

"PhotoStitch" = Canon Utilities PhotoStitch

"Picasa 3" = Picasa 3

"Realterm" = Realterm 2.0.0.57

"Revo Uninstaller" = Revo Uninstaller 1.93

"Rhapsody" = Rhapsody

"SD Contest Logger_is1" = SD V15.17

"Shop for HP Supplies" = Shop for HP Supplies

"Sibelius 4" = Sibelius 4

"Sibelius 6_is1" = Sibelius 6.2.0.88

"SMSERIAL" = Motorola SM56 Speakerphone Modem

"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide

"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20

"Textbook Edition" = Textbook Edition

"TomTom HOME" = TomTom HOME 2.8.2.2264

"TrustedQSL_is1" = TrustedQSL 1.13

"Ulead COOL 3D 3.0" = Ulead COOL 3D 3.0

"Veetle TV" = Veetle TV 0.9.17

"Verbatim Turbo USB 2.0_is1" = Verbatim Turbo USB 2.0

"Vim 7.3" = Vim 7.3 (self-installing)

"WhoCrashed_is1" = WhoCrashed 3.02

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinLiveSuite" = Windows Live Essentials

"WinMorse 2" = WinMorse 2

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility



========== HKEY_USERS Uninstall List ==========



[HKEY_USERS\S-1-5-21-1051419098-113979859-3048037255-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"b2da08ade6771b0e" = LizardTech GeoViewer

"CNET TechTracker" = CNET TechTracker

"Google Chrome" = Google Chrome

"LastPass" = LastPass (uninstall only)

"Sansa Updater" = Sansa Updater

"WinDirStat" = WinDirStat 1.1.2



========== Last 10 Event Log Errors ==========



Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!



< End of report >

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:53 PM

Posted 27 December 2011 - 09:46 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 TheGear

TheGear
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 28 December 2011 - 10:35 AM

We're not off to an auspicious start. ComboFix successfully set a restore point, then displayed the text about "ten minutes, but may easily double." After that, no phase completion messages were displayed, but after about 75 minutes the screen went dark. System is still powered up but does not respond to inputs such as ctrl-alt-del.

B

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:53 PM

Posted 28 December 2011 - 01:49 PM

Hello



Restart the computer and if combofix does not start on its own then try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 TheGear

TheGear
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 28 December 2011 - 04:20 PM

When I ran ComboFix in safe mode, it appeared to hang the same way as it did in standard mode, so I looked away for a few minutes. When I looked at the system again, it was caught in a loop where it was trying to boot, finding some sort of driver problem, and resetting. So I think it never successfully got back into Windows after the restart. That means that the results of its first run under safe mode MAY still be intact, if you know where to find them. (Of course, you know the answer to that much better than I do.)

I found a directory at C:\ComboFix that was not accessible. If I attempted to go there, I was taken back to the My Computer window. I also found a folder named C:\Qoobox with a date corresponding to the run time of ComboFix. There are some small .dat files in there, but not much else.

Would you like me to try to recover some data somewhere before we move forward, or will ComboFix do the right thing if I start it up again?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:53 PM

Posted 28 December 2011 - 10:01 PM

Hello

we will get back to combofix in a min

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 TheGear

TheGear
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 29 December 2011 - 12:04 AM

