Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost using 1.2-1.5 GB of memory plus heavy CPU usage


  • This topic is locked This topic is locked
75 replies to this topic

#1 pooka's dad

pooka's dad

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 05 January 2012 - 12:56 AM

am using XP – 2002 version – SP3 on a Lenovo core 2 Duo (T8100 @2.10 GHz) with 3 GB RAM

Started about 2 weeks ago

Only happens when connected to the internet

as soon as I unplug the internet cable the svchost starts decreasing the amount of memory used. But if I try to plug the cable back in without rebooting it I go to a BSOD within a minute or 2

Takes 1-2 hours to get up to 1.2-1.5 G of memory usage and then everything slows down and CPU usage starts going up intermittently

Have tried malwarebytes, Spybot S&D, AVG free, clamwin and etc – nothing has helped

When try to uses system restore always get an incomplete and system says cannot restore itself

A Buddy said to try AnVir to review it - - this shows that svchost process is for zero wireless configuration – but just before a BSOD he said it switched to some kind of “updates” name. The Zero wireless… is not supposed to use any CPU and describes itself as “Provides automatic configuration for the 802.11 adapters” - even when i went in and found this item and turned it off in the ystem that made no diference in its usage - so something seems to have "stolen its identity"

I keep losing the ability to use my wireless connection – and then after 4-5 restarts it may or may not come back for a while
Several times at start up I have gotten a note that windows has closed a Generic Host Process for Win32 Services

First 2 tries to run the gmer crashed me to a BSOD - - on second crash message on BSOD said - - Driver_IRQL_NOT_LESS_OR_EQUAL lower on that’s screen it said: Iastor-sys-address B9E3915A base B9E2F000 date Stamp 45d0d237

thrid time worked though - had closd webpages etc

Enabled malware bytes live protection and constantly getting notification that it has stopped a malicious website (90% outgoing – 10% Incoming) and then gives a set of numbers – URL info – about 3-4 different initial versions (ie 1st 3 groups of #’s are the same) with lots of changes to the last digit or digits – Happens even when I do not have browser open

When I first noticed the issue I had also lost my ability to play audio 3-4 different times – the hardware profile said it was working fine but the computer acted as if there was no audio cards installed at all (there was nothing to select in the dropdown menus under audio – l was as if someone had removed the soundmax card – than after a few restarts it magically came back – only to leave again a day or so later - - after several restarts it usually came back and now hasn’t gone away for a couple of days or so.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by sysadmin at 21:50:12 on 2012-01-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3054.507 [GMT -5:00]
.
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\sysadmin\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\AVG\AVG2012\avgmfapx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://lenovo.live.com
uInternet Connection Wizard,ShellNext = ftp://l3ftp@ftp.rjsabp.com/
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [0] c:\documents and settings\all users\application data\*
uRun: [Uniblue ProcessQuickLink 2] "c:\program files\uniblue\processquicklink 2\ProcessQuickLink2.exe" /autostart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [test] test.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\sysadmin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\sysadmin\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Deployer - hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199538694109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://cam1.ipglab.com/program/SonySncRz25View.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ciscosales.webex.com/client/T27L10NSP15EP1/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
TCP: Interfaces\{3F173284-7E66-4B36-95CB-C8B80A19E24C} : DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sysadmin\application data\mozilla\firefox\profiles\snwr2s13.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\parallelgraphics\cortona\npCortona.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCortona.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-26 652872]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2011-7-22 690472]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-26 20464]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2011-2-9 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.reg=Regedit.Document
.
=============== Created Last 30 ================
.
2012-01-04 21:12:08 -------- d-----w- C:\PDFOCR_Output
2012-01-04 21:11:17 -------- d-----w- c:\documents and settings\sysadmin\application data\YCanPDF
2012-01-04 21:10:24 -------- d-----w- C:\pdfOCR
2012-01-04 20:53:10 -------- d-----w- c:\program files\SimpleOCR
2012-01-03 19:13:40 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-01-03 19:13:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-03 19:09:36 -------- d-----w- c:\documents and settings\sysadmin\application data\.clamwin
2012-01-03 19:09:23 -------- d-----w- c:\program files\ClamWin
2012-01-03 19:09:23 -------- d-----w- c:\documents and settings\all users\.clamwin
2012-01-03 18:49:36 -------- d-----w- c:\program files\AnVir Task Manager Free
2012-01-03 18:49:12 -------- d-----w- c:\documents and settings\sysadmin\local settings\application data\AnVir
2012-01-02 16:16:43 -------- d-----w- c:\program files\Uniblue
2011-12-29 16:07:24 -------- d-sh--w- C:\found.000
2011-12-26 17:25:29 -------- d-----w- c:\documents and settings\sysadmin\application data\NetMedia Providers
2011-12-26 17:10:48 -------- d-----w- c:\program files\Sony Setup
2011-12-24 13:12:16 -------- d-----w- c:\documents and settings\sysadmin\application data\Sonic Foundry
2011-12-24 13:09:06 -------- d-----w- c:\program files\Sonic Foundry Setup
.
==================== Find3M ====================
.
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-18 23:21:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 21:53:55.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:53 PM

Posted 05 January 2012 - 02:01 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


Please let me know how the above scans go.

Kindest Regards,
ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 pooka's dad

pooka's dad
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 05 January 2012 - 08:51 AM

HI ST

First Thanks so much for your quick reply and for taking this on - i really appeciate it
I understand you have a life and wil be as patient and supportive of that s needed as right now you are about my only hope - and being unemployed i gotta have this laptop to job hunt etc

I have several questions
regarding -
((Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!))
- - i have malwarebytes and spybot S&D activated on my computer - - should i deactivate them before following the directions posted? stiull constantkly getting notes from MBAM that blockled malicious website access - outgoing

my antivirus is clam win and AVG - though not committed to any o fthem - just found them - if you know of a better freeware antivirus i owuld be happy to switch to it

Out of fear that the computer was going to crash I made back ups in 3 different places
buddy's terabyte block external back up device - backed up the entire "My documents" Folder
USB stick 1 - backed up my entire "programs" folder
Usb Stick 2 - backed up my favorites for Internet explorer

do I need to run these same protocols on those devices as well

should i tell my buddy to not use his external drive till I can run the protocols

Thanks amnd hope to hear from you soon

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:53 PM

Posted 05 January 2012 - 08:59 AM

Hi pooka's dad!

- - i have malwarebytes and spybot S&D activated on my computer - - should i deactivate them before following the directions posted? stiull constantkly getting notes from MBAM that blockled malicious website access - outgoing

You can leave them as is for right now.

my antivirus is clam win and AVG - though not committed to any o fthem - just found them - if you know of a better freeware antivirus i owuld be happy to switch to it

Yes, I can recommend a few other alternatives later.

Out of fear that the computer was going to crash I made back ups in 3 different places
buddy's terabyte block external back up device - backed up the entire "My documents" Folder
USB stick 1 - backed up my entire "programs" folder
Usb Stick 2 - backed up my favorites for Internet explorer

do I need to run these same protocols on those devices as well

I'd probably run a virus scan on that external hard drive as well as an Online Virus scanner such as ESET Online Virus Scanner on it.

