Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ping.exe and IE8 & Firefox redirects


  • This topic is locked This topic is locked
51 replies to this topic

#1 krazykat

krazykat

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 08 January 2012 - 04:12 AM

Problems: ping.exe is using 70-90% of CPU time. I can stop process, but comes back. IE8 and Firefox pages get redirected to unwanted advertising pages

Thanks, in advance, for your help. Here is my DDS log, I have attached the "attach.txt" and "arc.txt" file



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Run by Sherman at 0:24:13 on 2012-01-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2023.817 [GMT -8:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
FW: ZoneAlarm Pro Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Webroot\WRSA.exe
D:\UTILITES\USB Safely Remove\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\UTILITES\Seagate External 1 TB drive\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
D:\UTILITES\DiskDefrag Programs\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
D:\UTILITES\Alcohol120_Dec_15_2004\LifetimeDownload(071809)\Alcohol120_1.9.8.7612(071809)\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\hkcmd.exe
E:\Paper Port 11 (090908)\pptd40nt.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\UTILITES\Seagate External 1 TB drive\FreeAgent Status\StxMenuMgr.exe
D:\UTILITES\AA Dealfinder(051110)\American Airlines DealFinder\American_Airlines_DealFinder.exe
E:\PDF Create 5\pdfcreate5hook.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
D:\UTILITES\USB Safely Remove\USB Safely Remove\USBSafelyRemove.exe
F:\Ashampoo_2002_2003\UIWatcher.exe
D:\UTILITES\ArtPlus\Wallpaper 5_0(090108)\Lite Version 5_0\Wallpaper5\wallpaper.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\UTILITES\Start up Cop Pro 5\Start up Cop Pro 5 Program (010610)\Startup Cop Pro\StartupCopPro.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe
D:\UTILITES\Daemon Tools\DAEMON Tools Pro\DTAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\NikonPictureProject175\NkbMonitor.exe
D:\UTILITES\WIN_ZIP\WZQKPICK.EXE
F:\ExplorerPlus_6_2_0(090107)\Nxdlghlp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
D:\UTILITES\Xplorer2\xplorer2_UC.exe
D:\UTILITES\Daemon Tools\DAEMON Tools Pro\DTShellHlp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
D:\SEA_MO~4\SEAMON~2.EXE
C:\WINDOWS\System32\ping.exe
C:\Program Files\Common Files\Corel\Standby\Standby.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.com/
uInternet Settings,ProxyServer = proxy:8080
uInternet Settings,ProxyOverride = <local>;*.local
mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - e:\pdf create 5\bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: ReGet Bar: {17939a30-18e2-471e-9d3a-56dd725f1215} - d:\utilites\regetdx\ver 5_2 program folder\reget deluxe\IEBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - e:\pdf create 5\bin\ZeonIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
uRun: [UIWatcher] "f:\ashampoo_2002_2003\UIWatcher.exe"
uRun: [SeaMonkey Quick Launch] "d:\sea_monkey_1_1_2(070407)\SeaMonkey.exe" -turbo
uRun: [Art Plus Wallpaper Calendar] "d:\utilites\artplus\wallpaper 5_0(090108)\lite version 5_0\wallpaper5\wallpaper.exe" /a
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AlcoholAutomount] "d:\utilites\alcohol120_dec_15_2004\lifetimedownload(071809)\alcohol120_1.9.8.7612(071809)\alcohol 120\axcmd.exe" /automount
uRun: [Startup Cop Pro Startup Launcher] "d:\utilites\start up cop pro 5\start up cop pro 5 program (010610)\startup cop pro\StartupCopPro.exe" /startup /Embedding
uRun: [ISUSPM] "c:\documents and settings\all users.windows\application data\flexnet\connect\11\ISUSPM.exe" -scheduler
uRun: [OpAgent] "OpAgent.exe" /agent
uRun: [DAEMON Tools Pro Agent] "d:\utilites\daemon tools\daemon tools pro\DTAgent.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
uRun: [ANT Agent] c:\program files\garmin\ant agent\ANT Agent.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [NeroFilterCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [JMB36X IDE Setup] "c:\windows\jm\JMInsIDE.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [36X Raid Configurer] "c:\windows\system32\JMRaidSetup.exe" boot
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [PaperPort PTD] "e:\paper port 11 (090908)\pptd40nt.exe"
mRun: [IndexSearch] "e:\paper port 11 (090908)\IndexSearch.exe"
mRun: [PPort11reminder] "e:\paper port 11 (090908)\ereg\ereg.exe" -r "c:\documents and settings\all users.windows\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [CitiVAN] "c:\program files\citi virtual account numbers\CitiVAN.exe" /dontopenmycards
mRun: [Adobe Acrobat Speed Launcher] "d:\adobe acrobat 9 pro(022609)\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "d:\adobe acrobat 9 pro(022609)\acrobat\Acrotray.exe"
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\utilites\malwarebytes(112809)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ZoneAlarm Client] "d:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [MaxMenuMgr] "d:\utilites\seagate external 1 tb drive\freeagent status\StxMenuMgr.exe"
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [American Airlines DealFinder] "d:\utilites\aa dealfinder(051110)\american airlines dealfinder\American_Airlines_DealFinder.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [Prelaunch OmniPage] "e:\omni page 17 (070910)\OmniPage17.exe" /preload
mRun: [PDF5ShutDown4Upgrade] "g:\pdfcreate5\system32\pdfcreate\Setup.exe" /l1033 /v"AFTERREBOOT=1"
mRun: [Nuance OmniPage 17-reminder] "e:\omni page 17 (070910)\ereg\ereg.exe" -r "c:\documents and settings\all users.windows\application data\scansoft\omnipage 17\ereg\Ereg.ini"
mRun: [PDFHook] "e:\pdf create 5\pdfcreate5hook.exe"
mRun: [PDF5 Registry Controller] "e:\pdf create 5\RegistryController.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SoundMax] "c:\program files\analog devices\soundmax\SMax4.exe" /tray
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users.windows\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [USB Safely Remove] d:\utilites\usb safely remove\usb safely remove\USBSafelyRemove.exe /startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\sherma~1.she\startm~1\programs\startup\autoba~1.lnk - c:\program files\memeo\autobackup\MemeoLauncher.exe
StartupFolder: c:\docume~1\sherma~1.she\startm~1\programs\startup\dialog~1.lnk - f:\explorerplus_6_2_0(090107)\Nxdlghlp.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\nkbmon~1.lnk - e:\nikonpictureproject175\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\winzip~1.lnk - d:\utilites\win_zip\WZQKPICK.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - e:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - e:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Append to existing PDF file - e:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - e:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - e:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - e:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Do&wnload by ReGet Deluxe - c:\program files\common files\reget shared\CC_Link.htm
IE: Download A&ll by ReGet Deluxe - c:\program files\common files\reget shared\CC_All.htm
IE: {4C730913-3961-439b-83D5-F4E445520422} - c:\program files\citi virtual account numbers\CitiVAN.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\visiop~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275811083140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://sonicwall.webex.com/client/T25L10NSP41EP2-INTERCALL/support/ieatgpc.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.2.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{170C80BA-FD99-4A73-BEB3-8D4BBF74B611} : DhcpNameServer = 68.87.76.178 68.87.78.130
TCP: Interfaces\{C72D3214-1DC1-4B51-AF5E-89F3BA0FABBB} : DhcpNameServer = 75.75.75.75 75.75.76.76
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sherman.sherman-rs0n029\application data\mozilla\firefox\profiles\yhsjy4yg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - component: c:\documents and settings\sherman.sherman-rs0n029\application data\mozilla\firefox\profiles\yhsjy4yg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\sherman.sherman-rs0n029\application data\mozilla\firefox\profiles\yhsjy4yg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\utilites\divx 7 player mar 8 2009\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\utilites\divx 7 player mar 8 2009\divx\divx web player\npdivx32.dll
FF - plugin: d:\utilites\i tunes ver 8 (020909)\mozilla plugins\npitunes.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users.windows\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2011-12-30 77696]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-8 64512]
R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [2007-11-13 71720]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2011-12-30 126144]
R0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\drivers\vsflt61.sys [2011-12-30 84544]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2011-12-28 107336]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-30 36000]
R1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2006-10-11 76416]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-7-26 486280]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-12-30 3450832]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-30 86224]
R2 FreeAgentGoNext Service;Seagate Service;d:\utilites\seagate external 1 tb drive\sync\FreeAgentService.exe [2009-9-25 189736]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [2007-8-1 203843]
R2 StarWindServiceAE;StarWind AE Service;d:\utilites\alcohol120_dec_15_2004\lifetimedownload(071809)\alcohol120_1.9.8.7612(071809)\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files\common files\acronis\syncagent\syncagentsrv.exe [2011-12-16 5881952]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;d:\utilites\usb safely remove\usb safely remove\USBSRService.exe [2011-2-23 257880]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2009-12-22 40112]
R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2011-12-28 637208]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-12-30 234752]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2008-11-2 20504]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [2007-8-1 25240]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [2007-8-1 76440]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2009-7-7 28160]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-31 40776]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [2007-8-1 20632]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [2007-8-1 21656]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\common files\surething shared\stllssvr.exe [2009-9-7 74392]
S4 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-30 110032]
.
=============== Created Last 30 ================
.
2012-01-07 20:08:45 56200 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\windows defender\definition updates\{7cd020a3-17a9-4548-bfc6-f7bda1185489}\offreg.dll
2012-01-07 19:57:52 6823496 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\windows defender\definition updates\{7cd020a3-17a9-4548-bfc6-f7bda1185489}\mpengine.dll
2011-12-31 20:09:24 107336 ----a-w- c:\windows\system32\drivers\AGyehUqd.sys
2011-12-31 10:42:25 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-31 10:42:08 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-31 09:05:51 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2011-12-31 09:05:50 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2011-12-31 09:05:47 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-12-31 09:02:22 -------- d-----w- c:\documents and settings\sherman.sherman-rs0n029\local settings\application data\adaware
2011-12-31 09:02:01 -------- d-----w- c:\documents and settings\all users.windows\application data\Ad-Aware Browsing Protection
2011-12-31 09:01:47 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-31 09:01:32 -------- d-----w- c:\documents and settings\sherman.sherman-rs0n029\application data\adawaretb
2011-12-31 09:01:31 -------- d-----w- c:\program files\adawaretb
2011-12-31 08:46:34 -------- d-sh--w- c:\documents and settings\sherman.sherman-rs0n029\IETldCache
2011-12-31 08:39:12 -------- d-----w- c:\windows\ie8updates
2011-12-31 08:35:52 -------- dc-h--w- c:\windows\ie8
2011-12-31 08:28:50 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-12-31 08:28:46 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-12-31 08:28:45 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-12-31 08:28:45 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-12-31 06:00:32 234752 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-12-31 05:59:47 126144 ----a-w- c:\windows\system32\drivers\vididr.sys
2011-12-31 05:59:42 84544 ----a-w- c:\windows\system32\drivers\vsflt61.sys
2011-12-31 05:59:30 77696 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2011-12-31 04:53:11 -------- d-----w- c:\documents and settings\sherman.sherman-rs0n029\application data\Avira
2011-12-31 04:47:35 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-31 04:47:30 -------- d-----w- c:\program files\Avira
2011-12-31 04:47:30 -------- d-----w- c:\documents and settings\all users.windows\application data\Avira
2011-12-31 04:14:43 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-12-31 04:14:42 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-12-31 04:12:26 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-12-29 06:07:56 -------- d-----w- c:\documents and settings\all users.windows\application data\Garmin
2011-12-29 05:53:23 -------- d-----w- c:\documents and settings\all users.windows\application data\Webroot
2011-12-29 05:51:48 141272 ----a-w- c:\windows\system32\WRusr.dll
2011-12-29 05:51:45 107336 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2011-12-29 05:51:39 -------- d-----w- c:\program files\Webroot
2011-12-29 05:37:33 -------- d-----w- c:\documents and settings\all users.windows\application data\WRData
2011-12-29 05:02:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-12-31 10:16:20 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-31 06:00:21 766496 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2011-12-31 06:00:18 609760 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-12-31 05:59:35 170752 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-15 23:00:35 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 22:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 20:06:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-28 04:31:18 222560 ----a-w- c:\windows\system32\snapapi.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST31000340AS rev.AD14 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-12
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe fltsrv.sys hal.dll tdrpman.sys CLASSPNP.SYS disk.sys vsflt61.sys ACPI.sys >>UNKNOWN [0x8A8C94D0]<<
c:\windows\system32\drivers\fltsrv.sys Acronis Acronis Storage Filter Management
c:\windows\system32\drivers\tdrpman.sys Acronis Acronis Try&Decide
c:\windows\system32\drivers\vsflt61.sys Acronis Acronis Virtual Disk
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a8cf7d0]; MOV EAX, [0x8a8cf84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A92F4C0]
3 CLASSPNP[0xBA128FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A8B6C60]
5 vsflt61[0xB9E4FF9B] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007d[0x8A9DD768]
7 ACPI[0xB9E6E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A93FD98]
\Driver\atapi[0x8A8F4D88] -> IRP_MJ_CREATE -> 0x8A8C94D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A8C931B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 0:27:48.75 ===============