23:56:22.0183 4700 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
23:56:22.0542 4700 ============================================================
23:56:22.0542 4700 Current date / time: 2011/12/28 23:56:22.0542
23:56:22.0542 4700 SystemInfo:
23:56:22.0542 4700
23:56:22.0542 4700 OS Version: 6.1.7601 ServicePack: 1.0
23:56:22.0542 4700 Product type: Workstation
23:56:22.0542 4700 ComputerName: ARCHIMEDES
23:56:22.0542 4700 UserName: Root
23:56:22.0542 4700 Windows directory: C:\Windows
23:56:22.0542 4700 System windows directory: C:\Windows
23:56:22.0542 4700 Processor architecture: Intel x86
23:56:22.0542 4700 Number of processors: 1
23:56:22.0542 4700 Page size: 0x1000
23:56:22.0542 4700 Boot type: Normal boot
23:56:22.0542 4700 ============================================================
23:56:29.0799 4700 Initialize success
23:56:41.0168 4800 ============================================================
23:56:41.0168 4800 Scan started
23:56:41.0168 4800 Mode: Manual;
23:56:41.0168 4800 ============================================================
23:56:44.0171 4800 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
23:56:44.0187 4800 1394ohci - ok
23:56:44.0468 4800 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
23:56:44.0468 4800 61883 - ok
23:56:44.0609 4800 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
23:56:44.0640 4800 ACPI - ok
23:56:44.0734 4800 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
23:56:44.0734 4800 AcpiPmi - ok
23:56:44.0875 4800 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:56:44.0906 4800 adp94xx - ok
23:56:44.0968 4800 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:56:44.0984 4800 adpahci - ok
23:56:45.0046 4800 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:56:45.0046 4800 adpu320 - ok
23:56:45.0234 4800 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
23:56:45.0265 4800 AFD - ok
23:56:45.0343 4800 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
23:56:45.0359 4800 agp440 - ok
23:56:45.0484 4800 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:56:45.0500 4800 aic78xx - ok
23:56:45.0593 4800 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
23:56:45.0593 4800 aliide - ok
23:56:45.0687 4800 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
23:56:45.0687 4800 amdagp - ok
23:56:45.0750 4800 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
23:56:45.0750 4800 amdide - ok
23:56:46.0485 4800 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:56:46.0500 4800 AmdK8 - ok
23:56:46.0766 4800 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:56:46.0766 4800 AmdPPM - ok
23:56:46.0875 4800 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
23:56:46.0907 4800 amdsata - ok
23:56:47.0016 4800 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:56:47.0032 4800 amdsbs - ok
23:56:47.0094 4800 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
23:56:47.0094 4800 amdxata - ok
23:56:47.0205 4800 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
23:56:47.0205 4800 AppID - ok
23:56:47.0658 4800 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:56:47.0658 4800 arc - ok
23:56:47.0814 4800 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:56:47.0814 4800 arcsas - ok
23:56:47.0923 4800 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:56:47.0923 4800 AsyncMac - ok
23:56:48.0190 4800 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
23:56:48.0190 4800 atapi - ok
23:56:49.0300 4800 atikmdag (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys
23:56:49.0503 4800 atikmdag - ok
23:56:49.0941 4800 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
23:56:49.0941 4800 Avc - ok
23:56:50.0739 4800 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:56:50.0770 4800 b06bdrv - ok
23:56:51.0114 4800 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:56:51.0129 4800 b57nd60x - ok
23:56:51.0771 4800 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
23:56:51.0927 4800 BCM43XX - ok
23:56:52.0177 4800 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:56:52.0177 4800 Beep - ok
23:56:52.0386 4800 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:56:52.0480 4800 blbdrive - ok
23:56:52.0996 4800 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
23:56:53.0011 4800 bowser - ok
23:56:53.0214 4800 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:56:53.0230 4800 BrFiltLo - ok
23:56:53.0277 4800 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:56:53.0292 4800 BrFiltUp - ok
23:56:53.0371 4800 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:56:53.0371 4800 Brserid - ok
23:56:53.0449 4800 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:56:53.0464 4800 BrSerWdm - ok
23:56:53.0511 4800 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:56:53.0511 4800 BrUsbMdm - ok
23:56:53.0558 4800 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:56:53.0558 4800 BrUsbSer - ok
23:56:53.0605 4800 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:56:53.0605 4800 BTHMODEM - ok
23:56:53.0699 4800 CAMCAUD (23913c28ac89875bbfa03bccdc3a41e5) C:\Windows\system32\drivers\camc6aud.sys
23:56:53.0714 4800 CAMCAUD - ok
23:56:53.0808 4800 CAMCHALA (e6edb12a44dafcef05dbddf3ed652388) C:\Windows\system32\drivers\camc6hal.sys
23:56:53.0808 4800 CAMCHALA - ok
23:56:54.0011 4800 catchme (d94b86ad01a3cc323619d4ff512ed6fa) C:\Users\Root\AppData\Local\Temp\catchme.sys
23:56:54.0011 4800 catchme - ok
23:56:54.0356 4800 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:56:54.0372 4800 cdfs - ok
23:56:54.0481 4800 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
23:56:54.0497 4800 cdrom - ok
23:56:54.0809 4800 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:56:54.0809 4800 circlass - ok
23:56:55.0364 4800 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:56:55.0411 4800 CLFS - ok
23:56:55.0833 4800 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:56:55.0833 4800 CmBatt - ok
23:56:55.0942 4800 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
23:56:55.0942 4800 cmdide - ok
23:56:56.0004 4800 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
23:56:56.0020 4800 CNG - ok
23:56:56.0114 4800 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:56:56.0129 4800 Compbatt - ok
23:56:56.0192 4800 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
23:56:56.0192 4800 CompositeBus - ok
23:56:56.0292 4800 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:56:56.0293 4800 crcdisk - ok
23:56:56.0653 4800 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
23:56:56.0668 4800 dc3d - ok
23:56:57.0372 4800 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
23:56:57.0387 4800 DfsC - ok
23:56:57.0684 4800 dgderdrv (f4c7c13d736515ed5263d0019a9713b7) C:\Windows\system32\drivers\dgderdrv.sys
23:56:57.0684 4800 dgderdrv - ok
23:56:57.0809 4800 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:56:57.0809 4800 discache - ok
23:56:57.0918 4800 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:56:57.0918 4800 Disk - ok
23:56:58.0043 4800 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
23:56:58.0043 4800 Dot4 - ok
23:56:58.0090 4800 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:56:58.0090 4800 Dot4Print - ok
23:56:58.0137 4800 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
23:56:58.0137 4800 dot4usb - ok
23:56:58.0247 4800 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:56:58.0262 4800 drmkaud - ok
23:56:58.0373 4800 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
23:56:58.0419 4800 DXGKrnl - ok
23:56:58.0951 4800 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:56:59.0107 4800 ebdrv - ok
23:56:59.0888 4800 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:56:59.0951 4800 elxstor - ok
23:57:00.0091 4800 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
23:57:00.0091 4800 ErrDev - ok
23:57:00.0232 4800 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:57:00.0263 4800 exfat - ok
23:57:00.0341 4800 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:57:00.0373 4800 fastfat - ok
23:57:00.0716 4800 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:57:00.0716 4800 fdc - ok
23:57:00.0841 4800 Fdusb2J (5c9935544930caf6256881990a47da4e) C:\Windows\system32\Drivers\Fdusb2J.sys
23:57:00.0841 4800 Fdusb2J - ok
23:57:00.0951 4800 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:57:00.0951 4800 FileInfo - ok