Hope the above answers your questions, if not, let me know, and I'll try to answer better/clarify.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 pooka's dad

pooka's dad
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 05 January 2012 - 11:51 AM

Hey ST

Thanks for the info
will run the 2 apps now and post ASAP

#6 pooka's dad

pooka's dad
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 05 January 2012 - 12:08 PM

Hey ST
ran tdsskiller
setting as shown in instructions
when got to the end
showed 6 items
5 showed skip
1 showed cure
i changed that cure to skip
was that right? - -- because i did not get that option to reboot - just went back to the original start screen with a note about unprocessed malware objects
or
was the fact that it displayed cure (insted of skip) meant I was being instructed to do it ( thought your note meant you would direct me - not the softeare)
sorry if got that confused

in case i did do it right
below is the log file

11:52:22.0906 1988 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:52:23.0218 1988 ============================================================
11:52:23.0218 1988 Current date / time: 2012/01/05 11:52:23.0218
11:52:23.0218 1988 SystemInfo:
11:52:23.0218 1988
11:52:23.0218 1988 OS Version: 5.1.2600 ServicePack: 3.0
11:52:23.0218 1988 Product type: Workstation
11:52:23.0218 1988 ComputerName: CKAZADZIS03
11:52:23.0218 1988 UserName: sysadmin
11:52:23.0218 1988 Windows directory: C:\WINDOWS
11:52:23.0218 1988 System windows directory: C:\WINDOWS
11:52:23.0218 1988 Processor architecture: Intel x86
11:52:23.0218 1988 Number of processors: 2
11:52:23.0218 1988 Page size: 0x1000
11:52:23.0218 1988 Boot type: Normal boot
11:52:23.0218 1988 ============================================================
11:52:23.0625 1988 Initialize success
11:52:52.0437 4476 ============================================================
11:52:52.0437 4476 Scan started
11:52:52.0437 4476 Mode: Manual; SigCheck; TDLFS;
11:52:52.0437 4476 ============================================================
11:52:54.0859 4476 Abiosdsk - ok
11:52:54.0937 4476 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:52:57.0781 4476 abp480n5 - ok
11:52:57.0984 4476 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
11:52:58.0109 4476 ac97intc - ok
11:52:58.0187 4476 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:52:58.0296 4476 ACPI - ok
11:52:58.0312 4476 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:52:58.0453 4476 ACPIEC - ok
11:52:58.0515 4476 ADIHdAudAddService (d537f3d03c6301fefa21f3eee8cc82d8) C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:52:58.0578 4476 ADIHdAudAddService - ok
11:52:58.0625 4476 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:52:58.0750 4476 adpu160m - ok
11:52:58.0765 4476 AEAudio (860df7676869cd8690cb2b23ab6de66a) C:\WINDOWS\system32\drivers\AEAudio.sys
11:52:58.0796 4476 AEAudio - ok
11:52:58.0875 4476 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:52:58.0984 4476 aec - ok
11:52:59.0046 4476 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:52:59.0093 4476 AegisP - ok
11:52:59.0156 4476 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:52:59.0265 4476 AFD - ok
11:52:59.0328 4476 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:52:59.0421 4476 agp440 - ok
11:52:59.0437 4476 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:52:59.0578 4476 agpCPQ - ok
11:52:59.0609 4476 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:52:59.0671 4476 Aha154x - ok
11:52:59.0718 4476 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:52:59.0812 4476 aic78u2 - ok
11:52:59.0828 4476 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:52:59.0906 4476 aic78xx - ok
11:52:59.0968 4476 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:53:00.0046 4476 AliIde - ok
11:53:00.0078 4476 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:53:00.0187 4476 alim1541 - ok
11:53:00.0203 4476 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:53:00.0312 4476 amdagp - ok
11:53:00.0328 4476 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:53:00.0406 4476 amsint - ok
11:53:00.0468 4476 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:53:00.0562 4476 Arp1394 - ok
11:53:00.0609 4476 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:53:00.0687 4476 asc - ok
11:53:00.0703 4476 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:53:00.0750 4476 asc3350p - ok
11:53:00.0781 4476 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:53:00.0859 4476 asc3550 - ok
11:53:00.0890 4476 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:53:00.0968 4476 AsyncMac - ok
11:53:01.0015 4476 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:53:01.0109 4476 atapi - ok
11:53:01.0125 4476 Atdisk - ok
11:53:01.0140 4476 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:53:01.0250 4476 Atmarpc - ok
11:53:01.0312 4476 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
11:53:01.0359 4476 atmeltpm - ok
11:53:01.0421 4476 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:53:01.0515 4476 audstub - ok
11:53:01.0593 4476 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
11:53:01.0625 4476 AVGIDSDriver - ok
11:53:01.0656 4476 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
11:53:01.0671 4476 AVGIDSEH - ok
11:53:01.0687 4476 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
11:53:01.0703 4476 AVGIDSFilter - ok
11:53:01.0718 4476 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
11:53:01.0734 4476 AVGIDSShim - ok
11:53:01.0796 4476 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:53:01.0812 4476 Avgldx86 - ok
11:53:01.0843 4476 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:53:01.0843 4476 Avgmfx86 - ok
11:53:01.0875 4476 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:53:01.0875 4476 Avgrkx86 - ok
11:53:01.0921 4476 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:53:01.0937 4476 Avgtdix - ok
11:53:01.0984 4476 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:53:02.0078 4476 Beep - ok
11:53:02.0187 4476 BTKRNL (9da09b5800b9de8336948664e3b9cc94) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
11:53:02.0359 4476 BTKRNL - ok
11:53:02.0421 4476 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
11:53:02.0453 4476 BTWUSB - ok
11:53:02.0515 4476 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:53:02.0609 4476 cbidf - ok
11:53:02.0625 4476 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:53:02.0718 4476 cbidf2k - ok
11:53:02.0750 4476 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:53:02.0796 4476 cd20xrnt - ok
11:53:02.0859 4476 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:53:02.0953 4476 Cdaudio - ok
11:53:03.0000 4476 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:53:03.0078 4476 Cdfs - ok
11:53:03.0109 4476 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:53:03.0203 4476 Cdrom - ok
11:53:03.0218 4476 Changer - ok
11:53:03.0296 4476 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:53:03.0406 4476 CmBatt - ok
11:53:03.0406 4476 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:53:03.0500 4476 CmdIde - ok
11:53:03.0515 4476 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:53:03.0625 4476 Compbatt - ok
11:53:03.0687 4476 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:53:03.0781 4476 Cpqarray - ok
11:53:03.0812 4476 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:53:03.0921 4476 dac2w2k - ok
11:53:03.0937 4476 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:53:04.0031 4476 dac960nt - ok
11:53:04.0078 4476 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:53:04.0156 4476 Disk - ok
11:53:04.0234 4476 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:53:04.0375 4476 dmboot - ok
11:53:04.0437 4476 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:53:04.0515 4476 dmio - ok
11:53:04.0562 4476 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:53:04.0671 4476 dmload - ok
11:53:04.0734 4476 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:53:04.0812 4476 DMusic - ok
11:53:04.0843 4476 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:53:04.0937 4476 dpti2o - ok
11:53:04.0953 4476 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:53:05.0046 4476 drmkaud - ok
11:53:05.0093 4476 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
11:53:05.0171 4476 dsNcAdpt - ok
11:53:05.0218 4476 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:53:05.0328 4476 E100B - ok
11:53:05.0406 4476 e1express (e1e31cb759ced9bae730b86171b9c9fd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:53:05.0421 4476 e1express - ok
11:53:05.0515 4476 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:53:05.0609 4476 Fastfat - ok
11:53:05.0671 4476 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:53:05.0765 4476 Fdc - ok
11:53:05.0828 4476 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:53:05.0937 4476 Fips - ok
11:53:06.0000 4476 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:53:06.0109 4476 Flpydisk - ok
11:53:06.0171 4476 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:53:06.0250 4476 FltMgr - ok