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:17 AM

Posted 09 January 2012 - 10:40 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Edited by SweetTech, 09 January 2012 - 10:40 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 krazykat

krazykat
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 10 January 2012 - 01:04 AM

Hello SweetTech, thanks for a quick reply. You asked how my system was running. Ping.exe is still chewing up a lot of CPU time. I stop the process, it starts, we go through that cycle 10 or so times and then it seems to start less often. But a reboot restarts the cycle. I have purposely not opened IE8 or FF because I do not know what the next re direction will be. Other than that no really strange occurrences. Here are the 3 logs/reports:

THANKS again for your time. Will standby for instructions

TDSSKiller:

21:22:04.0515 4732 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:22:05.0250 4732 ============================================================
21:22:05.0250 4732 Current date / time: 2012/01/09 21:22:05.0250
21:22:05.0250 4732 SystemInfo:
21:22:05.0250 4732
21:22:05.0250 4732 OS Version: 5.1.2600 ServicePack: 3.0
21:22:05.0250 4732 Product type: Workstation
21:22:05.0250 4732 ComputerName: SHERMAN-RS0N029
21:22:05.0250 4732 UserName: Sherman
21:22:05.0250 4732 Windows directory: C:\WINDOWS
21:22:05.0250 4732 System windows directory: C:\WINDOWS
21:22:05.0250 4732 Processor architecture: Intel x86
21:22:05.0250 4732 Number of processors: 2
21:22:05.0250 4732 Page size: 0x1000
21:22:05.0250 4732 Boot type: Normal boot
21:22:05.0250 4732 ============================================================
21:22:07.0281 4732 Initialize success
21:23:35.0562 3060 ============================================================
21:23:35.0562 3060 Scan started
21:23:35.0562 3060 Mode: Manual; SigCheck; TDLFS;
21:23:35.0562 3060 ============================================================
21:23:40.0734 3060 Abiosdsk - ok
21:23:40.0765 3060 abp480n5 - ok
21:23:40.0828 3060 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:23:41.0156 3060 ACPI - ok
21:23:41.0187 3060 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:23:41.0296 3060 ACPIEC - ok
21:23:41.0359 3060 ADIHdAudAddService (ce03d313a12cbc886c3beba3b4967a8a) C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:23:41.0390 3060 ADIHdAudAddService - ok
21:23:41.0468 3060 adpu160m - ok
21:23:41.0546 3060 AEAudio (058cdc314672a28a90566a787d9876e7) C:\WINDOWS\system32\drivers\AEAudio.sys
21:23:41.0609 3060 AEAudio - ok
21:23:41.0640 3060 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:23:41.0750 3060 aec - ok
21:23:41.0781 3060 aep3vxtc - ok
21:23:41.0828 3060 afcdp (158ed54ce49cf828c1e46a811fff8804) C:\WINDOWS\system32\DRIVERS\afcdp.sys
21:23:42.0390 3060 afcdp - ok
21:23:42.0437 3060 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:23:42.0515 3060 AFD - ok
21:23:42.0531 3060 Aha154x - ok
21:23:42.0546 3060 aic78u2 - ok
21:23:42.0578 3060 aic78xx - ok
21:23:42.0593 3060 AliIde - ok
21:23:42.0625 3060 amsint - ok
21:23:42.0640 3060 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
21:23:42.0765 3060 AN983 - ok
21:23:42.0843 3060 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:23:42.0968 3060 Arp1394 - ok
21:23:43.0015 3060 asc - ok
21:23:43.0046 3060 asc3350p - ok
21:23:43.0078 3060 asc3550 - ok
21:23:43.0140 3060 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:23:43.0281 3060 AsyncMac - ok
21:23:43.0312 3060 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:23:43.0453 3060 atapi - ok
21:23:43.0484 3060 Atdisk - ok
21:23:43.0500 3060 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:23:43.0625 3060 Atmarpc - ok
21:23:43.0656 3060 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:23:43.0781 3060 audstub - ok
21:23:43.0812 3060 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:23:43.0828 3060 avipbb - ok
21:23:43.0875 3060 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
21:23:43.0890 3060 avkmgr - ok
21:23:43.0937 3060 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:23:44.0046 3060 Beep - ok
21:23:44.0125 3060 catchme - ok
21:23:44.0171 3060 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:23:44.0281 3060 cbidf2k - ok
21:23:44.0312 3060 cd20xrnt - ok
21:23:44.0328 3060 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:23:44.0453 3060 Cdaudio - ok
21:23:44.0500 3060 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:23:44.0609 3060 Cdfs - ok
21:23:44.0640 3060 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:23:44.0781 3060 Cdrom - ok
21:23:45.0062 3060 CDRPDACC (30b37c18e1725eb9f25039e9a1fb9b7e) D:\UTILITES\CD ROM Diagnostics\Infinadyne cd_dvd Diag\Shared\CDRPDACC.sys
21:23:45.0234 3060 CDRPDACC ( UnsignedFile.Multi.Generic ) - warning
21:23:45.0234 3060 CDRPDACC - detected UnsignedFile.Multi.Generic (1)
21:23:45.0546 3060 Changer - ok
21:23:45.0640 3060 CmdIde - ok
21:23:45.0671 3060 Cpqarray - ok
21:23:45.0718 3060 dac2w2k - ok
21:23:45.0734 3060 dac960nt - ok
21:23:45.0781 3060 DefragFS (4bb22f61e7257ed353a39130b3ed2461) C:\WINDOWS\system32\drivers\DefragFS.sys
21:23:45.0828 3060 DefragFS - ok
21:23:45.0906 3060 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:23:46.0093 3060 Disk - ok
21:23:46.0125 3060 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:23:46.0343 3060 dmboot - ok
21:23:46.0375 3060 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
21:23:46.0484 3060 dmio - ok
21:23:46.0531 3060 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:23:46.0640 3060 dmload - ok
21:23:46.0671 3060 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:23:46.0796 3060 DMusic - ok
21:23:46.0843 3060 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
21:23:46.0937 3060 dot4 - ok
21:23:46.0968 3060 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
21:23:47.0203 3060 Dot4Print - ok
21:23:47.0218 3060 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
21:23:47.0328 3060 dot4usb - ok
21:23:47.0359 3060 dpti2o - ok
21:23:47.0375 3060 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:23:47.0515 3060 drmkaud - ok
21:23:47.0546 3060 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:23:47.0687 3060 Fastfat - ok
21:23:47.0703 3060 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:23:47.0812 3060 Fdc - ok
21:23:47.0843 3060 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:23:47.0953 3060 Fips - ok
21:23:48.0031 3060 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:23:48.0156 3060 Flpydisk - ok
21:23:48.0203 3060 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:23:48.0343 3060 FltMgr - ok
21:23:48.0375 3060 fltsrv (d85453baf5de7e55cb13441452a4e2d3) C:\WINDOWS\system32\DRIVERS\fltsrv.sys
21:23:48.0390 3060 fltsrv - ok
21:23:48.0437 3060 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:23:48.0562 3060 Fs_Rec - ok
21:23:48.0625 3060 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:23:48.0750 3060 Ftdisk - ok
21:23:48.0781 3060 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:23:48.0796 3060 GEARAspiWDM - ok
21:23:48.0828 3060 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:23:48.0921 3060 Gpc - ok
21:23:49.0125 3060 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:23:49.0296 3060 HDAudBus - ok
21:23:49.0328 3060 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:23:49.0453 3060 HidUsb - ok
21:23:49.0500 3060 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\WINDOWS\system32\drivers\hpfxbulk.sys
21:23:49.0500 3060 HPFXBULK - ok
21:23:49.0531 3060 HPFXFAX (f728db73a87231e27b6ba34d71ce2edb) C:\WINDOWS\system32\drivers\hpfxfax.sys
21:23:49.0531 3060 HPFXFAX - ok
21:23:49.0562 3060 hpn - ok
21:23:49.0609 3060 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:23:49.0656 3060 HTTP - ok
21:23:49.0671 3060 i2omgmt - ok
21:23:49.0703 3060 i2omp - ok
21:23:49.0734 3060 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:23:49.0843 3060 i8042prt - ok
21:23:49.0984 3060 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:23:50.0046 3060 ialm ( UnsignedFile.Multi.Generic ) - warning
21:23:50.0046 3060 ialm - detected UnsignedFile.Multi.Generic (1)
21:23:50.0093 3060 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:23:50.0234 3060 Imapi - ok
21:23:50.0265 3060 ini910u - ok
21:23:50.0281 3060 IntelIde - ok
21:23:50.0312 3060 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:23:50.0421 3060 intelppm - ok
21:23:50.0437 3060 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:23:50.0625 3060 ip6fw - ok
21:23:50.0656 3060 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:23:50.0796 3060 IpFilterDriver - ok
21:23:50.0843 3060 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:23:50.0953 3060 IpInIp - ok
21:23:51.0046 3060 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:23:51.0171 3060 IpNat - ok
21:23:51.0250 3060 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:23:51.0406 3060 IPSec - ok
21:23:51.0437 3060 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:23:51.0703 3060 IRENUM - ok