23:57:01.0044 4800 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:57:01.0060 4800 Filetrace - ok
23:57:01.0107 4800 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:57:01.0107 4800 flpydisk - ok
23:57:01.0154 4800 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:57:01.0169 4800 FltMgr - ok
23:57:01.0841 4800 FNETTHJM_152D (9339335cfaf1ebd80734098ff938b32a) C:\Windows\system32\drivers\fnetthjm_152D.sys
23:57:01.0841 4800 FNETTHJM_152D - ok
23:57:02.0232 4800 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:57:02.0232 4800 FsDepends - ok
23:57:02.0341 4800 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
23:57:02.0341 4800 fssfltr - ok
23:57:02.0451 4800 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
23:57:02.0451 4800 Fs_Rec - ok
23:57:02.0576 4800 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
23:57:02.0591 4800 fvevol - ok
23:57:02.0685 4800 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:57:02.0685 4800 gagp30kx - ok
23:57:02.0794 4800 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:57:02.0794 4800 GEARAspiWDM - ok
23:57:03.0123 4800 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:57:03.0123 4800 hcw85cir - ok
23:57:03.0216 4800 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
23:57:03.0216 4800 HDAudBus - ok
23:57:03.0326 4800 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:57:03.0326 4800 HidBatt - ok
23:57:03.0419 4800 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:57:03.0419 4800 HidBth - ok
23:57:04.0123 4800 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:57:04.0123 4800 HidIr - ok
23:57:04.0310 4800 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
23:57:04.0310 4800 HidUsb - ok
23:57:04.0498 4800 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
23:57:04.0498 4800 HpSAMD - ok
23:57:04.0638 4800 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
23:57:04.0654 4800 HTTP - ok
23:57:04.0748 4800 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
23:57:04.0748 4800 hwpolicy - ok
23:57:04.0857 4800 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
23:57:04.0857 4800 i8042prt - ok
23:57:04.0998 4800 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
23:57:05.0044 4800 iaStorV - ok
23:57:05.0389 4800 ICDSX (9404719c43986ef811e69520db411516) C:\Windows\system32\Drivers\ICDSX.sys
23:57:05.0420 4800 ICDSX - ok
23:57:05.0545 4800 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:57:05.0561 4800 iirsp - ok
23:57:06.0124 4800 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
23:57:06.0139 4800 intelide - ok
23:57:06.0453 4800 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:57:06.0453 4800 intelppm - ok
23:57:06.0546 4800 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:57:06.0546 4800 IpFilterDriver - ok
23:57:06.0625 4800 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
23:57:06.0640 4800 IPMIDRV - ok
23:57:06.0703 4800 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:57:06.0718 4800 IPNAT - ok
23:57:06.0859 4800 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:57:06.0875 4800 IRENUM - ok
23:57:06.0953 4800 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
23:57:06.0953 4800 isapnp - ok
23:57:07.0031 4800 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
23:57:07.0031 4800 iScsiPrt - ok
23:57:07.0407 4800 JL2004A (126eb5e418c20510b0863507f5c48708) C:\Windows\system32\Drivers\pv_wdm.sys
23:57:07.0407 4800 JL2004A - ok
23:57:07.0532 4800 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
23:57:07.0532 4800 kbdclass - ok
23:57:07.0625 4800 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
23:57:07.0625 4800 kbdhid - ok
23:57:07.0750 4800 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
23:57:07.0750 4800 KSecDD - ok
23:57:08.0079 4800 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
23:57:08.0172 4800 KSecPkg - ok
23:57:08.0642 4800 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:57:08.0658 4800 lltdio - ok
23:57:09.0064 4800 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:57:09.0080 4800 LSI_FC - ok
23:57:09.0189 4800 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:57:09.0189 4800 LSI_SAS - ok
23:57:09.0267 4800 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:57:09.0267 4800 LSI_SAS2 - ok
23:57:09.0330 4800 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:57:09.0330 4800 LSI_SCSI - ok
23:57:09.0392 4800 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:57:09.0408 4800 luafv - ok
23:57:09.0581 4800 MCSTRM - ok
23:57:09.0690 4800 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:57:09.0690 4800 megasas - ok
23:57:09.0768 4800 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:57:09.0768 4800 MegaSR - ok
23:57:10.0127 4800 MEMSWEEP2 - ok
23:57:10.0731 4800 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:57:10.0747 4800 Modem - ok
23:57:11.0106 4800 MODEMCSA (25483f9d590d5f00bd951e1181453ec2) C:\Windows\system32\drivers\MODEMCSA.sys
23:57:11.0122 4800 MODEMCSA - ok
23:57:11.0215 4800 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:57:11.0231 4800 monitor - ok
23:57:11.0309 4800 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:57:11.0325 4800 mouclass - ok
23:57:11.0403 4800 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:57:11.0418 4800 mouhid - ok
23:57:11.0497 4800 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
23:57:11.0512 4800 mountmgr - ok
23:57:11.0606 4800 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
23:57:11.0606 4800 MpFilter - ok
23:57:11.0668 4800 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
23:57:11.0668 4800 mpio - ok
23:57:11.0856 4800 MpKsl0d25f8de - ok
23:57:11.0903 4800 MpKsl11870b95 - ok
23:57:11.0997 4800 MpKsl1ad46ec3 - ok
23:57:12.0184 4800 MpKsl2987c5b3 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A22BFEB0-BEB1-450D-8DB3-8C8BB0571F4E}\MpKsl2987c5b3.sys
23:57:12.0184 4800 Suspicious file (Forged): C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A22BFEB0-BEB1-450D-8DB3-8C8BB0571F4E}\MpKsl2987c5b3.sys. Real md5: a69630d039c38018689190234f866d77, Fake md5: 4137ee420481d10734da3018d0325582
23:57:12.0184 4800 MpKsl2987c5b3 ( ForgedFile.Multi.Generic ) - warning
23:57:12.0184 4800 MpKsl2987c5b3 - detected ForgedFile.Multi.Generic (1)
23:57:12.0860 4800 MpKsl3969e4f1 - ok
23:57:13.0079 4800 MpKsl3d12911c (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A22BFEB0-BEB1-450D-8DB3-8C8BB0571F4E}\MpKsl3d12911c.sys
23:57:13.0094 4800 MpKsl3d12911c - ok
23:57:13.0469 4800 MpKsl463ab27a - ok
23:57:13.0908 4800 MpKsl528c5a16 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A22BFEB0-BEB1-450D-8DB3-8C8BB0571F4E}\MpKsl528c5a16.sys
23:57:13.0908 4800 MpKsl528c5a16 - ok
23:57:14.0220 4800 MpKsl5531dffd - ok
23:57:15.0065 4800 MpKsl600201e6 - ok
23:57:15.0284 4800 MpKsl6327ca7a - ok
23:57:15.0331 4800 MpKsl6dd0e15e - ok
23:57:15.0409 4800 MpKsl7ae929e6 - ok
23:57:15.0471 4800 MpKsl8129371a - ok
23:57:15.0502 4800 MpKsla323f5e4 - ok
23:57:15.0627 4800 MpKslab3caa60 - ok
23:57:15.0690 4800 MpKslb0f89302 - ok
23:57:15.0737 4800 MpKslb23fefe0 - ok
23:57:15.0784 4800 MpKslbe7b7bb0 - ok
23:57:15.0831 4800 MpKslc7db8766 - ok
23:57:15.0877 4800 MpKsle13c8dbf - ok
23:57:15.0909 4800 MpKsle69ddce5 - ok
23:57:15.0971 4800 MpKslf4be98f0 - ok
23:57:16.0018 4800 MpKslfcc3a2f0 - ok
23:57:16.0409 4800 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:57:16.0409 4800 MpNWMon - ok
23:57:16.0691 4800 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:57:16.0691 4800 mpsdrv - ok
23:57:17.0535 4800 mr97310c (229528a08747a4af3c572dde995c6ca1) C:\Windows\system32\DRIVERS\mr97310c.sys
23:57:17.0661 4800 mr97310c - ok
23:57:18.0004 4800 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
23:57:18.0020 4800 MREMP50 - ok
23:57:18.0051 4800 MREMPR5 - ok
23:57:18.0083 4800 MRENDIS5 - ok
23:57:18.0145 4800 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
23:57:18.0192 4800 MRESP50 - ok
23:57:18.0489 4800 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
23:57:18.0504 4800 MRxDAV - ok
23:57:18.0833 4800 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:57:18.0833 4800 mrxsmb - ok
23:57:19.0458 4800 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:57:19.0490 4800 mrxsmb10 - ok
23:57:19.0866 4800 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:57:19.0866 4800 mrxsmb20 - ok