11:53:06.0312 4476 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:53:06.0406 4476 Fs_Rec - ok
11:53:06.0484 4476 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:53:06.0578 4476 Ftdisk - ok
11:53:06.0640 4476 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:53:06.0734 4476 Gpc - ok
11:53:06.0796 4476 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:53:06.0890 4476 HDAudBus - ok
11:53:06.0968 4476 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:53:07.0109 4476 HidUsb - ok
11:53:07.0156 4476 HPFXBULK (d63b7f6b2b992c0b566f44efde620b5d) C:\WINDOWS\system32\drivers\hpfxbulk.sys
11:53:07.0250 4476 HPFXBULK - ok
11:53:07.0281 4476 HPFXFAX (2bdff04d7d9a3cf07d9417cd366756e1) C:\WINDOWS\system32\drivers\hpfxfax.sys
11:53:07.0312 4476 HPFXFAX - ok
11:53:07.0375 4476 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:53:07.0468 4476 hpn - ok
11:53:07.0531 4476 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
11:53:07.0593 4476 HSFHWAZL - ok
11:53:07.0656 4476 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:53:07.0781 4476 HSF_DPV - ok
11:53:07.0859 4476 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:53:07.0921 4476 HTTP - ok
11:53:08.0000 4476 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:53:08.0078 4476 i2omgmt - ok
11:53:08.0125 4476 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:53:08.0203 4476 i2omp - ok
11:53:08.0265 4476 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:53:08.0375 4476 i8042prt - ok
11:53:08.0468 4476 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
11:53:08.0484 4476 iaStor - ok
11:53:08.0531 4476 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
11:53:08.0546 4476 IBMPMDRV - ok
11:53:08.0609 4476 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:53:08.0734 4476 Imapi - ok
11:53:08.0781 4476 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:53:08.0875 4476 ini910u - ok
11:53:08.0906 4476 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:53:09.0015 4476 IntelIde - ok
11:53:09.0093 4476 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:53:09.0187 4476 intelppm - ok
11:53:09.0250 4476 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:53:09.0343 4476 Ip6Fw - ok
11:53:09.0406 4476 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:53:09.0500 4476 IpFilterDriver - ok
11:53:09.0546 4476 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:53:09.0640 4476 IpInIp - ok
11:53:09.0671 4476 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:53:09.0781 4476 IpNat - ok
11:53:09.0796 4476 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:53:09.0890 4476 IPSec - ok
11:53:09.0937 4476 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:53:09.0968 4476 IRENUM - ok
11:53:10.0031 4476 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:53:10.0125 4476 isapnp - ok
11:53:10.0187 4476 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:53:10.0265 4476 Kbdclass - ok
11:53:10.0328 4476 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:53:10.0421 4476 kbdhid - ok
11:53:10.0468 4476 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:53:10.0546 4476 kmixer - ok
11:53:10.0578 4476 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:53:10.0718 4476 KSecDD - ok
11:53:10.0734 4476 lbrtfdc - ok
11:53:10.0796 4476 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
11:53:10.0812 4476 MBAMProtector - ok
11:53:10.0859 4476 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:53:10.0890 4476 mdmxsdk - ok
11:53:10.0921 4476 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:53:11.0031 4476 mnmdd - ok
11:53:11.0062 4476 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:53:11.0140 4476 Modem - ok
11:53:11.0187 4476 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:53:11.0281 4476 Mouclass - ok
11:53:11.0328 4476 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:53:11.0421 4476 mouhid - ok
11:53:11.0453 4476 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:53:11.0562 4476 MountMgr - ok
11:53:11.0593 4476 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:53:11.0671 4476 mraid35x - ok
11:53:11.0703 4476 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:53:11.0812 4476 MRxDAV - ok
11:53:11.0890 4476 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:53:12.0015 4476 MRxSmb - ok
11:53:12.0093 4476 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:53:12.0187 4476 Msfs - ok
11:53:12.0203 4476 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:53:12.0312 4476 MSKSSRV - ok
11:53:12.0375 4476 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:53:12.0484 4476 MSPCLOCK - ok
11:53:12.0515 4476 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:53:12.0609 4476 MSPQM - ok
11:53:12.0671 4476 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:53:12.0750 4476 mssmbios - ok
11:53:12.0796 4476 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:53:12.0875 4476 Mup - ok
11:53:12.0937 4476 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:53:13.0046 4476 NDIS - ok
11:53:13.0093 4476 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:53:13.0171 4476 NdisTapi - ok
11:53:13.0234 4476 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:53:13.0421 4476 Ndisuio - ok
11:53:13.0546 4476 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:53:13.0656 4476 NdisWan - ok
11:53:13.0734 4476 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:53:13.0796 4476 NDProxy - ok
11:53:13.0859 4476 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:53:13.0937 4476 NetBIOS - ok
11:53:14.0000 4476 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:53:14.0093 4476 NetBT - ok
11:53:14.0296 4476 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
11:53:14.0562 4476 NETw4x32 - ok
11:53:14.0781 4476 NETw5x32 (90f7fad201e62732cbe6625b07e4c8f1) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
11:53:15.0156 4476 NETw5x32 - ok
11:53:15.0203 4476 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:53:15.0296 4476 NIC1394 - ok
11:53:15.0359 4476 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:53:15.0453 4476 Npfs - ok
11:53:15.0546 4476 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:53:15.0656 4476 Ntfs - ok
11:53:15.0718 4476 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:53:15.0796 4476 Null - ok
11:53:16.0109 4476 nv (533a44be373bb8e9cd85a563eb132ed7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:53:16.0609 4476 nv - ok
11:53:16.0640 4476 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:53:16.0734 4476 NwlnkFlt - ok
11:53:16.0781 4476 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:53:16.0890 4476 NwlnkFwd - ok
11:53:16.0953 4476 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:53:17.0062 4476 ohci1394 - ok
11:53:17.0125 4476 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:53:17.0234 4476 Parport - ok
11:53:17.0281 4476 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:53:17.0390 4476 PartMgr - ok
11:53:17.0437 4476 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:53:17.0515 4476 ParVdm - ok
11:53:17.0546 4476 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:53:17.0656 4476 PCI - ok
11:53:17.0671 4476 PCIDump - ok
11:53:17.0703 4476 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:53:17.0796 4476 PCIIde - ok
11:53:17.0875 4476 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:53:17.0968 4476 Pcmcia - ok
11:53:17.0984 4476 PDCOMP - ok
11:53:18.0000 4476 PDFRAME - ok
11:53:18.0000 4476 PDRELI - ok
11:53:18.0015 4476 PDRFRAME - ok
11:53:18.0062 4476 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:53:18.0140 4476 perc2 - ok
11:53:18.0156 4476 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:53:18.0296 4476 perc2hib - ok
11:53:18.0375 4476 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
11:53:18.0406 4476 pmem ( UnsignedFile.Multi.Generic ) - warning
11:53:18.0406 4476 pmem - detected UnsignedFile.Multi.Generic (1)
11:53:18.0468 4476 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:53:18.0546 4476 PptpMiniport - ok
11:53:18.0593 4476 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:53:18.0703 4476 Processor - ok
11:53:18.0734 4476 psadd (aac08defb15aaab00b30341c716efa35) C:\WINDOWS\system32\DRIVERS\psadd.sys
11:53:18.0796 4476 psadd - ok
11:53:18.0812 4476 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:53:18.0921 4476 PSched - ok
11:53:18.0968 4476 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:53:19.0046 4476 Ptilink - ok
11:53:19.0093 4476 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:53:19.0109 4476 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
11:53:19.0109 4476 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
11:53:19.0156 4476 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:53:19.0265 4476 ql1080 - ok
11:53:19.0281 4476 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:53:19.0406 4476 Ql10wnt - ok
11:53:19.0437 4476 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:53:19.0531 4476 ql12160 - ok
11:53:19.0562 4476 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:53:19.0671 4476 ql1240 - ok
11:53:19.0718 4476 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:53:19.0812 4476 ql1280 - ok