21:23:51.0750 3060 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:23:51.0984 3060 isapnp - ok
21:23:52.0125 3060 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
21:23:52.0203 3060 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
21:23:52.0203 3060 Iviaspi - detected UnsignedFile.Multi.Generic (1)
21:23:52.0375 3060 iviVD (50fd7bbd9ef1d1ebfa0ab37eb0b5ede5) C:\WINDOWS\system32\DRIVERS\iviVD.sys
21:23:52.0437 3060 iviVD - ok
21:23:52.0468 3060 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
21:23:52.0500 3060 JGOGO ( UnsignedFile.Multi.Generic ) - warning
21:23:52.0500 3060 JGOGO - detected UnsignedFile.Multi.Generic (1)
21:23:52.0531 3060 JRAID (c341318beae24fa4042c5f8c64cb38b6) C:\WINDOWS\system32\DRIVERS\jraid.sys
21:23:52.0546 3060 JRAID ( UnsignedFile.Multi.Generic ) - warning
21:23:52.0546 3060 JRAID - detected UnsignedFile.Multi.Generic (1)
21:23:52.0578 3060 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:23:52.0734 3060 Kbdclass - ok
21:23:52.0750 3060 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:23:52.0875 3060 kmixer - ok
21:23:53.0046 3060 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:23:53.0125 3060 KSecDD - ok
21:23:53.0250 3060 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
21:23:53.0265 3060 Lavasoft Kernexplorer - ok
21:23:53.0343 3060 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
21:23:53.0359 3060 Lbd - ok
21:23:53.0390 3060 lbrtfdc - ok
21:23:53.0437 3060 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) C:\WINDOWS\system32\DRIVERS\libusb0.sys
21:23:53.0468 3060 libusb0 - ok
21:23:53.0531 3060 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
21:23:53.0593 3060 MBAMSwissArmy - ok
21:23:53.0609 3060 MCSTRM - ok
21:23:53.0656 3060 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
21:23:53.0796 3060 mf - ok
21:23:53.0812 3060 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:23:53.0937 3060 mnmdd - ok
21:23:54.0140 3060 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:23:54.0250 3060 Modem - ok
21:23:54.0296 3060 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:23:54.0406 3060 Mouclass - ok
21:23:54.0453 3060 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:23:54.0578 3060 mouhid - ok
21:23:54.0640 3060 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:23:54.0765 3060 MountMgr - ok
21:23:54.0781 3060 mraid35x - ok
21:23:54.0812 3060 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:23:54.0953 3060 MRxDAV - ok
21:23:54.0984 3060 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:23:55.0062 3060 MRxSmb - ok
21:23:55.0093 3060 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:23:55.0203 3060 Msfs - ok
21:23:55.0234 3060 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:23:55.0343 3060 MSKSSRV - ok
21:23:55.0375 3060 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:23:55.0484 3060 MSPCLOCK - ok
21:23:55.0515 3060 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:23:55.0625 3060 MSPQM - ok
21:23:55.0640 3060 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:23:55.0765 3060 mssmbios - ok
21:23:55.0796 3060 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:23:55.0796 3060 MTsensor ( UnsignedFile.Multi.Generic ) - warning
21:23:55.0796 3060 MTsensor - detected UnsignedFile.Multi.Generic (1)
21:23:55.0828 3060 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:23:55.0859 3060 Mup - ok
21:23:55.0906 3060 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:23:56.0015 3060 NDIS - ok
21:23:56.0046 3060 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:23:56.0093 3060 NdisTapi - ok
21:23:56.0125 3060 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:23:56.0234 3060 Ndisuio - ok
21:23:56.0265 3060 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:23:56.0375 3060 NdisWan - ok
21:23:56.0390 3060 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:23:56.0437 3060 NDProxy - ok
21:23:56.0468 3060 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:23:56.0593 3060 NetBIOS - ok
21:23:56.0625 3060 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:23:56.0750 3060 NetBT - ok
21:23:56.0796 3060 NgFilter (e33e8d32b50da742187fbfc620217a31) C:\WINDOWS\system32\DRIVERS\ngfilter.sys
21:23:56.0796 3060 NgFilter - ok
21:23:56.0828 3060 NgLog (83d726fa030ab7b9da4cc9a585f57fc2) C:\WINDOWS\system32\DRIVERS\nglog.sys
21:23:56.0843 3060 NgLog - ok
21:23:56.0875 3060 NgVpn (957d39ef9c2df32ace05d47ce17a23c5) C:\WINDOWS\system32\DRIVERS\ngvpn.sys
21:23:56.0890 3060 NgVpn - ok
21:23:56.0921 3060 NgWfp (4cec8c2c9fe2e697f79e798d0e969130) C:\WINDOWS\system32\DRIVERS\ngwfp.sys
21:23:56.0937 3060 NgWfp - ok
21:23:56.0968 3060 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:23:57.0062 3060 NIC1394 - ok
21:23:57.0109 3060 NmPar (79ea5a1b343db2f5187758e00195d9bd) C:\WINDOWS\system32\DRIVERS\NmPar.sys
21:23:57.0125 3060 NmPar ( UnsignedFile.Multi.Generic ) - warning
21:23:57.0125 3060 NmPar - detected UnsignedFile.Multi.Generic (1)
21:23:57.0156 3060 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:23:57.0281 3060 Npfs - ok
21:23:57.0328 3060 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:23:57.0515 3060 Ntfs - ok
21:23:57.0531 3060 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
21:23:57.0562 3060 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
21:23:57.0562 3060 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
21:23:57.0609 3060 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:23:57.0812 3060 Null - ok
21:23:57.0890 3060 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:23:58.0078 3060 NwlnkFlt - ok
21:23:58.0109 3060 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:23:58.0218 3060 NwlnkFwd - ok
21:23:58.0234 3060 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:23:58.0359 3060 ohci1394 - ok
21:23:58.0390 3060 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:23:58.0500 3060 Parport - ok
21:23:58.0531 3060 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:23:58.0640 3060 PartMgr - ok
21:23:58.0656 3060 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:23:58.0765 3060 ParVdm - ok
21:23:58.0796 3060 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:23:58.0906 3060 PCI - ok
21:23:59.0015 3060 PCIDump - ok
21:23:59.0062 3060 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:23:59.0171 3060 PCIIde - ok
21:23:59.0203 3060 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:23:59.0296 3060 Pcmcia - ok
21:23:59.0328 3060 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
21:23:59.0343 3060 pcouffin ( UnsignedFile.Multi.Generic ) - warning
21:23:59.0343 3060 pcouffin - detected UnsignedFile.Multi.Generic (1)
21:23:59.0375 3060 PDCOMP - ok
21:23:59.0406 3060 PDFRAME - ok
21:23:59.0421 3060 PDRELI - ok
21:23:59.0453 3060 PDRFRAME - ok
21:23:59.0468 3060 perc2 - ok
21:23:59.0484 3060 perc2hib - ok
21:23:59.0546 3060 Pnp680 (8c74c611adaf9da2a918b8e82e14766b) C:\WINDOWS\system32\DRIVERS\pnp680.sys
21:23:59.0546 3060 Pnp680 - ok
21:23:59.0593 3060 PolarUSB (3f1110901da07cc428710460276e28a0) C:\WINDOWS\system32\DRIVERS\PolarUSB.sys
21:23:59.0609 3060 PolarUSB ( UnsignedFile.Multi.Generic ) - warning
21:23:59.0609 3060 PolarUSB - detected UnsignedFile.Multi.Generic (1)
21:23:59.0625 3060 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:23:59.0734 3060 PptpMiniport - ok
21:23:59.0765 3060 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:23:59.0875 3060 Processor - ok
21:24:00.0031 3060 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:24:00.0156 3060 PSched - ok
21:24:00.0234 3060 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:24:00.0343 3060 Ptilink - ok
21:24:00.0375 3060 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:24:00.0406 3060 PxHelp20 - ok
21:24:00.0437 3060 ql1080 - ok
21:24:00.0468 3060 Ql10wnt - ok
21:24:00.0500 3060 ql12160 - ok
21:24:00.0531 3060 ql1240 - ok
21:24:00.0546 3060 ql1280 - ok
21:24:00.0578 3060 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:24:00.0687 3060 RasAcd - ok
21:24:00.0734 3060 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:24:00.0828 3060 Rasl2tp - ok
21:24:00.0875 3060 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:24:01.0062 3060 RasPppoe - ok
21:24:01.0187 3060 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:24:01.0312 3060 Raspti - ok
21:24:01.0375 3060 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:24:01.0515 3060 Rdbss - ok
21:24:01.0562 3060 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:24:01.0671 3060 RDPCDD - ok
21:24:01.0718 3060 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:24:01.0828 3060 rdpdr - ok
21:24:01.0875 3060 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:24:01.0921 3060 RDPWD - ok
21:24:02.0031 3060 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:24:02.0140 3060 redbook - ok
21:24:02.0187 3060 RTLE8023xp (25be98c05808c57e4d8d26477dc12d39) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:24:02.0203 3060 RTLE8023xp ( UnsignedFile.Multi.Generic ) - warning