23:57:20.0038 4800 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
23:57:20.0038 4800 msahci - ok
23:57:20.0225 4800 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
23:57:20.0256 4800 msdsm - ok
23:57:20.0742 4800 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
23:57:20.0742 4800 MSDV - ok
23:57:20.0929 4800 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:57:20.0960 4800 Msfs - ok
23:57:21.0070 4800 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:57:21.0085 4800 mshidkmdf - ok
23:57:21.0210 4800 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
23:57:21.0414 4800 msisadrv - ok
23:57:21.0977 4800 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:57:22.0024 4800 MSKSSRV - ok
23:57:22.0399 4800 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:57:22.0415 4800 MSPCLOCK - ok
23:57:22.0540 4800 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:57:22.0540 4800 MSPQM - ok
23:57:22.0656 4800 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:57:22.0671 4800 MsRPC - ok
23:57:22.0906 4800 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
23:57:22.0906 4800 mssmbios - ok
23:57:23.0140 4800 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:57:23.0156 4800 MSTEE - ok
23:57:23.0859 4800 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:57:23.0890 4800 MTConfig - ok
23:57:24.0484 4800 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:57:24.0500 4800 Mup - ok
23:57:24.0625 4800 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:57:24.0640 4800 NativeWifiP - ok
23:57:25.0140 4800 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
23:57:25.0187 4800 NDIS - ok
23:57:25.0406 4800 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:57:25.0421 4800 NdisCap - ok
23:57:25.0562 4800 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:57:25.0562 4800 NdisTapi - ok
23:57:25.0734 4800 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
23:57:25.0781 4800 Ndisuio - ok
23:57:26.0500 4800 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
23:57:26.0515 4800 NdisWan - ok
23:57:26.0812 4800 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
23:57:26.0843 4800 NDProxy - ok
23:57:27.0390 4800 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:57:27.0406 4800 NetBIOS - ok
23:57:27.0703 4800 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
23:57:27.0703 4800 NetBT - ok
23:57:27.0875 4800 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:57:27.0875 4800 nfrd960 - ok
23:57:27.0953 4800 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:57:27.0953 4800 NisDrv - ok
23:57:28.0218 4800 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:57:28.0218 4800 Npfs - ok
23:57:28.0296 4800 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:57:28.0296 4800 nsiproxy - ok
23:57:29.0000 4800 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
23:57:29.0046 4800 Ntfs - ok
23:57:29.0390 4800 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
23:57:29.0406 4800 NuidFltr - ok
23:57:29.0703 4800 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:57:29.0703 4800 Null - ok
23:57:29.0828 4800 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
23:57:29.0843 4800 nvraid - ok
23:57:29.0953 4800 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
23:57:29.0984 4800 nvstor - ok
23:57:30.0109 4800 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
23:57:30.0109 4800 nv_agp - ok
23:57:30.0968 4800 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
23:57:31.0015 4800 ohci1394 - ok
23:57:31.0579 4800 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\Windows\system32\drivers\PalmUSBD.sys
23:57:31.0579 4800 PalmUSBD - ok
23:57:31.0672 4800 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:57:31.0688 4800 Parport - ok
23:57:31.0969 4800 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
23:57:31.0969 4800 partmgr - ok
23:57:32.0094 4800 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:57:32.0127 4800 Parvdm - ok
23:57:32.0487 4800 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
23:57:32.0487 4800 pci - ok
23:57:32.0581 4800 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
23:57:32.0581 4800 pciide - ok
23:57:33.0222 4800 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:57:33.0222 4800 pcmcia - ok
23:57:33.0628 4800 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:57:33.0628 4800 pcw - ok
23:57:33.0816 4800 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:57:33.0832 4800 PEAUTH - ok
23:57:34.0551 4800 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
23:57:34.0551 4800 Point32 - ok
23:57:35.0240 4800 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:57:35.0380 4800 PptpMiniport - ok
23:57:36.0005 4800 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:57:36.0021 4800 Processor - ok
23:57:36.0162 4800 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:57:36.0162 4800 Psched - ok
23:57:36.0271 4800 PulseUsb (82749a87e49fdc46e6d1b9627507dd75) C:\Windows\system32\DRIVERS\PulseUsb.sys
23:57:36.0271 4800 PulseUsb - ok
23:57:36.0396 4800 PxHelp20 (5491e4e7d93804f43abe8ce3c39f5a86) C:\Windows\system32\Drivers\PxHelp20.sys
23:57:36.0458 4800 PxHelp20 - ok
23:57:37.0099 4800 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:57:37.0146 4800 ql2300 - ok
23:57:37.0959 4800 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:57:37.0959 4800 ql40xx - ok
23:57:38.0334 4800 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:57:38.0350 4800 QWAVEdrv - ok
23:57:38.0664 4800 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:57:38.0679 4800 RasAcd - ok
23:57:39.0164 4800 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:57:39.0179 4800 RasAgileVpn - ok
23:57:39.0852 4800 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:57:39.0993 4800 Rasl2tp - ok
23:57:40.0516 4800 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:57:40.0516 4800 RasPppoe - ok
23:57:40.0891 4800 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:57:40.0891 4800 RasSstp - ok
23:57:41.0204 4800 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
23:57:41.0219 4800 rdbss - ok
23:57:41.0454 4800 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:57:41.0469 4800 rdpbus - ok
23:57:41.0845 4800 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:57:41.0845 4800 RDPCDD - ok
23:57:42.0784 4800 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:57:42.0784 4800 RDPENCDD - ok
23:57:43.0237 4800 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:57:43.0237 4800 RDPREFMP - ok
23:57:43.0655 4800 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
23:57:43.0702 4800 RDPWD - ok
23:57:44.0264 4800 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
23:57:44.0405 4800 rdyboost - ok
23:57:44.0920 4800 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
23:57:44.0967 4800 ROOTMODEM - ok
23:57:45.0280 4800 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:57:45.0295 4800 rspndr - ok
23:57:45.0514 4800 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
23:57:45.0530 4800 RTL8023xp - ok
23:57:45.0764 4800 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:57:45.0780 4800 SASDIFSV - ok
23:57:45.0920 4800 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:57:45.0920 4800 SASKUTIL - ok
23:57:46.0342 4800 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
23:57:46.0358 4800 sbp2port - ok
23:57:47.0062 4800 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
23:57:47.0093 4800 scfilter - ok
23:57:47.0531 4800 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
23:57:47.0531 4800 sdbus - ok
23:57:48.0023 4800 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:57:48.0039 4800 secdrv - ok
23:57:48.0570 4800 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:57:48.0603 4800 Serenum - ok
23:57:49.0333 4800 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:57:49.0348 4800 Serial - ok
23:57:49.0708 4800 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:57:49.0708 4800 sermouse - ok
23:57:50.0052 4800 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
23:57:50.0099 4800 sffdisk - ok
23:57:50.0458 4800 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
23:57:50.0458 4800 sffp_mmc - ok
23:57:50.0696 4800 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
23:57:50.0696 4800 sffp_sd - ok
23:57:51.0227 4800 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:57:51.0352 4800 sfloppy - ok