11:53:19.0859 4476 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:53:19.0953 4476 RasAcd - ok
11:53:20.0015 4476 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:53:20.0109 4476 Rasl2tp - ok
11:53:20.0125 4476 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:53:20.0250 4476 RasPppoe - ok
11:53:20.0265 4476 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:53:20.0390 4476 Raspti - ok
11:53:20.0453 4476 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:53:20.0546 4476 Rdbss - ok
11:53:20.0593 4476 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:53:20.0687 4476 RDPCDD - ok
11:53:20.0750 4476 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:53:20.0843 4476 rdpdr - ok
11:53:20.0906 4476 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:53:20.0953 4476 RDPWD - ok
11:53:21.0000 4476 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:53:21.0093 4476 redbook - ok
11:53:21.0171 4476 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
11:53:21.0203 4476 rimmptsk - ok
11:53:21.0250 4476 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
11:53:21.0328 4476 rimsptsk - ok
11:53:21.0375 4476 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
11:53:21.0421 4476 RimUsb - ok
11:53:21.0500 4476 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
11:53:21.0546 4476 RimVSerPort - ok
11:53:21.0562 4476 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
11:53:21.0640 4476 rismxdp - ok
11:53:21.0703 4476 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
11:53:21.0796 4476 ROOTMODEM - ok
11:53:21.0843 4476 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
11:53:21.0875 4476 RT73 - ok
11:53:21.0937 4476 s24trans (2220783b32a9f91df87f3e8315f091e7) C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:53:21.0953 4476 s24trans ( UnsignedFile.Multi.Generic ) - warning
11:53:21.0953 4476 s24trans - detected UnsignedFile.Multi.Generic (1)
11:53:22.0031 4476 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:53:22.0125 4476 sdbus - ok
11:53:22.0187 4476 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:53:22.0234 4476 Secdrv - ok
11:53:22.0312 4476 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:53:22.0406 4476 serenum - ok
11:53:22.0468 4476 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:53:22.0562 4476 Serial - ok
11:53:22.0609 4476 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
11:53:22.0687 4476 sffdisk - ok
11:53:22.0734 4476 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
11:53:22.0843 4476 sffp_sd - ok
11:53:22.0890 4476 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:53:22.0984 4476 Sfloppy - ok
11:53:23.0015 4476 Simbad - ok
11:53:23.0046 4476 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:53:23.0156 4476 sisagp - ok
11:53:23.0171 4476 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:53:23.0218 4476 Sparrow - ok
11:53:23.0265 4476 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:53:23.0343 4476 splitter - ok
11:53:23.0390 4476 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:53:23.0453 4476 sr - ok
11:53:23.0531 4476 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:53:23.0625 4476 Srv - ok
11:53:23.0687 4476 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:53:23.0781 4476 swenum - ok
11:53:23.0796 4476 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:53:23.0921 4476 swmidi - ok
11:53:23.0953 4476 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:53:24.0046 4476 symc810 - ok
11:53:24.0078 4476 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:53:24.0187 4476 symc8xx - ok
11:53:24.0234 4476 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:53:24.0343 4476 sym_hi - ok
11:53:24.0375 4476 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:53:24.0484 4476 sym_u3 - ok
11:53:24.0562 4476 SynTP (b248b5fe80b285b91cb1e6f85b0ae1d7) C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:53:24.0609 4476 SynTP - ok
11:53:24.0687 4476 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:53:24.0765 4476 sysaudio - ok
11:53:24.0843 4476 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:53:24.0937 4476 Tcpip - ok
11:53:25.0015 4476 TcUsb (109d1f5cd9cc370a87901db3ddd533f1) C:\WINDOWS\system32\Drivers\tcusb.sys
11:53:25.0015 4476 TcUsb - ok
11:53:25.0062 4476 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:53:25.0156 4476 TDPIPE - ok
11:53:25.0187 4476 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:53:25.0296 4476 TDTCP - ok
11:53:25.0343 4476 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:53:25.0437 4476 TermDD - ok
11:53:25.0484 4476 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:53:25.0562 4476 TosIde - ok
11:53:25.0609 4476 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
11:53:25.0640 4476 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
11:53:25.0640 4476 TPPWRIF - detected UnsignedFile.Multi.Generic (1)
11:53:25.0687 4476 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
11:53:25.0718 4476 TVTI2C - ok
11:53:25.0734 4476 TVTPktFilter - ok
11:53:25.0781 4476 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:53:25.0890 4476 Udfs - ok
11:53:25.0906 4476 UIUSys - ok
11:53:25.0953 4476 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:53:26.0015 4476 ultra - ok
11:53:26.0093 4476 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:53:26.0187 4476 Update - ok
11:53:26.0234 4476 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:53:26.0328 4476 usbaudio - ok
11:53:26.0390 4476 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:53:26.0484 4476 usbccgp - ok
11:53:26.0531 4476 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:53:26.0625 4476 usbehci - ok
11:53:26.0671 4476 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:53:26.0765 4476 usbhub - ok
11:53:26.0843 4476 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:53:26.0968 4476 usbprint - ok
11:53:27.0046 4476 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:53:27.0156 4476 usbscan - ok
11:53:27.0171 4476 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:53:27.0296 4476 USBSTOR - ok
11:53:27.0390 4476 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:53:27.0484 4476 usbuhci - ok
11:53:27.0531 4476 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:53:27.0625 4476 VgaSave - ok
11:53:27.0671 4476 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:53:27.0781 4476 viaagp - ok
11:53:27.0859 4476 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:53:27.0968 4476 ViaIde - ok
11:53:28.0031 4476 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:53:28.0125 4476 VolSnap - ok
11:53:28.0156 4476 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:53:28.0281 4476 Wanarp - ok
11:53:28.0296 4476 WDICA - ok
11:53:28.0328 4476 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:53:28.0437 4476 wdmaud - ok
11:53:28.0546 4476 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:53:28.0593 4476 winachsf - ok
11:53:28.0671 4476 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:53:28.0781 4476 WmiAcpi - ok
11:53:28.0921 4476 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:53:29.0000 4476 WudfPf - ok
11:53:29.0046 4476 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:53:29.0078 4476 WudfRd - ok
11:53:29.0125 4476 MBR (0x1B8) (3bb56f97daa0dea66fd223920040a0d0) \Device\Harddisk0\DR0
11:53:29.0156 4476 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:53:29.0156 4476 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:53:29.0203 4476 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:53:29.0203 4476 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:53:29.0203 4476 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR2
11:53:30.0203 4476 \Device\Harddisk1\DR2 - ok
11:53:30.0203 4476 Boot (0x1200) (6013166f11c7518d76d1d50bca6f7bf9) \Device\Harddisk0\DR0\Partition0
11:53:30.0203 4476 \Device\Harddisk0\DR0\Partition0 - ok
11:53:30.0218 4476 Boot (0x1200) (e345ffa26e3de190075c7820d90d91b2) \Device\Harddisk1\DR2\Partition0
11:53:30.0218 4476 \Device\Harddisk1\DR2\Partition0 - ok
11:53:30.0218 4476 ============================================================
11:53:30.0218 4476 Scan finished
11:53:30.0218 4476 ============================================================
11:53:30.0359 4468 Detected object count: 6
11:53:30.0359 4468 Actual detected object count: 6
11:54:04.0140 4468 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
11:54:04.0140 4468 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:54:04.0140 4468 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
11:54:04.0140 4468 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:54:04.0140 4468 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
11:54:04.0140 4468 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:54:04.0140 4468 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
11:54:04.0140 4468 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:54:04.0140 4468 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
11:54:04.0140 4468 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
11:54:04.0140 4468 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:54:04.0140 4468 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#7 pooka's dad