21:24:02.0203 3060 RTLE8023xp - detected UnsignedFile.Multi.Generic (1)
21:24:02.0250 3060 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:24:02.0359 3060 Secdrv - ok
21:24:02.0390 3060 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
21:24:02.0453 3060 SenFiltService - ok
21:24:02.0500 3060 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:24:02.0609 3060 serenum - ok
21:24:02.0640 3060 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:24:02.0750 3060 Serial - ok
21:24:02.0781 3060 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
21:24:02.0890 3060 Sfloppy - ok
21:24:03.0000 3060 Simbad - ok
21:24:03.0078 3060 snapman (5583054ef09d13ca953da1fae287d80d) C:\WINDOWS\system32\DRIVERS\snapman.sys
21:24:03.0093 3060 snapman - ok
21:24:03.0125 3060 Sparrow - ok
21:24:03.0156 3060 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:24:03.0265 3060 splitter - ok
21:24:03.0312 3060 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys
21:24:03.0375 3060 sptd - ok
21:24:03.0421 3060 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:24:03.0625 3060 sr - ok
21:24:03.0703 3060 srescan - ok
21:24:03.0765 3060 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:24:03.0828 3060 Srv - ok
21:24:03.0968 3060 SSKBFD (a2be8fbfa987e95d70cfed0e2dacda6d) C:\WINDOWS\system32\Drivers\sskbfd.sys
21:24:04.0015 3060 SSKBFD - ok
21:24:04.0078 3060 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:24:04.0093 3060 ssmdrv - ok
21:24:04.0125 3060 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:24:04.0234 3060 swenum - ok
21:24:04.0250 3060 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:24:04.0359 3060 swmidi - ok
21:24:04.0375 3060 symc810 - ok
21:24:04.0406 3060 symc8xx - ok
21:24:04.0421 3060 sym_hi - ok
21:24:04.0453 3060 sym_u3 - ok
21:24:04.0484 3060 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:24:04.0593 3060 sysaudio - ok
21:24:04.0625 3060 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:24:04.0734 3060 Tcpip - ok
21:24:04.0750 3060 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:24:04.0875 3060 TDPIPE - ok
21:24:05.0078 3060 tdrpman (9a33210297ca7019a3c148421940ab98) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
21:24:05.0218 3060 tdrpman - ok
21:24:05.0265 3060 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:24:05.0375 3060 TDTCP - ok
21:24:05.0421 3060 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:24:05.0515 3060 TermDD - ok
21:24:05.0562 3060 tifsfilter (28a10d4fb37b3e591984b56367ff0ff6) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
21:24:05.0578 3060 tifsfilter - ok
21:24:05.0625 3060 timounter (9853eff7fb1af233e05d2bc813fcee8e) C:\WINDOWS\system32\DRIVERS\timntr.sys
21:24:05.0671 3060 timounter - ok
21:24:05.0703 3060 TosIde - ok
21:24:05.0750 3060 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:24:05.0843 3060 Udfs - ok
21:24:05.0859 3060 ultra - ok
21:24:06.0015 3060 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:24:06.0203 3060 Update - ok
21:24:06.0265 3060 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:24:06.0375 3060 usbccgp - ok
21:24:06.0390 3060 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:24:06.0500 3060 usbehci - ok
21:24:06.0578 3060 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:24:06.0687 3060 usbhub - ok
21:24:06.0703 3060 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:24:06.0812 3060 usbprint - ok
21:24:06.0828 3060 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:24:06.0937 3060 usbscan - ok
21:24:06.0984 3060 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:24:07.0093 3060 USBSTOR - ok
21:24:07.0109 3060 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:24:07.0203 3060 usbuhci - ok
21:24:07.0234 3060 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:24:07.0328 3060 VgaSave - ok
21:24:07.0343 3060 ViaIde - ok
21:24:07.0390 3060 vididr (3b264e62e5e7d4389db72a9dc29ccd07) C:\WINDOWS\system32\DRIVERS\vididr.sys
21:24:07.0421 3060 vididr - ok
21:24:07.0484 3060 vidsflt61 (7140e9ea599c2e5ffca0e783af9ede2e) C:\WINDOWS\system32\DRIVERS\vsflt61.sys
21:24:07.0500 3060 vidsflt61 - ok
21:24:07.0515 3060 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:24:07.0625 3060 VolSnap - ok
21:24:07.0656 3060 vsdatant (1045d05bbd5170565927d7653346c961) C:\WINDOWS\system32\vsdatant.sys
21:24:07.0750 3060 vsdatant - ok
21:24:07.0843 3060 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:24:07.0953 3060 Wanarp - ok
21:24:08.0031 3060 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:24:08.0125 3060 WDC_SAM - ok
21:24:08.0156 3060 WDICA - ok
21:24:08.0203 3060 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:24:08.0328 3060 wdmaud - ok
21:24:08.0406 3060 WMDrive (662db6fd3b88f737c8a125d303183048) C:\WINDOWS\system32\drivers\WMDrive.sys
21:24:08.0421 3060 WMDrive ( UnsignedFile.Multi.Generic ) - warning
21:24:08.0421 3060 WMDrive - detected UnsignedFile.Multi.Generic (1)
21:24:08.0468 3060 WRkrn (20fe8507d2c728191f1e02b590a590bf) C:\WINDOWS\system32\drivers\WRkrn.sys
21:24:08.0484 3060 WRkrn - ok
21:24:08.0515 3060 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:24:08.0562 3060 WudfPf - ok
21:24:08.0609 3060 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:24:08.0625 3060 WudfRd - ok
21:24:08.0640 3060 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
21:24:08.0671 3060 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
21:24:08.0671 3060 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
21:24:08.0703 3060 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:24:08.0703 3060 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:24:08.0703 3060 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR7
21:24:08.0859 3060 \Device\Harddisk2\DR7 - ok
21:24:08.0875 3060 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR8
21:24:09.0406 3060 \Device\Harddisk3\DR8 - ok
21:24:09.0406 3060 Boot (0x1200) (5c635c257a5881a20bce446758bdb140) \Device\Harddisk0\DR0\Partition0
21:24:09.0406 3060 \Device\Harddisk0\DR0\Partition0 - ok
21:24:09.0421 3060 Boot (0x1200) (e1884480c1613e80fe35f5b6eecbf579) \Device\Harddisk0\DR0\Partition1
21:24:09.0421 3060 \Device\Harddisk0\DR0\Partition1 - ok
21:24:09.0437 3060 Boot (0x1200) (30d4e9f2f7bc914b64c678af3eedd484) \Device\Harddisk0\DR0\Partition2
21:24:09.0437 3060 \Device\Harddisk0\DR0\Partition2 - ok
21:24:09.0453 3060 Boot (0x1200) (28eb3109c3025e08f5d69ab67fdfea1a) \Device\Harddisk0\DR0\Partition3
21:24:09.0453 3060 \Device\Harddisk0\DR0\Partition3 - ok
21:24:09.0468 3060 Boot (0x1200) (ee9875b77d86a26d10b76f29c39349a8) \Device\Harddisk2\DR7\Partition0
21:24:09.0468 3060 \Device\Harddisk2\DR7\Partition0 - ok
21:24:09.0468 3060 ============================================================
21:24:09.0468 3060 Scan finished
21:24:09.0468 3060 ============================================================
21:24:09.0578 5500 Detected object count: 14
21:24:09.0578 5500 Actual detected object count: 14
21:29:41.0328 5500 CDRPDACC ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:41.0328 5500 CDRPDACC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:41.0328 5500 ialm ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:41.0328 5500 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:41.0328 5500 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:41.0328 5500 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:41.0328 5500 JGOGO ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:41.0328 5500 JGOGO ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:41.0328 5500 JRAID ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:41.0328 5500 JRAID ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:41.0328 5500 MTsensor ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:41.0328 5500 MTsensor ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:41.0328 5500 NmPar ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:41.0328 5500 NmPar ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:41.0328 5500 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:41.0328 5500 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:41.0328 5500 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:41.0328 5500 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:41.0343 5500 PolarUSB ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:41.0343 5500 PolarUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:41.0343 5500 RTLE8023xp ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:41.0343 5500 RTLE8023xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:41.0343 5500 WMDrive ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:41.0343 5500 WMDrive ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:41.0343 5500 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - skipped by user
21:29:41.0343 5500 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Skip
21:29:41.0343 5500 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:29:41.0343 5500 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