23:57:51.0713 4800 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
23:57:51.0729 4800 sisagp - ok
23:57:51.0854 4800 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:57:51.0854 4800 SiSRaid2 - ok
23:57:51.0916 4800 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:57:51.0916 4800 SiSRaid4 - ok
23:57:52.0182 4800 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:57:52.0213 4800 Smb - ok
23:57:52.0714 4800 smserial (2d97b7cc3f118620a704c5da138ca120) C:\Windows\system32\DRIVERS\smserial.sys
23:57:52.0777 4800 smserial - ok
23:57:53.0433 4800 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:57:53.0527 4800 spldr - ok
23:57:54.0200 4800 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
23:57:54.0231 4800 srv - ok
23:57:54.0528 4800 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
23:57:54.0559 4800 srv2 - ok
23:57:54.0966 4800 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
23:57:54.0966 4800 srvnet - ok
23:57:55.0685 4800 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:57:55.0844 4800 stexstor - ok
23:57:56.0297 4800 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
23:57:56.0329 4800 StillCam - ok
23:57:56.0672 4800 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
23:57:56.0688 4800 swenum - ok
23:57:57.0375 4800 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
23:57:57.0469 4800 Tcpip - ok
23:57:58.0408 4800 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
23:57:58.0423 4800 TCPIP6 - ok
23:57:58.0767 4800 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
23:57:58.0783 4800 tcpipreg - ok
23:57:59.0173 4800 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
23:57:59.0205 4800 TDPIPE - ok
23:57:59.0869 4800 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
23:58:00.0103 4800 TDTCP - ok
23:58:00.0744 4800 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
23:58:00.0759 4800 tdx - ok
23:58:01.0291 4800 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
23:58:01.0306 4800 TermDD - ok
23:58:01.0775 4800 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\Windows\system32\drivers\tifm21.sys
23:58:01.0791 4800 tifm21 - ok
23:58:02.0650 4800 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:58:02.0681 4800 tssecsrv - ok
23:58:03.0088 4800 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
23:58:03.0104 4800 TsUsbFlt - ok
23:58:03.0370 4800 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
23:58:03.0385 4800 tunnel - ok
23:58:03.0760 4800 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:58:03.0807 4800 uagp35 - ok
23:58:04.0292 4800 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
23:58:04.0308 4800 udfs - ok
23:58:05.0153 4800 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
23:58:05.0200 4800 uliagpkx - ok
23:58:05.0747 4800 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
23:58:05.0778 4800 umbus - ok
23:58:06.0263 4800 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:58:06.0310 4800 UmPass - ok
23:58:06.0794 4800 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
23:58:06.0888 4800 USBAAPL - ok
23:58:07.0452 4800 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
23:58:07.0514 4800 usbaudio - ok
23:58:07.0842 4800 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
23:58:07.0858 4800 usbccgp - ok
23:58:08.0312 4800 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
23:58:08.0343 4800 usbcir - ok
23:58:08.0687 4800 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
23:58:08.0703 4800 usbehci - ok
23:58:09.0672 4800 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
23:58:09.0672 4800 usbhub - ok
23:58:10.0143 4800 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
23:58:10.0174 4800 usbohci - ok
23:58:10.0627 4800 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:58:10.0674 4800 usbprint - ok
23:58:11.0014 4800 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
23:58:11.0046 4800 usbscan - ok
23:58:12.0266 4800 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\DRIVERS\usbser.sys
23:58:12.0313 4800 usbser - ok
23:58:12.0657 4800 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:58:12.0657 4800 USBSTOR - ok
23:58:13.0330 4800 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
23:58:13.0376 4800 usbuhci - ok
23:58:14.0440 4800 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
23:58:14.0581 4800 usb_rndisx - ok
23:58:15.0207 4800 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
23:58:15.0582 4800 vdrvroot - ok
23:58:16.0676 4800 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:58:16.0723 4800 vga - ok
23:58:17.0271 4800 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:58:17.0302 4800 VgaSave - ok
23:58:17.0599 4800 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
23:58:17.0630 4800 vhdmp - ok
23:58:18.0141 4800 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
23:58:18.0173 4800 viaagp - ok
23:58:19.0142 4800 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:58:19.0158 4800 ViaC7 - ok
23:58:19.0658 4800 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
23:58:19.0658 4800 viaide - ok
23:58:19.0861 4800 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
23:58:19.0876 4800 volmgr - ok
23:58:20.0283 4800 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:58:20.0330 4800 volmgrx - ok
23:58:21.0376 4800 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
23:58:21.0455 4800 volsnap - ok
23:58:22.0017 4800 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:58:22.0048 4800 vsmraid - ok
23:58:22.0596 4800 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
23:58:22.0690 4800 vwifibus - ok
23:58:23.0707 4800 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
23:58:23.0722 4800 vwififlt - ok
23:58:24.0224 4800 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
23:58:24.0240 4800 vwifimp - ok
23:58:25.0381 4800 VX1000 (d22c6b9c2f840d403fd387ad207a4b16) C:\Windows\system32\DRIVERS\VX1000.sys
23:58:25.0491 4800 VX1000 - ok
23:58:26.0445 4800 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:58:26.0476 4800 WacomPen - ok
23:58:26.0882 4800 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:58:26.0914 4800 WANARP - ok
23:58:26.0960 4800 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:58:26.0960 4800 Wanarpv6 - ok
23:58:27.0446 4800 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:58:27.0477 4800 Wd - ok
23:58:27.0899 4800 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:58:27.0946 4800 Wdf01000 - ok
23:58:28.0712 4800 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:58:28.0728 4800 WfpLwf - ok
23:58:29.0197 4800 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:58:29.0244 4800 WIMMount - ok
23:58:29.0884 4800 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
23:58:29.0916 4800 WinUsb - ok
23:58:30.0479 4800 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
23:58:30.0635 4800 WmiAcpi - ok
23:58:31.0151 4800 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:58:31.0166 4800 ws2ifsl - ok
23:58:31.0605 4800 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
23:58:31.0621 4800 WSDPrintDevice - ok
23:58:32.0105 4800 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
23:58:32.0121 4800 WudfPf - ok
23:58:32.0528 4800 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:58:32.0543 4800 WUDFRd - ok
23:58:33.0215 4800 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:58:33.0482 4800 \Device\Harddisk0\DR0 - ok
23:58:33.0529 4800 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
23:58:33.0529 4800 \Device\Harddisk1\DR1 - ok
23:58:33.0560 4800 Boot (0x1200) (3f384753eb0c047366edd3e6acc40efe) \Device\Harddisk0\DR0\Partition0
23:58:33.0591 4800 \Device\Harddisk0\DR0\Partition0 - ok
23:58:33.0607 4800 Boot (0x1200) (d9a33542542076060a3b5268c59f0fd6) \Device\Harddisk1\DR1\Partition0
23:58:33.0607 4800 \Device\Harddisk1\DR1\Partition0 - ok
23:58:33.0623 4800 ============================================================
23:58:33.0623 4800 Scan finished
23:58:33.0623 4800 ============================================================
23:58:33.0654 4640 Detected object count: 1
23:58:33.0654 4640 Actual detected object count: 1
23:59:21.0269 4640 MpKsl2987c5b3 ( ForgedFile.Multi.Generic ) - skipped by user
23:59:21.0269 4640 MpKsl2987c5b3 ( ForgedFile.Multi.Generic ) - User select action: Skip
00:01:51.0394 2712 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:53 PM