pooka's dad
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 05 January 2012 - 01:14 PM

Hey St
realized that if i had followed instructions accuaretly then no reason to wait on running OTL
if i did not then i cam always run it again

THE OTL TEXT LOG IS BELOW
OTL logfile created on: 1/5/2012 12:51:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\sysadmin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 39.90% Memory free
4.30 Gb Paging File | 2.48 Gb Available in Paging File | 57.61% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 81.28 Gb Free Space | 54.53% Space Free | Partition Type: NTFS
Drive E: | 29.87 Gb Total Space | 2.54 Gb Free Space | 8.51% Space Free | Partition Type: FAT32
Drive F: | 3.77 Gb Total Space | 1.46 Gb Free Space | 38.79% Space Free | Partition Type: FAT

Computer Name: CKAZADZIS03 | User Name: sysadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 08:54:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sysadmin\Desktop\OTL.exe
PRC - [2012/01/05 08:51:16 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sysadmin\Desktop\tdsskiller.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/03 01:22:12 | 004,200,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgui.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/22 13:26:40 | 000,690,472 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/05 05:07:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/02/27 20:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/27 15:11:04 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/11/16 09:42:37 | 000,175,360 | ---- | M] () -- C:\Program Files\Foxit Software\PDF Creator\fpc_wordaddin.dll
MOD - [2009/02/14 04:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2008/10/26 04:42:14 | 000,065,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007/09/05 11:18:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2007/09/05 11:18:00 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2007/05/17 21:33:12 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpi072.dll
MOD - [2007/04/16 14:17:32 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006/10/27 18:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/22 13:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/08/12 17:20:28 | 000,615,720 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/02/27 20:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/08/12 17:07:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/05/29 00:23:22 | 004,203,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2007/09/05 11:18:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/08/21 02:35:00 | 000,014,336 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007/08/21 02:35:00 | 000,011,264 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007/08/08 06:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/29 21:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 20:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/22 18:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/05/22 02:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/04/30 09:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/03/29 18:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/27 04:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/01/24 04:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/12/21 21:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 21:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 21:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/11/24 18:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3368858662-2476982287-1526873143-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKU\S-1-5-21-3368858662-2476982287-1526873143-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-3368858662-2476982287-1526873143-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3368858662-2476982287-1526873143-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3368858662-2476982287-1526873143-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 09:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/04 13:08:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/07 12:15:56 | 000,000,000 | ---D | M]