OTL.txt

OTL logfile created on: 1/9/2012 9:35:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = L:\Bleeping Computer Virus Check(010412)\BleepingComputer scan programs\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 48.09% Memory free
4.75 Gb Paging File | 3.84 Gb Available in Paging File | 80.70% Paging File free
Paging file location(s): C:\pagefile.sys 3000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 215.55 Gb Total Space | 173.81 Gb Free Space | 80.64% Space Free | Partition Type: NTFS
Drive D: | 215.55 Gb Total Space | 190.71 Gb Free Space | 88.48% Space Free | Partition Type: NTFS
Drive E: | 215.55 Gb Total Space | 167.22 Gb Free Space | 77.58% Space Free | Partition Type: NTFS
Drive F: | 284.87 Gb Total Space | 127.78 Gb Free Space | 44.86% Space Free | Partition Type: NTFS
Drive H: | 2794.49 Gb Total Space | 1766.84 Gb Free Space | 63.23% Space Free | Partition Type: NTFS
Drive L: | 29.93 Gb Total Space | 13.33 Gb Free Space | 44.55% Space Free | Partition Type: FAT32

Computer Name: SHERMAN-RS0N029 | User Name: Sherman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/09 21:20:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- L:\Bleeping Computer Virus Check(010412)\BleepingComputer scan programs\OTL\OTL.exe
PRC - [2011/12/30 22:00:28 | 003,450,832 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/12/28 21:51:39 | 000,637,208 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2011/12/16 14:35:42 | 005,881,952 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2011/12/16 14:33:14 | 000,403,096 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/12/16 14:33:08 | 000,812,800 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/12/16 14:32:04 | 005,953,992 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/12/15 15:00:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/12/15 15:00:12 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/11/07 16:16:12 | 014,767,976 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/21 01:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/08/04 14:25:20 | 001,839,448 | ---- | M] (Crystal Rich Ltd) -- D:\UTILITES\USB Safely Remove\USB Safely Remove\USBSafelyRemove.exe
PRC - [2011/08/04 14:25:20 | 000,257,880 | ---- | M] () -- D:\UTILITES\USB Safely Remove\USB Safely Remove\USBSRService.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- D:\Adobe Acrobat 9 Pro(022609)\Acrobat\acrotray.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/10 12:26:40 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- D:\UTILITES\DiskDefrag Programs\PerfectDisk\PDAgent.exe
PRC - [2010/06/27 01:02:00 | 000,526,992 | ---- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2010/04/15 00:17:14 | 000,427,328 | ---- | M] (DT Soft Ltd) -- D:\UTILITES\Daemon Tools\DAEMON Tools Pro\DTAgent.exe
PRC - [2010/04/05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- D:\UTILITES\WIN_ZIP\WZQKPICK.EXE
PRC - [2009/12/29 13:54:56 | 000,105,632 | ---- | M] (Corel) -- C:\Program Files\Common Files\Corel\Standby\Standby.exe
PRC - [2009/12/16 15:09:20 | 004,064,256 | ---- | M] (Ziff-Davis Media, Inc.) -- D:\UTILITES\Start up Cop Pro 5\Start up Cop Pro 5 Program (010610)\Startup Cop Pro\StartupCopPro.exe
PRC - [2009/10/17 00:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
PRC - [2009/10/17 00:39:40 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- D:\UTILITES\Seagate External 1 TB drive\Sync\FreeAgentService.exe
PRC - [2009/09/25 22:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- D:\UTILITES\Seagate External 1 TB drive\FreeAgent Status\stxmenumgr.exe
PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/04/17 13:17:40 | 001,349,912 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2009/04/10 08:52:40 | 001,277,952 | ---- | M] (Nuance Communications, Inc.) -- E:\PDF Create 5\PdfCreate5Hook.exe
PRC - [2009/03/17 00:26:16 | 000,759,728 | ---- | M] (Skinkers Communications) -- D:\UTILITES\AA Dealfinder(051110)\American Airlines DealFinder\American_Airlines_DealFinder.exe
PRC - [2008/04/13 16:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/20 12:31:12 | 000,053,248 | ---- | M] (HP) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2007/08/01 17:04:34 | 000,203,843 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\SYSTEM32\ngvpnmgr.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/07/24 08:22:54 | 000,801,877 | ---- | M] (ZabKat) -- D:\UTILITES\Xplorer2\xplorer2_UC.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\SYSTEM32\PSIService.exe
PRC - [2007/05/28 08:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\UTILITES\Alcohol120_Dec_15_2004\LifetimeDownload(071809)\Alcohol120_1.9.8.7612(071809)\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/05/09 19:43:00 | 000,151,552 | ---- | M] (mozilla.org) -- D:\Sea_Monkey_1_1_2(070407)\seamonkey.exe
PRC - [2007/01/11 12:01:16 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- E:\Paper Port 11 (090908)\pptd40nt.exe
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/29 16:48:22 | 000,118,784 | ---- | M] (Nikon Corporation) -- E:\NikonPictureProject175\NkbMonitor.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/05/01 00:00:00 | 003,104,768 | ---- | M] (Inbit) -- D:\UTILITIES\FullShot 8\FSHOT8.EXE
PRC - [2004/11/19 18:06:10 | 001,630,208 | ---- | M] (Art Plus Marketing & Publishing) -- D:\UTILITES\ArtPlus\Wallpaper 5_0(090108)\Lite Version 5_0\Wallpaper5\wallpaper.exe
PRC - [2004/08/12 13:55:00 | 000,192,512 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
PRC - [2003/10/14 07:15:46 | 000,065,536 | ---- | M] (Novatix Corporation) -- F:\ExplorerPlus_6_2_0(090107)\Nxdlghlp.exe
PRC - [2002/08/02 17:02:14 | 000,598,528 | ---- | M] (ashampoo GmbH & Co. KG) -- F:\Ashampoo_2002_2003\UIWatcher.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/07 13:01:38 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2012/01/03 21:20:40 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2012/01/03 21:20:01 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2012/01/03 21:16:36 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012/01/03 21:16:32 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2012/01/03 21:16:19 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2012/01/03 21:16:15 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll
MOD - [2012/01/03 21:15:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2012/01/03 21:15:15 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2012/01/03 21:14:37 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012/01/03 21:13:48 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/12/31 14:46:25 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/12/31 14:46:25 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/12/31 14:46:24 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/12/31 14:46:23 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/12/31 14:46:20 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/12/31 14:46:20 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/12/31 14:46:19 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/12/31 14:46:18 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/12/31 14:46:16 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/12/31 14:46:11 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/12/31 02:15:26 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/12/16 14:37:58 | 000,018,784 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
MOD - [2011/12/16 14:02:14 | 000,435,552 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
MOD - [2011/12/15 15:00:24 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/11/03 12:06:56 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/03 12:06:56 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/03 12:06:56 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/08/04 14:25:20 | 000,257,880 | ---- | M] () -- D:\UTILITES\USB Safely Remove\USB Safely Remove\USBSRService.exe
MOD - [2011/03/06 11:40:41 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/03/06 11:40:41 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/03/06 11:40:39 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/03/06 11:40:39 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/03/06 11:40:39 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/03/06 11:40:39 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/03/06 11:40:39 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/03/06 11:40:38 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/03/06 11:40:38 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/03/06 11:40:38 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/03/06 11:40:38 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/06/26 19:28:14 | 004,210,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2010/03/06 22:08:42 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/03/06 22:08:30 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/03/06 22:08:26 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/03/06 22:08:14 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/03/06 22:08:12 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/03/06 22:08:12 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/03/06 22:08:10 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/03/06 22:08:10 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/03/06 22:08:08 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/03/06 22:08:08 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/12/14 12:50:16 | 000,074,240 | ---- | M] () -- D:\UTILITES\WinMount\ShlExt\MountExt.dll
MOD - [2009/12/11 14:16:34 | 000,187,904 | ---- | M] () -- D:\UTILITES\WinMount\ShlExt\BrowserExt.dll
MOD - [2009/03/01 18:36:48 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/03/01 18:36:46 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/03/01 18:36:46 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2009/03/01 18:36:46 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2009/03/01 18:36:46 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2009/03/01 18:36:46 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2009/03/01 18:36:46 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2009/03/01 18:36:44 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/03/01 18:36:44 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/03/01 18:32:08 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/03/01 18:32:08 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2009/03/01 18:32:06 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2009/03/01 18:32:06 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2009/03/01 18:32:06 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2009/03/01 18:32:06 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2009/02/27 15:39:30 | 000,019,968 | ---- | M] () -- D:\Adobe Acrobat 9 Pro(022609)\Acrobat\AcroTray.DEU
MOD - [2009/02/27 15:32:28 | 000,020,480 | ---- | M] () -- D:\Adobe Acrobat 9 Pro(022609)\Acrobat\AcroTray.FRA
MOD - [2008/02/20 12:30:56 | 000,102,400 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPFaxUtilities.dll
MOD - [2008/02/20 12:30:54 | 000,552,960 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\Alerts.dll
MOD - [2008/02/20 12:30:28 | 000,589,824 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPAppTools.dll
MOD - [2008/02/20 12:30:22 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\AppConstants.dll
MOD - [2008/02/20 12:30:20 | 000,040,960 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\Enumeration.dll
MOD - [2008/02/20 12:30:16 | 000,126,976 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPToolkit.dll
MOD - [2008/02/20 12:30:14 | 000,016,384 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPStreamsInterface.dll
MOD - [2008/02/20 12:30:10 | 000,073,728 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPTools.dll
MOD - [2008/02/20 12:29:32 | 000,086,016 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\NativeUtils.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\SYSTEM32\PSIService.exe
MOD - [2007/05/09 19:43:00 | 000,425,984 | ---- | M] () -- D:\Sea_Monkey_1_1_2(070407)\components\msgbase.dll
MOD - [2007/05/09 19:42:00 | 000,147,456 | ---- | M] () -- D:\Sea_Monkey_1_1_2(070407)\components\gkwidget.dll
MOD - [2005/05/01 00:00:00 | 000,368,640 | ---- | M] () -- D:\UTILITIES\FullShot 8\IMAGE123.DLL
MOD - [2005/05/01 00:00:00 | 000,049,152 | ---- | M] () -- D:\UTILITIES\FullShot 8\SHOT8.DLL
MOD - [2002/09/09 15:53:20 | 000,032,768 | ---- | M] () -- C:\Program Files\Citi Virtual Account Numbers\CitiVAN.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (BMUService)
SRV - [2011/12/30 22:00:28 | 003,450,832 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/12/28 21:51:39 | 000,637,208 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV - [2011/12/16 14:35:42 | 005,881,952 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2011/12/16 14:33:08 | 000,812,800 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/12/15 15:00:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/15 15:00:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/04 14:25:20 | 000,257,880 | ---- | M] () [Auto | Running] -- D:\UTILITES\USB Safely Remove\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/10 12:26:40 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- D:\UTILITES\DiskDefrag Programs\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2010/08/10 12:26:30 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- D:\UTILITES\DiskDefrag Programs\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2009/10/17 00:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZONELABS\vsmon.exe -- (vsmon)
SRV - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- D:\UTILITES\Seagate External 1 TB drive\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/04/17 13:17:40 | 001,349,912 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009/02/25 20:45:34 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/01 17:04:34 | 000,203,843 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ngvpnmgr.exe -- (NgVpnMgr)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/28 08:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\UTILITES\Alcohol120_Dec_15_2004\LifetimeDownload(071809)\Alcohol120_1.9.8.7612(071809)\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- D:\UTILITES\CD writing software\Iso Recorder V2RC1 (092208)\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2011/12/31 10:42:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/12/30 22:00:32 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afcdp.sys -- (afcdp)
DRV - [2011/12/30 22:00:21 | 000,766,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2011/12/30 22:00:18 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/12/30 21:59:47 | 000,126,144 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vididr.sys -- (vididr)
DRV - [2011/12/30 21:59:43 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vsflt61.sys -- (vidsflt61) Acronis Disk Storage Filter (61)
DRV - [2011/12/30 21:59:35 | 000,170,752 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011/12/30 21:59:30 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fltsrv.sys -- (fltsrv)
DRV - [2011/12/28 21:51:45 | 000,107,336 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\WRkrn.sys -- (WRkrn)
DRV - [2011/12/15 15:00:35 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2011/12/15 15:00:35 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avkmgr.sys -- (avkmgr)
DRV - [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/11 16:46:12 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/07 05:22:06 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/12/22 20:42:52 | 000,040,112 | ---- | M] (WinMount International Inc) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WMDrive.sys -- (WMDrive)
DRV - [2009/10/17 00:39:42 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (vsdatant)
DRV - [2009/07/07 15:53:04 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\libusb0.sys -- (libusb0)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 10:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mf.sys -- (mf)
DRV - [2008/02/20 20:38:46 | 000,042,944 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV - [2007/11/13 22:48:46 | 000,071,720 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnp680.sys -- (Pnp680)
DRV - [2007/10/20 00:03:30 | 000,050,448 | ---- | M] (InterVideo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iviVD.sys -- (iviVD)
DRV - [2007/10/01 15:24:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys -- (SSKBFD)
DRV - [2007/08/01 17:03:52 | 000,021,656 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ngwfp.sys -- (NgWfp)
DRV - [2007/08/01 17:03:46 | 000,020,632 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ngfilter.sys -- (NgFilter)
DRV - [2007/08/01 17:03:40 | 000,076,440 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ngvpn.sys -- (NgVpn)
DRV - [2007/08/01 17:02:22 | 000,025,240 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nglog.sys -- (NgLog)
DRV - [2007/07/16 12:29:44 | 000,020,504 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hpfxfax.sys -- (HPFXFAX)
DRV - [2007/07/16 12:29:34 | 000,017,432 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hpfxbulk.sys -- (HPFXBULK)
DRV - [2006/12/06 18:41:16 | 000,044,416 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/10/11 11:12:14 | 000,076,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NmPar.sys -- (NmPar)
DRV - [2006/08/14 20:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 18:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2004/08/12 18:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2003/10/28 13:17:52 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | System | Running] -- D:\UTILITES\CD ROM Diagnostics\Infinadyne cd_dvd Diag\Shared\CDRPDACC.sys -- (CDRPDACC)
DRV - [2002/08/28 21:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]