Posted 29 December 2011 - 12:09 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 TheGear

TheGear
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 29 December 2011 - 08:18 AM

aswMBR version 0.9.9.1123 Copyright© 2011 AVAST Software
Run date: 2011-12-29 07:58:05
-----------------------------
07:58:05.412 OS Version: Windows 6.1.7601 Service Pack 1
07:58:05.412 Number of processors: 1 586 0xF00
07:58:05.412 ComputerName: ARCHIMEDES UserName: Root
07:58:06.976 Initialize success
07:58:14.104 AVAST engine defs: 11122900
07:58:23.672 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:58:23.688 Disk 0 Vendor: ST960821A 3.02 Size: 57231MB BusType: 3
07:58:25.721 Disk 0 MBR read successfully
07:58:25.721 Disk 0 MBR scan
07:58:25.752 Disk 0 Windows 7 default MBR code
07:58:25.752 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 44508 MB offset 63
07:58:25.768 Disk 0 Partition - 00 05 Extended 2557 MB offset 91152810
07:58:25.862 Disk 0 Partition 2 00 83 Linux 10166 MB offset 96390000
07:58:25.877 Disk 0 Partition 3 00 83 Linux 2384 MB offset 91152873
07:58:25.893 Disk 0 Partition - 00 05 Extended 172 MB offset 96036570
07:58:25.924 Disk 0 scanning sectors +117210240
07:58:26.800 Disk 0 scanning C:\Windows\system32\drivers
07:59:39.493 Service scanning
07:59:44.857 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
07:59:45.795 Modules scanning
08:00:47.510 Disk 0 trace - called modules:
08:00:47.541 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
08:00:47.557 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a10530]
08:00:47.573 3 CLASSPNP.SYS[88f7d59e] -> nt!IofCallDriver -> [0x8594e390]
08:00:47.573 5 ACPI.sys[833b83d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85953030]
08:00:51.886 AVAST engine scan C:\Windows
08:01:03.444 AVAST engine scan C:\Windows\system32
08:07:10.323 AVAST engine scan C:\Windows\system32\drivers
08:07:36.607 AVAST engine scan C:\Users\Root
08:07:57.191 AVAST engine scan C:\ProgramData
08:10:32.951 Scan finished successfully
08:10:58.456 Disk 0 MBR has been saved successfully to "C:\Users\Bill\Desktop\MBR.dat"
08:10:58.471 The log file has been saved successfully to "C:\Users\Bill\Desktop\aswMBR_stdmode.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:53 PM