[2008/07/02 15:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sysadmin\Application Data\Mozilla\Extensions
[2011/07/10 17:42:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sysadmin\Application Data\Mozilla\Firefox\Profiles\snwr2s13.default\extensions
[2011/02/10 11:04:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sysadmin\Application Data\Mozilla\Firefox\Profiles\snwr2s13.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/04 13:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/06 19:39:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/23 09:53:48 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/01/04 12:50:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/08/09 15:17:46 | 000,873,888 | ---- | M] (ParallelGraphics) -- C:\Program Files\mozilla firefox\plugins\npCortona.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/04 12:50:49 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Chrome\Application\10.0.648.204\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Chrome\Application\10.0.648.204\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Chrome\Application\10.0.648.204\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\sysadmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2009/09/15 16:40:47 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [test] test.exe File not found
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-3368858662-2476982287-1526873143-500..\Run: [0] C:\Documents and Settings\All Users\Application Data\ [2012/01/04 15:52:59 | 000,000,000 | RH-D | M]
O4 - HKU\S-1-5-21-3368858662-2476982287-1526873143-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3368858662-2476982287-1526873143-500..\Run: [Uniblue ProcessQuickLink 2] C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe (Uniblue)
O4 - Startup: C:\Documents and Settings\sysadmin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\sysadmin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3368858662-2476982287-1526873143-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199538694109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} http://cam1.ipglab.com/program/SonySncRz25View.cab (Sony SNC-RZ25 Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ciscosales.webex.com/client/T27L10NSP15EP1/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Deployer http://www.pcthreat.com/autoinstall/shsafeinstall.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = XIOCOM.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F173284-7E66-4B36-95CB-C8B80A19E24C}: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a39fcce1-466b-11e0-b5c0-00215c708193}\Shell - "" = AutoRun
O33 - MountPoints2\{a39fcce1-466b-11e0-b5c0-00215c708193}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a39fcce1-466b-11e0-b5c0-00215c708193}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 08:54:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sysadmin\Desktop\OTL.exe
[2012/01/05 08:51:14 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sysadmin\Desktop\tdsskiller.exe
[2012/01/04 21:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sysadmin\Desktop\stuff from desktop to review
[2012/01/04 16:12:08 | 000,000,000 | ---D | C] -- C:\PDFOCR_Output
[2012/01/04 16:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sysadmin\Application Data\YCanPDF
[2012/01/04 16:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF OCR
[2012/01/04 16:10:24 | 000,000,000 | ---D | C] -- C:\pdfOCR
[2012/01/04 15:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sysadmin\Start Menu\Programs\SimpleOCR
[2012/01/04 15:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\SimpleOCR
[2012/01/04 13:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/04 13:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ClamWin Antivirus
[2012/01/04 13:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ProcessQuickLink 2
[2012/01/03 14:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/01/03 14:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/01/03 14:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sysadmin\Application Data\.clamwin
[2012/01/03 14:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\ClamWin
[2012/01/03 14:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\.clamwin
[2012/01/03 13:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AnVir Task Manager Free
[2012/01/03 13:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\AnVir Task Manager Free
[2012/01/03 13:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sysadmin\Local Settings\Application Data\AnVir
[2012/01/03 11:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sysadmin\My Documents\DESKTOP DOCUMENTS - COPIED TO HERE
[2012/01/02 11:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/12/30 07:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/12/29 11:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/29 11:07:24 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/12/29 09:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/12/29 09:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/12/29 08:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/29 08:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/26 12:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sysadmin\Application Data\NetMedia Providers
[2011/12/26 12:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sysadmin\My Documents\ACID Pro 7.0 Projects
[2011/12/26 12:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2011/12/24 08:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sysadmin\Application Data\Sonic Foundry
[2011/12/24 08:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic Foundry Setup
[2011/12/07 12:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/12/07 12:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/07 12:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/12/07 12:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/01/10 07:30:47 | 000,348,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2007/11/28 18:56:10 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2007/11/28 18:56:10 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\sysadmin\My Documents\*.tmp files -> C:\Documents and Settings\sysadmin\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/05 13:00:25 | 995,886,079 | ---- | M] () -- C:\Documents and Settings\sysadmin\My Documents\MAIL BACK UP JAN 2011.pst
[2012/01/05 12:46:35 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\sysadmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/01/05 12:31:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/05 11:34:00 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/05 11:29:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/05 08:56:58 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\sysadmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/01/05 08:54:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sysadmin\Desktop\OTL.exe
[2012/01/05 08:51:16 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sysadmin\Desktop\tdsskiller.exe
[2012/01/05 07:29:01 | 086,023,149 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/04 21:50:07 | 000,290,765 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/04 21:47:16 | 000,506,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/04 21:47:16 | 000,088,340 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/04 16:14:38 | 000,000,309 | ---- | M] () -- C:\WINDOWS\SoftWriting.ini
[2012/01/04 16:10:30 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PDF OCR.lnk
[2012/01/04 13:18:18 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/03 14:13:48 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\sysadmin\Desktop\Spybot - Search & Destroy.lnk
[2012/01/03 13:49:37 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnVir Task Manager Free.lnk
[2012/01/03 12:36:47 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/01/03 12:36:47 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/01/03 09:08:03 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\sysadmin\Start Menu\Programs\Startup\Dropbox.lnk
[2011/12/29 12:40:16 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/12/25 20:39:51 | 000,620,194 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/12/24 08:10:59 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACID Music 3.0.lnk
[2011/12/23 17:01:48 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/12/23 09:59:41 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/22 21:50:48 | 000,000,567 | ---- | M] () -- C:\Documents and Settings\sysadmin\Desktop\Shortcut to ACID 3.0.lnk
[2011/12/21 16:56:08 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\sysadmin\Desktop\Shortcut to Removable Disk (E).lnk
[2011/12/21 15:23:45 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\sysadmin\Desktop\Shortcut to MUSIC AND RECORDINGS.lnk
[2011/12/16 11:52:39 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\sysadmin\Desktop\Microsoft Office PowerPoint 2007.lnk
[2011/12/11 08:49:25 | 000,001,033 | ---- | M] () -- C:\Documents and Settings\sysadmin\Desktop\Dropbox.lnk
[2011/12/11 00:40:45 | 000,001,178 | -HS- | M] () -- C:\Documents and Settings\sysadmin\Local Settings\Application Data\8e41tv0x82n235
[2011/12/11 00:40:45 | 000,001,178 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8e41tv0x82n235
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/07 12:15:50 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\sysadmin\My Documents\*.tmp files -> C:\Documents and Settings\sysadmin\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/04 21:57:57 | 000,526,205 | ---- | C] () -- C:\Documents and Settings\sysadmin\My Documents\2011-MAGNAGLOBAL-Advertising-Forecast-Abbreviated.pdf
[2012/01/04 16:10:30 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PDF OCR.lnk
[2012/01/04 15:53:16 | 000,000,309 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2012/01/04 13:18:18 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/03 14:13:48 | 000,000,939 | ---- | C] () -- C:\Documents and Settings\sysadmin\Desktop\Spybot - Search & Destroy.lnk
[2012/01/03 13:49:37 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AnVir Task Manager Free.lnk
[2012/01/03 09:08:03 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\sysadmin\Start Menu\Programs\Startup\Dropbox.lnk
[2011/12/29 04:03:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/24 08:10:59 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ACID Music 3.0.lnk
[2011/12/22 21:50:48 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\sysadmin\Desktop\Shortcut to ACID 3.0.lnk
[2011/12/21 16:56:08 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\sysadmin\Desktop\Shortcut to Removable Disk (E).lnk
[2011/12/21 15:23:45 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\sysadmin\Desktop\Shortcut to MUSIC AND RECORDINGS.lnk
[2011/12/11 00:40:45 | 000,001,178 | -HS- | C] () -- C:\Documents and Settings\sysadmin\Local Settings\Application Data\8e41tv0x82n235
[2011/12/11 00:40:45 | 000,001,178 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8e41tv0x82n235
[2011/12/07 12:15:50 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/09 23:34:21 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/09 23:34:21 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/30 22:40:11 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/04/24 11:59:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/04/12 14:53:45 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2011/03/14 09:13:56 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SonySNCRZ25.ini
[2011/03/09 16:54:26 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\sysadmin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/09 14:24:56 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP32.INI
[2011/03/09 13:30:10 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2011/03/09 13:28:34 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2011/02/21 07:24:21 | 000,695,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/09 22:21:45 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2011/02/09 22:17:55 | 000,000,685 | R--- | C] () -- C:\WINDOWS\System32\hppapr08.dat
[2011/02/09 21:26:11 | 000,153,352 | ---- | C] () -- C:\WINDOWS\hppins08.dat
[2011/02/09 21:26:11 | 000,153,311 | ---- | C] () -- C:\WINDOWS\System32\hppins08.dat
[2011/02/09 21:26:11 | 000,001,116 | ---- | C] () -- C:\WINDOWS\hppmdl08.dat
[2010/05/03 11:20:53 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/10 07:31:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2008/01/10 07:31:53 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DAT
[2008/01/10 07:30:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\LMABE2DD.ini
[2008/01/08 01:11:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/01/05 08:54:36 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/28 19:38:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/11/28 19:16:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2007/11/28 19:10:48 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/11/28 19:02:02 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/11/28 19:02:01 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/28 19:02:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/28 19:01:58 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/28 19:01:58 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/11/28 19:01:58 | 001,018,804 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/11/28 19:01:58 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/28 19:01:55 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/11/28 19:01:54 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/11/28 18:56:55 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2007/11/28 18:56:55 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/11/28 18:56:11 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/11/28 18:56:11 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2007/11/28 18:55:09 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/11/28 18:45:48 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/23 13:34:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2007/02/27 20:48:38 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/27 20:29:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/04/30 02:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 02:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 02:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/30 02:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/30 01:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/04/30 01:55:55 | 000,506,482 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/30 01:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/04/30 01:55:55 | 000,088,340 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/30 01:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/04/30 01:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/04/30 01:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/04/30 01:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/30 01:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/04/30 01:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/04/30 01:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/04/30 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/04/29 19:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/29 19:03:29 | 000,540,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55422315
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F4A0A6B