IE - HKU\.DEFAULT\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2000478354-884357618-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com/
IE - HKU\S-1-5-21-2000478354-884357618-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2000478354-884357618-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-2000478354-884357618-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
FF - prefs.js..browser.search.defaultenginename: "Search the Web"
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.order.1: "Search the Web"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\UTILITES\I TUNES Ver 8 (020909)\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\UTILITES\DivX 7 Player Mar 8 2009\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\UTILITES\DivX 7 Player Mar 8 2009\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Adobe Acrobat 9 Pro(022609)\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/11/29 16:16:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/26 16:21:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/26 16:21:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.2\Extensions\\Components: d:\Sea_Monkey_1_1_2(070407)\Components [2007/07/04 18:32:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.2\Extensions\\Plugins: d:\Sea_Monkey_1_1_2(070407)\Plugins [2012/01/08 01:43:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.2\Extensions\\Components: d:\Sea_Monkey_1_1_2(070407)\Components [2007/07/04 18:32:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.2\Extensions\\Plugins: d:\Sea_Monkey_1_1_2(070407)\Plugins [2012/01/08 01:43:40 | 000,000,000 | ---D | M]

[2009/01/29 20:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Application Data\mozilla\Extensions
[2011/12/31 01:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Application Data\mozilla\Firefox\Profiles\yhsjy4yg.default\extensions
[2011/01/23 21:50:30 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Application Data\mozilla\Firefox\Profiles\yhsjy4yg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/12/31 01:01:45 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Application Data\mozilla\Firefox\Profiles\yhsjy4yg.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2010/02/04 15:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Application Data\Mozilla\Firefox\Profiles\yhsjy4yg.default\searchplugins\askcom.xml
[2011/03/06 12:13:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/30 19:56:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/17 10:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CitiUSBrowserHelper Class) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\SYSTEM32\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - E:\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ReGet Bar) - {17939A30-18E2-471E-9D3A-56DD725F1215} - D:\UTILITES\ReGetDx\Ver 5_2 Program Folder\ReGet Deluxe\IEBar.dll (ReGet Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - E:\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKU\S-1-5-21-2000478354-884357618-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - No CLSID value found.
O3 - HKU\S-1-5-21-2000478354-884357618-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Adobe Acrobat 9 Pro(022609)\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Adobe Acrobat 9 Pro(022609)\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [American Airlines DealFinder] D:\UTILITES\AA Dealfinder(051110)\American Airlines DealFinder\American_Airlines_DealFinder.exe (Skinkers Communications)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [IndexSearch] E:\Paper Port 11 (090908)\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\UTILITES\Malwarebytes(112809)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [MaxMenuMgr] D:\UTILITES\Seagate External 1 TB drive\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nuance OmniPage 17-reminder] E:\Omni Page 17 (070910)\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] E:\Paper Port 11 (090908)\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] E:\PDF Create 5\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5ShutDown4Upgrade] "G:\PDFCreate5\System32\PDFCreate\Setup.exe" /l1033 /v"AFTERREBOOT=1" File not found
O4 - HKLM..\Run: [PDFHook] E:\PDF Create 5\pdfcreate5hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] E:\Paper Port 11 (090908)\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Prelaunch OmniPage] E:\Omni Page 17 (070910)\OmniPage17.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [USB Safely Remove] D:\UTILITES\USB Safely Remove\USB Safely Remove\USBSafelyRemove.exe (Crystal Rich Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2000478354-884357618-725345543-1003..\Run: [AlcoholAutomount] D:\UTILITES\Alcohol120_Dec_15_2004\LifetimeDownload(071809)\Alcohol120_1.9.8.7612(071809)\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-2000478354-884357618-725345543-1003..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-2000478354-884357618-725345543-1003..\Run: [Art Plus Wallpaper Calendar] D:\UTILITES\ArtPlus\Wallpaper 5_0(090108)\Lite Version 5_0\Wallpaper5\wallpaper.exe (Art Plus Marketing & Publishing)
O4 - HKU\S-1-5-21-2000478354-884357618-725345543-1003..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKU\S-1-5-21-2000478354-884357618-725345543-1003..\Run: [DAEMON Tools Pro Agent] D:\UTILITES\Daemon Tools\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2000478354-884357618-725345543-1003..\Run: [ISUSPM] C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-2000478354-884357618-725345543-1003..\Run: [OpAgent] "OpAgent.exe" /agent File not found
O4 - HKU\S-1-5-21-2000478354-884357618-725345543-1003..\Run: [SeaMonkey Quick Launch] d:\Sea_Monkey_1_1_2(070407)\SeaMonkey.exe (mozilla.org)
O4 - HKU\S-1-5-21-2000478354-884357618-725345543-1003..\Run: [Startup Cop Pro Startup Launcher] D:\UTILITES\Start up Cop Pro 5\Start up Cop Pro 5 Program (010610)\Startup Cop Pro\StartupCopPro.exe (Ziff-Davis Media, Inc.)
O4 - HKU\S-1-5-21-2000478354-884357618-725345543-1003..\Run: [UIWatcher] F:\Ashampoo_2002_2003\UIWatcher.exe (ashampoo GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 1.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkVwMon.exe.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = E:\NikonPictureProject175\NkbMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = D:\UTILITES\WIN_ZIP\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Sherman\Start Menu\Programs\Startup\Dialog Tracker.lnk = File not found
O4 - Startup: C:\Documents and Settings\Sherman\Start Menu\Programs\Startup\Yahoo! Desktop Search System Tray.lnk = D:\UTILITES\Desktop_Search\Yahoo\YDSsystray.exe ()
O4 - Startup: C:\Documents and Settings\Sherman\Start Menu\Programs\Startup\Yahoo! Desktop Search.lnk = D:\UTILITES\Desktop_Search\Yahoo\YahooDesktopSearch.exe ()
O4 - Startup: C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Start Menu\Programs\Startup\AutoBackup Launcher.lnk = File not found
O4 - Startup: C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Start Menu\Programs\Startup\Dialog Tracker.lnk = F:\ExplorerPlus_6_2_0(090107)\Nxdlghlp.exe (Novatix Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-884357618-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-884357618-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-884357618-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-884357618-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 10 00 00 [binary data]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append the content of the link to existing PDF file - E:\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - E:\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF file - E:\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Create PDF file - E:\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - E:\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - E:\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\cc_link.htm ()
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\cc_all.htm ()
O9 - Extra Button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\VISIO PRO 2007 (021808)\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2000478354-884357618-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-884357618-725345543-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275811083140 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sonicwall.webex.com/client/T25L10NSP41EP2-INTERCALL/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.2.cab (DLM Control)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{170C80BA-FD99-4A73-BEB3-8D4BBF74B611}: DhcpNameServer = 68.87.76.178 68.87.78.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C72D3214-1DC1-4B51-AF5E-89F3BA0FABBB}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (acaptuser32.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (wsmobile\wmdc.) - File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - (ro) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/09/23 14:14:20 | 000,000,240 | ---- | M] () - C:\autoexec -- [ NTFS ]
O32 - AutoRun File - [2009/03/22 20:31:26 | 000,000,359 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/10/10 21:03:58 | 000,000,023 | ---- | M] () - C:\autoexec.iss -- [ NTFS ]
O32 - AutoRun File - [2001/11/25 20:55:12 | 000,000,077 | ---- | M] () - C:\AUTOEXEC.NU4 -- [ NTFS ]
O32 - AutoRun File - [2000/09/23 14:52:46 | 000,000,240 | ---- | M] () - C:\AUTOEXEC.xxx.txt -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck PDBoot.exe)
O34 - HKLM BootExecute: (autocheck PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck lsdelete)
O34 - HKLM BootExecute: (autocheck lsdelete)
O34 - HKLM BootExecute: (autocheck lsdelete)
O34 - HKLM BootExecute: (autocheck lsdelete)
O34 - HKLM BootExecute: (autocheck lsdelete)
O34 - HKLM BootExecute: (autocheck lsdelete)
O34 - HKLM BootExecute: (autocheck lsdelete)
O34 - HKLM BootExecute: (autocheck lsdelete)
O34 - HKLM BootExecute: (autocheck lsdelete)
O34 - HKLM BootExecute: (autocheck lsdelete)
O34 - HKLM BootExecute: (autocheck lsdelete)
O34 - HKLM BootExecute: (autocheck lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/07 15:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/01/07 11:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DVDFab 8 Qt
[2012/01/03 21:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/31 12:09:24 | 000,107,336 | ---- | C] (Webroot) -- C:\WINDOWS\System32\drivers\AGyehUqd.sys
[2011/12/31 02:42:25 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/31 02:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/31 02:42:08 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/31 01:23:21 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Desktop\setup-spybotsd162.exe
[2011/12/31 01:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\adawaretb
[2011/12/31 01:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2011/12/31 01:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2011/12/31 01:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011/12/31 01:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Local Settings\Application Data\adaware
[2011/12/31 01:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection
[2011/12/31 01:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/12/31 01:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Application Data\adawaretb
[2011/12/31 01:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2011/12/31 01:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Lavasoft
[2011/12/31 00:46:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\IETldCache
[2011/12/31 00:39:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/12/31 00:35:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/12/31 00:28:45 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/12/30 22:00:32 | 000,234,752 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys
[2011/12/30 21:59:47 | 000,126,144 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\vididr.sys
[2011/12/30 21:59:42 | 000,084,544 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\vsflt61.sys
[2011/12/30 21:59:30 | 000,077,696 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\fltsrv.sys
[2011/12/30 21:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2011/12/30 20:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Application Data\Avira
[2011/12/30 20:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Avira
[2011/12/30 20:47:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/12/30 20:47:35 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/30 20:47:35 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/12/30 20:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/12/30 20:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2011/12/30 20:14:43 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/12/30 20:14:42 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/12/30 20:12:26 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/12/28 22:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Garmin
[2011/12/28 21:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