Posted 29 December 2011 - 08:28 AM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 TheGear

TheGear
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 29 December 2011 - 09:35 AM

ComboFix 11-12-24.10 - Root 12/29/2011 8:49.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.970 [GMT -5:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bill\Documents\Readiris.DUS
c:\windows\system32\ccrpTmr6.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-29 14:01 . 2011-12-29 14:01 -------- d-----w- c:\users\Root\AppData\Local\temp
2011-12-29 14:01 . 2011-12-29 14:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-29 12:52 . 2011-12-29 12:52 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A6E7D5D-4A3D-4DA9-BCFB-E80E5F7CED74}\offreg.dll
2011-12-29 04:59 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A6E7D5D-4A3D-4DA9-BCFB-E80E5F7CED74}\mpengine.dll
2011-12-26 22:21 . 2011-12-26 22:21 -------- d-----w- c:\users\Root\AppData\Roaming\Malwarebytes
2011-12-23 03:19 . 2011-12-23 03:19 -------- d-----w- c:\program files\iPod
2011-12-23 03:18 . 2011-12-23 03:21 -------- d-----w- c:\program files\iTunes
2011-12-22 13:01 . 2011-12-22 16:16 -------- d-----w- c:\users\Root\AppData\Roaming\HpUpdate
2011-12-14 07:16 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 07:15 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 07:15 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 07:15 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 07:15 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 07:15 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 03:47 . 2011-12-14 03:47 -------- d-----w- c:\program files\Common Files\Java
2011-12-13 12:38 . 2011-12-13 12:38 -------- d-----w- c:\users\Bill\AppData\Local\Microsoft_Corporation
2011-12-03 15:34 . 2011-12-03 15:34 -------- d-----w- c:\users\Bill\AppData\Roaming\com.essexreddevelopment.mergepdfmac
2011-12-03 15:34 . 2011-12-12 23:42 -------- d-----w- c:\program files\BatchPDFMerger
2011-12-03 15:34 . 2011-12-03 15:34 -------- d-----w- c:\users\Root\AppData\Local\Adobe
2011-12-03 14:36 . 2011-12-14 00:46 -------- d-----w- c:\users\Root\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 01:36 . 2011-03-26 13:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-09 17:47 . 2010-10-28 19:44 5875200 ----a-w- c:\windows\system32\pdftk.exe
2011-12-09 17:47 . 2010-07-02 21:45 978432 ----a-w- c:\windows\system32\libiconv2.dll
2011-11-21 10:47 . 2010-03-02 08:59 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-30 19:18 . 2011-06-07 14:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-11 06:01 . 2011-10-11 06:03 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA8F7385-2567-4C62-8A65-A685E4AA0CD5}\gapaengine.dll
2011-10-01 00:45 . 2011-04-04 13:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-14 1086760]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 360448]
.
c:\users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\users\Root\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [N/A]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Palm Registration.lnk - c:\program files\Palm\register.exe [2005-8-8 2494464]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2010-10-18 28672]
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2011-6-9 293950]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Office Depot PC Support Agent]
@="Office Depot PC Support Agent"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2010-01-03 19:06 638976 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
R1 MpKsl0d25f8de;MpKsl0d25f8de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{871BC2CC-BE89-4E35-918B-EDE6ECF373AD}\MpKsl0d25f8de.sys [x]
R1 MpKsl11870b95;MpKsl11870b95;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{322D1DF9-A568-4450-9137-30383C644EEE}\MpKsl11870b95.sys [x]
R1 MpKsl1ad46ec3;MpKsl1ad46ec3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{220E2C6C-54BE-4426-9DC3-0F6EFB568676}\MpKsl1ad46ec3.sys [x]
R1 MpKsl2987c5b3;MpKsl2987c5b3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A22BFEB0-BEB1-450D-8DB3-8C8BB0571F4E}\MpKsl2987c5b3.sys [x]
R1 MpKsl3969e4f1;MpKsl3969e4f1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93693CC5-95C3-4E6A-983C-5A65E1791093}\MpKsl3969e4f1.sys [x]
R1 MpKsl463ab27a;MpKsl463ab27a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27860ADF-8A40-47B1-B0D1-E1B5E6750AA5}\MpKsl463ab27a.sys [x]
R1 MpKsl5531dffd;MpKsl5531dffd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1AB6FA46-767B-4CAD-9A16-1E7F2912A480}\MpKsl5531dffd.sys [x]
R1 MpKsl600201e6;MpKsl600201e6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30089AA9-71AF-4276-AF36-4A92561A0424}\MpKsl600201e6.sys [x]
R1 MpKsl6327ca7a;MpKsl6327ca7a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F3EB3B7-6F54-406A-9DE5-0BB3A1B40B5A}\MpKsl6327ca7a.sys [x]
R1 MpKsl6dd0e15e;MpKsl6dd0e15e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F0A5D38-7F9E-4E7A-B7FF-B13939609AE7}\MpKsl6dd0e15e.sys [x]
R1 MpKsl7ae929e6;MpKsl7ae929e6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0529588C-9958-4B7C-87EF-9BE2523B3019}\MpKsl7ae929e6.sys [x]
R1 MpKsl8129371a;MpKsl8129371a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B26F0302-6CCF-4EAE-9E38-2247F0DDBB67}\MpKsl8129371a.sys [x]
R1 MpKsla323f5e4;MpKsla323f5e4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80380360-6863-4E51-8381-F08B67E782FD}\MpKsla323f5e4.sys [x]
R1 MpKslab3caa60;MpKslab3caa60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74129749-B783-4B46-B384-68F5B89DE7BE}\MpKslab3caa60.sys [x]
R1 MpKslb0f89302;MpKslb0f89302;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5FD07BC-3C3A-476E-AFD5-742C1752D0C9}\MpKslb0f89302.sys [x]
R1 MpKslb23fefe0;MpKslb23fefe0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF648823-BC94-495B-B852-7227A2F4400C}\MpKslb23fefe0.sys [x]
R1 MpKslbe7b7bb0;MpKslbe7b7bb0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10307EF9-8A59-4AE2-BDE8-52809491DF97}\MpKslbe7b7bb0.sys [x]
R1 MpKslc7db8766;MpKslc7db8766;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F851DFF-9FD2-40D8-B0C9-EADAED9CA8CE}\MpKslc7db8766.sys [x]
R1 MpKsle13c8dbf;MpKsle13c8dbf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7ECCBA47-8778-46D6-8ED9-E634AF479AEB}\MpKsle13c8dbf.sys [x]
R1 MpKsle69ddce5;MpKsle69ddce5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78DE8D6D-ADC1-4EA9-A388-B67C55EE5633}\MpKsle69ddce5.sys [x]
R1 MpKslf4be98f0;MpKslf4be98f0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0128B421-00FE-4FEC-BBF4-B1ADAF4A6E25}\MpKslf4be98f0.sys [x]
R1 MpKslfcc3a2f0;MpKslfcc3a2f0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C525B1FA-50B0-4431-AB76-BF033FBA35FB}\MpKslfcc3a2f0.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-05-09 20032]
R3 ED;ED;c:\users\Bill\AppData\Local\Temp\ED.exe [x]
R3 Fdusb2J;FUJITSU Fingsensor Driver MBF200;c:\windows\system32\Drivers\Fdusb2J.sys [2005-05-10 13056]
R3 FNETTHJM_152D;Verbatim Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm_152D.sys [2011-08-12 24448]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\Drivers\ICDSX.sys [2003-10-01 31744]
R3 JL2004A;JL2004A Photo Viewer;c:\windows\system32\Drivers\pv_wdm.sys [2007-02-13 63289]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\85BC.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310c.sys [2008-03-27 116992]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 OPDHWZGB;OPDHWZGB;c:\users\Bill\AppData\Local\Temp\OPDHWZGB.exe [x]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [2010-10-18 20480]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-26 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-01-26 573224]
S2 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files\Office Depot PC Support Agent\esService.exe [2011-11-10 924568]
S2 PenCommService;Livescribe Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [2010-10-18 457728]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 01:06]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 01:06]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051419098-113979859-3048037255-1001Core.job
- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-01 19:51]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051419098-113979859-3048037255-1001UA.job
- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-01 19:51]
.
.
------- Supplementary Scan -------
.
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 172.16.2.1 192.168.1.254 8.8.8.8 8.8.4.4
TCP: Interfaces\{3CA858EE-F3DA-4A1C-9E1B-51C880F2D697}: NameServer = 192.168.1.254,68.94.156.1
FF - ProfilePath -
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\85BC.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=hex:51,66,7a,6c,4c,1d,38,12,6b,d7,31,
bd,21,23,45,0f,d1,9f,4b,e0,35,84,00,16
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:cb,9a,71,5a,08,b8,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,c6,94,d1,db,77,78,42,8f,6c,8b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,c6,94,d1,db,77,78,42,8f,6c,8b,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-29 09:04:59
ComboFix-quarantined-files.txt 2011-12-29 14:04
.
Pre-Run: 4,083,650,560 bytes free
Post-Run: 4,101,709,824 bytes free
.
- - End Of File - - 5C2BC944166FCBA7E626C97BF4BFFE78