< End of report >







THE EXTRAS TEXT LOG IS BELOW


OTL Extras logfile created on: 1/5/2012 12:51:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\sysadmin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 39.90% Memory free
4.30 Gb Paging File | 2.48 Gb Available in Paging File | 57.61% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 81.28 Gb Free Space | 54.53% Space Free | Partition Type: NTFS
Drive E: | 29.87 Gb Total Space | 2.54 Gb Free Space | 8.51% Space Free | Partition Type: FAT32
Drive F: | 3.77 Gb Total Space | 1.46 Gb Free Space | 38.79% Space Free | Partition Type: FAT

Computer Name: CKAZADZIS03 | User Name: sysadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg [@ = Regedit.Document] -- c:\Winnt\Regedit.exe %1

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = localsubnet,172.16.0.0/12

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = localsubnet

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"E:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ" = E:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ:*:Enabled:test
"C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe" = C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe:*:Enabled:HP Networked Printer Installer -- ()
"C:\Documents and Settings\sysadmin\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\sysadmin\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{09E75527-D21D-4B9D-88FB-1A3E9D434A21}" = Sonic Foundry ACID 3.0g
"{0A013EA1-A1D3-11E0-8DCF-005056C00008}" = Sound Forge Audio Studio 10.0
"{0ABC556A-5A27-4708-9021-B72FB0F8B1F6}" = Canon MF4200 Series
"{0EC8D8D1-A1D3-11E0-BC8C-005056C00008}" = MSVCRT Redists
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.9.1.1.mf06
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 24
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2C74EC44-ECCE-4C3E-8DFC-236D7052F5AD}" = hppscanM1522
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{32E05824-A0AC-4DFE-B965-5F52C28FBE9F}_is1" = EPS Viewer
"{33EFDAD7-1686-465A-AE0A-26F22E380315}" = Product_Min_QFolder
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3BDDF462-8A95-4C50-86DA-4D41F3483EA5}" = Canon MF Toolbox 4.9.1.1.mf06
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D122AF9-1E02-4035-8003-334D378C1B62}_is1" = PDF OCR 4.2
"{3E487A7F-2F7E-4D96-9103-C77968CCBD45}" = hpzTLBXFX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E86E575-2B04-4FEC-ADA3-72D47CB4777C}" = Cortona3D Viewer
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5DEF53CC-4512-4BE3-BA49-89BEDE0B7917}" = hppLJM1522
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{82327AE2-4C5D-46F7-AAE2-2D4BEC7AA60D}" = hppManualsM1522
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC253CE-E37F-48F2-AC01-CDA7C0ABB30D}" = hppTLBXFXM1522
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISSTD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISSTD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISSTD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISSTD_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{943D534F-B17D-4D52-9AC4-AE8DE38D3BF4}" = Canon MF Toolbox 4.9.1.1.mf06
"{9606A332-1C71-466F-873C-C47CA3B53E7D}" = hppScanTo
"{9660B18F-EC12-11DF-B006-0013D3D69929}" = Sound Forge Pro 10.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A26B749D-CAB4-4652-A418-DEB6723362B7}" = Canon MF Toolbox 4.9.1.1.mf06
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436B59A-756E-426F-A348-2BE1BE99B86F}" = AVG 2012
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE97CE29-68F4-4138-8182-DAD936512306}" = hppSendFax
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB909FED-3963-4CCC-A538-92F5022C3818}" = hppFaxDrvM1522
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Audio Pack 1
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1D14E56-E344-493F-AA72-CBA4C9F4CF1C}" = hppFaxUtility
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D4C5CF89-51BC-4B2B-9057-EA2D24B56148}" = hppIOFiles
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{D8EEDC94-EE82-46A0-A7DB-812E3C6A0A6E}_is1" = PSD Viewer
"{D9B5AE52-FEF9-4E5C-A63E-06A6638B2935}" = Nero Kwik Media
"{DB01EE59-8EEB-4F28-9F4F-2396BBC96343}" = freeWRL
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DD929BD3-5D41-4407-BE04-119B4A631869}" = Canon MF Toolbox 4.9.1.1.mf06
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ED9A9F6F-63CD-40F2-837B-5E1319E86692}" = Scan
"{EEBEC18B-CFC5-A24C-0BA0-2D68223798E2}" = Digital Signage - September/October 2011
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}" = ACID Pro 7.0
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD12EF05-CD14-4422-90A8-76D37C3E14C9}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8310 smartphone
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AnVir Task Manager Free" = AnVir Task Manager Free
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2012
"b8ccc6d5d947405263820b5482c8c147" = Digital Signage - September/October 2011
"Blender" = Blender (remove only)
"Business Plan Forms" = Business Plan Forms
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.97.3
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"FileZilla Client" = FileZilla Client 3.4.0
"Foxit Reader" = Foxit Reader
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"HP LaserJet M1522" = HP LaserJet M1522 MFP Series 1.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"Juniper Network Connect 6.0.0" = Juniper Networks Network Connect 6.0.0
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lexmark_HostCD" = Lexmark Software Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Pidgin" = Pidgin
"Power Management Driver" = ThinkPad Power Management Driver
"ProcessQuickLink 2_is1" = Uniblue ProcessQuickLink 2
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"SimpleOCR 3.1" = SimpleOCR 3.1
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"Trusted Software Assistant_is1" = File Type Assistant
"VISSTD" = Microsoft Office Visio Standard 2007
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3368858662-2476982287-1526873143-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/5/2012 12:16:16 AM | Computer Name = CKAZADZIS03 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/5/2012 8:16:03 AM | Computer Name = CKAZADZIS03 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/5/2012 9:23:53 AM | Computer Name = CKAZADZIS03 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 12.0.6562.5003, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/5/2012 9:30:55 AM | Computer Name = CKAZADZIS03 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/5/2012 9:30:58 AM | Computer Name = CKAZADZIS03 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/5/2012 12:29:31 PM | Computer Name = CKAZADZIS03 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/5/2012 12:30:19 PM | Computer Name = CKAZADZIS03 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/5/2012 12:37:44 PM | Computer Name = CKAZADZIS03 | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 1/5/2012 1:47:52 PM | Computer Name = CKAZADZIS03 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\SYSADMIN\MY DOCUMENTS\! AAA SALES
OPS\!SPRINT + TELECOM CARRIERS\SPRINT DIGITAL SIGNAGE\9 PANEL PLAY LIST ITEMS FOR
NRF AND HMSS.DOC> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 1/5/2012 1:47:52 PM | Computer Name = CKAZADZIS03 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\SYSADMIN\MY DOCUMENTS\! AAA SALES
OPS\!SPRINT + TELECOM CARRIERS\SPRINT DIGITAL SIGNAGE\9 PANEL PLAY LIST ITEMS FOR
NRF AND HMSS.DOC> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