[2011/12/28 21:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Webroot SecureAnywhere
[2011/12/28 21:51:48 | 000,141,272 | ---- | C] (Webroot) -- C:\WINDOWS\System32\WRusr.dll
[2011/12/28 21:51:45 | 000,107,336 | ---- | C] (Webroot) -- C:\WINDOWS\System32\drivers\WRkrn.sys
[2011/12/28 21:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/12/28 21:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WRData
[2011/12/28 21:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/28 21:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/28 21:02:41 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/28 20:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2008/04/09 19:14:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Application Data\pcouffin.sys
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1133 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/09 21:29:23 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2012/01/09 21:15:27 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/09 21:11:37 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/09 21:11:27 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/09 21:11:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/09 21:09:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/09 21:08:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/08 22:05:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/08 20:35:30 | 2121,498,624 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012/01/08 15:32:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/08 01:44:19 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Webroot SecureAnywhere.lnk
[2012/01/08 00:20:55 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Desktop\Shortcut to dds.scr.lnk
[2012/01/07 23:17:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/07 11:58:33 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Desktop\DVDFab 8 Qt.lnk
[2012/01/07 11:46:44 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/07 11:46:44 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/03 21:11:42 | 000,651,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/31 14:46:35 | 000,441,436 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/31 14:46:35 | 000,071,628 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/31 14:40:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/31 12:09:25 | 000,107,336 | ---- | M] (Webroot) -- C:\WINDOWS\System32\drivers\AGyehUqd.sys
[2011/12/31 10:42:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/31 02:42:09 | 000,000,957 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/31 02:16:20 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/31 01:27:32 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Desktop\Spybot - Search & Destroy.lnk
[2011/12/31 01:24:22 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Desktop\setup-spybotsd162.exe
[2011/12/31 01:01:24 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2011/12/31 00:47:43 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/30 23:42:55 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Desktop\TrueImage 2012.lnk
[2011/12/30 22:00:32 | 000,234,752 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys
[2011/12/30 22:00:21 | 000,766,496 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys
[2011/12/30 22:00:18 | 000,609,760 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2011/12/30 21:59:47 | 000,126,144 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\vididr.sys
[2011/12/30 21:59:43 | 000,084,544 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\vsflt61.sys
[2011/12/30 21:59:35 | 000,170,752 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2011/12/30 21:59:30 | 000,077,696 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\fltsrv.sys
[2011/12/30 21:59:12 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Acronis True Image Home 2012.lnk
[2011/12/30 21:05:22 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Application Data\Microsoft\Internet Explorer\Quick Launch\USB Safely Remove.lnk
[2011/12/30 20:47:59 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira Control Center.lnk
[2011/12/28 21:51:48 | 000,141,272 | ---- | M] (Webroot) -- C:\WINDOWS\System32\WRusr.dll
[2011/12/28 21:51:45 | 000,107,336 | ---- | M] (Webroot) -- C:\WINDOWS\System32\drivers\WRkrn.sys
[2011/12/28 21:02:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/15 15:00:35 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/15 15:00:35 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/12/15 15:00:35 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1133 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/08 00:20:55 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Desktop\Shortcut to dds.scr.lnk
[2012/01/07 11:58:33 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Desktop\DVDFab 8 Qt.lnk
[2012/01/03 21:20:57 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/03 21:20:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/31 02:42:09 | 000,000,957 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/31 01:01:24 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2011/12/31 00:47:43 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Start Menu\Programs\Internet Explorer.lnk
[2011/12/30 23:42:55 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Desktop\TrueImage 2012.lnk
[2011/12/30 21:59:12 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Acronis True Image Home 2012.lnk
[2011/12/30 21:05:22 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Application Data\Microsoft\Internet Explorer\Quick Launch\USB Safely Remove.lnk
[2011/12/30 20:47:59 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira Control Center.lnk
[2011/12/28 21:51:49 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Webroot SecureAnywhere.lnk
[2011/02/27 21:55:06 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/12 22:59:17 | 000,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin
[2010/11/26 00:01:15 | 000,000,044 | ---- | C] () -- C:\WINDOWS\StartupCopPro.INI
[2010/11/11 21:33:27 | 000,000,071 | ---- | C] () -- C:\WINDOWS\MPCWIN01.INI
[2010/11/11 21:33:10 | 000,000,071 | ---- | C] () -- C:\WINDOWS\MPCWIN00.INI
[2010/11/11 21:24:45 | 000,000,433 | ---- | C] () -- C:\WINDOWS\MPCWIN99.INI
[2010/10/17 20:10:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/16 20:13:08 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2010/07/18 20:45:40 | 000,273,545 | ---- | C] () -- C:\WINDOWS\HLP to RTF Converter Uninstaller.exe
[2010/07/09 20:27:13 | 000,000,371 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/07/02 23:18:14 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Adams65.ini
[2010/07/02 22:25:01 | 000,000,848 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
[2010/06/05 23:05:34 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2010/04/04 19:11:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/01 00:48:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/12/30 18:40:08 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Local Settings\Application Data\fusioncache.dat
[2009/12/11 20:26:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/11 20:26:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/11 20:26:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/11 20:26:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/11 20:26:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/15 20:18:26 | 000,077,356 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/28 13:09:52 | 000,170,335 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/06/08 20:14:02 | 000,002,020 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2009/06/08 20:03:25 | 000,000,853 | ---- | C] () -- C:\WINDOWS\aw2000pr.ini
[2009/04/11 15:27:33 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Application Data\mcs.rma
[2009/03/22 20:33:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2008/12/27 12:52:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\hpmssnpjt.ini
[2008/11/06 08:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 08:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/11/02 09:57:26 | 000,000,665 | R--- | C] () -- C:\WINDOWS\System32\hppapr11.dat
[2008/11/02 09:44:33 | 000,182,540 | ---- | C] () -- C:\WINDOWS\hppins11.dat
[2008/11/02 09:44:33 | 000,005,828 | ---- | C] () -- C:\WINDOWS\hppmdl11.dat
[2008/05/06 20:46:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/05/06 20:46:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/05/06 20:46:45 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/04/09 19:21:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/09 19:14:19 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Application Data\pcouffin.cat
[2008/04/09 19:14:19 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Application Data\pcouffin.inf
[2008/03/04 18:01:39 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/02/19 20:01:16 | 000,000,172 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/01/12 22:47:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\MypubUninstaller.exe
[2008/01/12 22:14:14 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/12/23 17:36:26 | 000,001,344 | ---- | C] () -- C:\WINDOWS\System32\odbcinst.ini
[2007/12/23 17:34:43 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[2007/10/29 20:44:24 | 000,333,043 | ---- | C] () -- C:\WINDOWS\sqlite3.dll
[2007/08/23 20:40:57 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLec.DAT
[2007/08/23 20:32:59 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spacious
[2007/08/23 20:32:59 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Sherman.SHERMAN-RS0N029\Application Data\Sound Effects
[2007/08/23 20:32:59 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLds.DAT
[2007/08/23 20:32:59 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Standard
[2007/08/01 17:06:14 | 000,106,053 | ---- | C] () -- C:\WINDOWS\ngmsi.dll
[2007/08/01 17:05:14 | 000,008,261 | ---- | C] () -- C:\WINDOWS\ngutil.exe
[2007/07/26 20:22:34 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/07/26 20:22:19 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/07/25 14:52:12 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/07/25 13:29:03 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/07/23 12:40:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2007/07/05 19:54:17 | 000,009,391 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2007/07/05 19:54:17 | 000,000,064 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2007/07/05 19:54:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2007/07/05 19:54:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll
[2007/07/05 19:22:59 | 000,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/07/04 19:47:00 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/04 18:32:37 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/04 18:32:34 | 000,118,784 | ---- | C] () -- C:\WINDOWS\SeaMonkeyUninstall.exe
[2007/07/04 18:32:31 | 000,118,784 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2007/07/04 18:32:30 | 000,008,196 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/07/03 04:27:26 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2007/07/03 04:27:25 | 000,447,120 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/07/03 04:10:54 | 000,016,895 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007/07/03 04:10:44 | 000,007,830 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/07/03 04:10:43 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/07/03 04:10:32 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/07/03 03:49:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/03 03:44:23 | 000,022,744 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/07/03 03:23:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/03 03:21:51 | 000,651,472 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/05 12:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2007/03/16 16:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/12/28 18:10:54 | 000,000,108 | RHS- | C] () -- C:\WINDOWS\neoqaz2.dll
[2006/11/30 11:00:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\NmUninst.exe
[2006/11/30 10:51:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\NmCoInst.dll
[2005/05/01 00:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\FS8Unins.exe
[2004/09/10 17:34:26 | 000,220,160 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/29 01:19:46 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/10 17:04:08 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2002/08/29 11:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 11:00:00 | 000,441,436 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 11:00:00 | 000,071,628 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 11:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/19 16:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1996/11/17 00:37:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s1
@Alternate Data Stream - 233 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9B013599
@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FED912DB
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:284D1EE4