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:53 PM

Posted 29 December 2011 - 01:49 PM

How is the computer doing now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 TheGear

TheGear
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 30 December 2011 - 04:55 PM

I was able to turn on Microsoft Security Essentials (which was turned off by malware). I ran a full scan with it -- no problems found. Then I downloaded the new version of Malwarebytes. MBAM found one problem: PUP.Adware.Downloader in a recent download of cnet_FastScanSeup_exe.exe. I deleted it.

One of the symptoms was the inability to start the Task Manager. It starts fine now.

Another problem, though, was inability to get past 52 hash marks when running DDS. That problem is still there.

I ran the Sophos antiConficker tool (I'm paranoid!). It found no problems.

So I guess, other than the DDS problem, the system looks good. Anything else you want me to test?

Thanks

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:53 PM

Posted 30 December 2011 - 06:04 PM

Hello

DDS is not a problem and is known about

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 TheGear

TheGear
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 31 December 2011 - 12:57 PM

Hmmmm. Interesting.

32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
7-Zip 9.22beta
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Adolix Split and Merge PDF v2.1
Alternate Transfer 5010
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATT-PRT22
Audacity 1.2.6
Belarc Advisor 8.1
Bonjour
BufferChm
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cardiris Pro 5
Conexant AC-Link Audio
Cool Timer 3.6
D3DX10
Destinations
DeviceDiscovery
Digital Voice Editor 3
DIRECTV2PC Playback Advisor
DocMgr
DocProc
Documents To Go
Easy Duplicate Finder v. 3.1
Evernote v. 4.1
Fax
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
GPL Ghostscript 8.56
GPL Ghostscript Fonts
Handbrake 0.9.4
High-Definition Video Playback
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Download Manager
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Photosmart Essential 3.5
HP Scanjet G3110
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
hpg3110
HPPhotosmartEssential
HPProductAssistant
HPSSupply
iCloud
ImgBurn
IndeoŽ software
IRIScan Anywhere 2
IRIScan Anywhere 2 Control Panel
iTunes
Java Auto Updater
Java™ 6 Update 16
Java™ 6 Update 22
Java™ 6 Update 27
Juice 2.2
Junk Mail filter update
LAME v3.98.2 for Audacity
Livescribe Desktop
Livescribe Desktop Documentation
Livescribe Desktop Print Your Own Paper
Livescribe Desktop Vision Objects Elements
Livescribe Smartpen Driver
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Memeo Instant Backup
Mesh Runtime
Messenger Companion
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft IntelliPoint 8.2
Microsoft LifeCam
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WorldWide Telescope
MobileMe Control Panel
Motorola SM56 Speakerphone Modem
Mozilla Firefox 7.0.1 (x86 en-US)
Mozilla Thunderbird (6.0.2)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicnotes Software Suite 1.5.3
Native Instruments Kontakt Player Sibelius
Native Instruments Sibelius Player
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero BackItUp and Burn
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Network
Neuratron PhotoScore Ultimate
OCR Software by I.R.I.S. 13.0
Office Depot PC Support Agent
OpenOffice.org 3.3
Palm
Pando Media Booster
PDFCreator
pdfforge Toolbar v4.6
Picasa 3
Quest PowerGUIŽ 3.1
QuickTime
Readiris Pro 12 for IRIScan Anywhere 2
Realterm 2.0.0.57
Revo Uninstaller 1.93
Rhapsody
Rhapsody Player Engine
Safari
Scan
SD V15.17
Seagate Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Shop for HP Supplies
Sibelius 4
Sibelius 6.2.0.88
Sibelius Sounds Essentials for Sibelius 6
Skype Toolbars
Skype™ 5.1
SmartSound Quicktracks Plugin
SmartWebPrinting
SolutionCenter
Sophos Anti-Rootkit 1.5.20
Sophos confic-a Cleanup Tool
Status
Strawberry Perl
SUPERAntiSpyware
Texas Instruments PCIxx21/x515 drivers.
Textbook Edition
Times Reader
TIxx21
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
TrustedQSL 1.13
Ulead COOL 3D 3.0
Ulead DVD DiskRecorder 2.1.1
Ulead VideoStudio 9.0
Uninstall Photo Viewer
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Veetle TV 0.9.17
Verbatim Turbo USB 2.0
Vim 7.3 (self-installing)
WebReg
WhoCrashed 3.02
Windows Driver Package - Livescribe (PulseUsb) DigitalPen (08/03/2010 2.2.6.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinMorse 2




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users