[ OSession Events ]
Error - 5/17/2011 4:26:31 PM | Computer Name = CKAZADZIS03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 15589 seconds with 4320 seconds of active time. This session ended with
a crash.

Error - 5/31/2011 3:41:04 PM | Computer Name = CKAZADZIS03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 76
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/4/2011 4:03:38 AM | Computer Name = CKAZADZIS03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 104969
seconds with 4140 seconds of active time. This session ended with a crash.

Error - 6/29/2011 4:33:02 PM | Computer Name = CKAZADZIS03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 235642
seconds with 20280 seconds of active time. This session ended with a crash.

Error - 7/5/2011 9:57:08 AM | Computer Name = CKAZADZIS03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 318241
seconds with 3060 seconds of active time. This session ended with a crash.

Error - 8/4/2011 6:52:37 PM | Computer Name = CKAZADZIS03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 205814
seconds with 15840 seconds of active time. This session ended with a crash.

Error - 8/5/2011 11:11:55 AM | Computer Name = CKAZADZIS03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 176100
seconds with 7800 seconds of active time. This session ended with a crash.

Error - 8/26/2011 10:03:22 PM | Computer Name = CKAZADZIS03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 29270
seconds with 780 seconds of active time. This session ended with a crash.

Error - 11/7/2011 4:10:11 PM | Computer Name = CKAZADZIS03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 160683
seconds with 3240 seconds of active time. This session ended with a crash.

Error - 11/11/2011 5:44:29 PM | Computer Name = CKAZADZIS03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 106753
seconds with 3240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/5/2012 12:29:31 PM | Computer Name = CKAZADZIS03 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain XIOCOM due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 1/5/2012 12:30:15 PM | Computer Name = CKAZADZIS03 | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 1/5/2012 12:30:21 PM | Computer Name = CKAZADZIS03 | Source = Print | ID = 23
Description = Printer PageManager PDF Writer failed to initialize because a suitable
PageManager PDF Writer driver could not be found.

Error - 1/5/2012 12:30:25 PM | Computer Name = CKAZADZIS03 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 1/5/2012 12:30:25 PM | Computer Name = CKAZADZIS03 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/5/2012 12:30:41 PM | Computer Name = CKAZADZIS03 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Juniper Network Connect
Service service to connect.

Error - 1/5/2012 12:30:41 PM | Computer Name = CKAZADZIS03 | Source = Service Control Manager | ID = 7000
Description = The Juniper Network Connect Service service failed to start due to
the following error: %%1053

Error - 1/5/2012 12:33:07 PM | Computer Name = CKAZADZIS03 | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 1/5/2012 12:45:27 PM | Computer Name = CKAZADZIS03 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 1/5/2012 1:15:27 PM | Computer Name = CKAZADZIS03 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.


< End of report >

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:53 PM

Posted 06 January 2012 - 03:41 AM

Hi pooka's dad!

You did run TDSSKiller correctly.

I like to first see what was detected by TDSSKiller before I have you cure it.

We'll be running a more powerful tool now.

Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 pooka's dad

pooka's dad
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 06 January 2012 - 08:45 AM

ST
had a prob
followed rules to shut down Anti-virus and anti spyware but some how the AVG 2012 free did not shut down ( think i was foloowing AVG 8 rules which must be different for freeware)
gave me 3 messages about problems - i said allow but then whle it was running the system restore point - the word system changed to syst

next round i will just get off the internet and uninstall AVG before i run combo fix - run combo fix and then reinstll - (have the original AVG download files saved so no big deal)

also got this message

micorsoft windows recovery console

this machine does not have the micorsoft windos recovery console installed. alternately an existing installation of the recovery concole may be present but requires updating - without it combofix shall not attept fixing of some serious infections - click yes to have combo fix download /install it

should i click yes

once that is done shold i let combo fix try to finish or just restart the process?

thanks

#10 pooka's dad

pooka's dad
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 06 January 2012 - 09:02 AM

ignore that thing about system resore - it shows fine now
dug deeper and looks like i did not turn off ID protection on AVG and that is what found combo fix

can turn that off or go with option described above - just need to know if ok to click yes on the windows recovery thing
thanks

#11 pooka's dad

pooka's dad
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 06 January 2012 - 03:16 PM

Hey St
just an idea
if you could give me some sense of wen you wil be on line i will be ther as well so thatwe can expedite thingsso far you have been on between 1:00 AM and 7 Am or so my time

tonight i can be up as late as needed so i can ask any questions as they pop up through the process

hope that works for you - don't mean to fcauee any issues - if doesn't work we will deal with i as we have been

thanks again

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:53 PM

Posted 07 January 2012 - 02:10 AM

Hi!

The best time to find me online is in fact between 1AM and 7AM your time. I'm usually on in the wee hours of the morning your time.

this machine does not have the micorsoft windos recovery console installed. alternately an existing installation of the recovery concole may be present but requires updating - without it combofix shall not attept fixing of some serious infections - click yes to have combo fix download /install it

Yes, you will want to allow ComboFix to install the Windows Recovery Console.

once that is done shold i let combo fix try to finish or just restart the process?

You will want to allow ComboFix to finish running it's scan after installing the Windows Recovery Console.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 pooka's dad

pooka's dad
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 07 January 2012 - 05:02 AM

At
Working from iPhone here
Combofix said needed to reboot
Spent 11 minutes logging off
Got to blue screen and made the logging off sound for windows
Have now been on that blank blue screen for over 30 minutes
Can I just hold power buttton and shut it down or should I continue to wait
Thanks

#14 pooka's dad

pooka's dad
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 07 January 2012 - 05:32 AM

Sorry
Was starting to fall asleep so figured better get process moving
Did manual shut down
Combifix running fine
Has just "completed stage 3".
Will post log when done
Thanks

#15 pooka's dad

pooka's dad
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 07 January 2012 - 06:24 AM

Got following message
Error saving file
C:\combofix\HIV\software
Continue with next file
Regsavekeyex: 1016 -an I/O operation initiated by the registry failed unrecoverable, the registry could not read in or write out or flush one of the files that contain the system's image of the registry
Told it to continue with next file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users