< End of report >


Extras.txt

OTL Extras logfile created on: 1/9/2012 9:35:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = L:\Bleeping Computer Virus Check(010412)\BleepingComputer scan programs\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 48.09% Memory free
4.75 Gb Paging File | 3.84 Gb Available in Paging File | 80.70% Paging File free
Paging file location(s): C:\pagefile.sys 3000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 215.55 Gb Total Space | 173.81 Gb Free Space | 80.64% Space Free | Partition Type: NTFS
Drive D: | 215.55 Gb Total Space | 190.71 Gb Free Space | 88.48% Space Free | Partition Type: NTFS
Drive E: | 215.55 Gb Total Space | 167.22 Gb Free Space | 77.58% Space Free | Partition Type: NTFS
Drive F: | 284.87 Gb Total Space | 127.78 Gb Free Space | 44.86% Space Free | Partition Type: NTFS
Drive H: | 2794.49 Gb Total Space | 1766.84 Gb Free Space | 63.23% Space Free | Partition Type: NTFS
Drive L: | 29.93 Gb Total Space | 13.33 Gb Free Space | 44.55% Space Free | Partition Type: FAT32

Computer Name: SHERMAN-RS0N029 | User Name: Sherman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = MozillaHTML] -- D:\Sea_Monkey_1_1_2(070407)\seamonkey.exe (mozilla.org)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- D:\SEA_MO~4\SEAMON~2.EXE -url "%1" (mozilla.org)
https [open] -- D:\SEA_MO~4\SEAMON~2.EXE -url "%1" (mozilla.org)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Photo Pro X3] -- "D:\Corel Photo\Paint Shop Pro X3 (022210)\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [ExplorerPlus FastFind...] -- F:\ExplorerPlus_6_2_0(090107)\NXFind.exe /PATH:%1 (Novatix Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [open_x2] -- "D:\UTILITES\Xplorer2\xplorer2_uc.exe" /1 /M /T "%1" (ZabKat)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\UTILITES\AA Dealfinder(051110)\American Airlines DealFinder\American_Airlines_DealFinder.exe" = D:\UTILITES\AA Dealfinder(051110)\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\TURBOTAX\TURBOTAX_2006\TurboTax Deluxe 2006\32bit\ttax.exe" = D:\TURBOTAX\TURBOTAX_2006\TurboTax Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"D:\TURBOTAX\TURBOTAX_2006\TurboTax Deluxe 2006\32bit\updatemgr.exe" = D:\TURBOTAX\TURBOTAX_2006\TurboTax Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\HP\hp color laserjet cm1312 mfp series\hppfsu_cm1312.exe" = C:\Program Files\HP\hp color laserjet cm1312 mfp series\hppfsu_cm1312.exe:*:Enabled:HP Networked Printer Installer -- ()
"C:\Program Files\hp\hp color laserjet cm1312 mfp series\hppfaxnc2.exe" = C:\Program Files\hp\hp color laserjet cm1312 mfp series\hppfaxnc2.exe:*:Enabled:HP Networked Printer Installer -- (Hewlett-Packard Co.)
"D:\TURBOTAX\TURBOTAX_2007\TurboTax Deluxe 2007\32bit\Ttax.exe" = D:\TURBOTAX\TURBOTAX_2007\TurboTax Deluxe 2007\32bit\Ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"D:\TURBOTAX\TURBOTAX_2007\TurboTax Deluxe 2007\32bit\updatemgr.exe" = D:\TURBOTAX\TURBOTAX_2007\TurboTax Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\UTILITES\AA Dealfinder(051110)\American Airlines DealFinder\American_Airlines_DealFinder.exe" = D:\UTILITES\AA Dealfinder(051110)\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications)
"D:\UTILITES\I TUNES Ver 8 (020909)\iTunes.exe" = D:\UTILITES\I TUNES Ver 8 (020909)\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\adawaretb\dtUser.exe" = C:\Program Files\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Toolbar DTX Broker -- (Visicom Media Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E73E50-6513-4802-8600-B5A5BA185BE3}" = ScanSoft PaperPort 11
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{08D5F667-E1D7-4792-9FFD-5888C8D4A0DF}" = Garmin Training Center
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB 2.0 IrDA Bridge
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1674E8F8-18B1-4999-AC26-F31FB88860BD}" = hppCLJCM1312
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1C5FC1ED-D0B4-4A96-ADF8-D6285FE57086}" = hppSendFaxCM1312
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}" = Flash Drive Tester v1.14
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{325D1D94-4F34-46A7-A489-737C801B931D}" = hppusgCM1312
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{379BD4AB-8633-4B4F-97F4-612E6DD9CA36}" = hppScanToCM1312
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A01DAF7-2FAC-46BA-B46E-EFFBD3B875DF}" = hppManualsCM1312
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C678CC5-CCA1-4FA3-BFDF-5623AACA28A3}" = Serif AlbumPlus SE PRO
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{459E0590-ECD4-490E-9E52-3EF1F1782225}" = Dawn
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = DVD Copy
"{4D9DD45B-E79A-4F04-898E-B2C3769AB729}" = Serif DrawPlus X2
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe Trial 5
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{53F77D44-DBFB-43D5-94F3-E3B0C3628C20}" = hppFaxDrvCM1312
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{596DA8A2-C576-46F5-A92E-8C9CCECE4E9D}" = Serif PagePlus X3
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5D95AD35-368F-47D5-B63A-A082DDF00119}" = Microsoft Digital Image Suite 2006 Editor
"{5E11064C-41D6-4451-B45A-E36DFBCB84AC}" = Download Guard for Internet Explorer
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5F2BDE92-F8CB-4680-A0AF-A8BA299538FB}" = hppTLBXFXCM1312
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{691F4068-81BF-49E3-B32E-FE3E16400119}" = Microsoft Digital Image Suite 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{743D18E2-1B67-4AA9-9E74-B392505A3565}" = Aventail OPSWAT End Point Control
"{74B68E74-908B-48C4-8562-580CF2741BBA}" = Nuance OmniPage 17
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}" = Acronis True Image Home 2012
"{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}Visible" = Acronis True Image Home 2012
"{78E884B8-7DB5-4708-AFE5-DAECEA900EE4}" = Diskeeper 2009 Professional
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B74A294-295C-4542-8A29-C9C0F76AD05B}" = hpzTLBXFX
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{851DE017-C00B-4A50-B413-4C05740AF56E}" = Nuance PDF Create! 5
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 1.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{93CC2FA4-DBCC-4BCE-AC2D-41D5710BF348}" = AdwareAlert
"{95B87E45-CC33-49B6-9B4C-6570941FA90C}" = NTI CD & DVD-Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2A78788-2792-49BF-AF22-5E9296E568F3}" = Aventail Connect
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A4918C89-8E90-4C52-845A-490237D15CD0}" = Perfect Wills, Living Wills, Trusts and Estate Planning
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A7142834-D5E0-44F9-B202-61AD7EABDB06}" = hppPQVideoCM1312
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_947" = Adobe Acrobat 9.4.7 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF57692-36CE-414D-8B47-9908DB14DB18}" = hppFaxUtilityCM1312
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9A391A7-E3C0-45B3-9A8E-1D878C9A3997}" = Serif PagePlus 11 Resources
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0F1732F-DE2D-4A6D-BE19-2D6CF784356C}" = Serif PagePlus X3 Resources
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
"{D6209782-BDE3-461A-81BC-D6BF0965E5F0}" = AutoBackup
"{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
"{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{D8C02397-E0EF-4891-820E-1547DCC6701B}" = ContentHD
"{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
"{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFE3ABF1-84D3-4826-B007-CD3DDD5AD75A}" = Garmin ANT Agent
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F119565C-DC95-48DC-BC2D-CC95612CFAB5}" = hppscanCM1312
"{F1AE162A-2958-4EAD-B861-2EB5FD1D86E9}" = DAK Wave MP3 Editor PRO v5.1b
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC712CA0-A945-11d4-A594-956F6349FC18}" = True Launch Bar
"{FC935397-C56E-4EE3-B9BC-1F7F3EA6CE41}" = Serif PhotoPlus X2
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"123 DVD Clone_is1" = 123 DVD Clone
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"360Share Pro" = 360Share Pro(remove only)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 4.65
"ABC Amber HLP Converter" = ABC Amber HLP Converter
"ActiveTouchMeetingClient" = WebEx
"adawaretb" = Ad-Aware Security Toolbar
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Office Password Recovery" = Advanced Office Password Recovery (remove only)
"American Airlines DealFinder" = American Airlines DealFinder (remove only)
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner (remove only)
"Citi Virtual Account Numbers" = Citi Virtual Account Numbers
"Comcast Rhapsody" = Comcast Rhapsody
"Designer SE Sampler" = Designer SE Sampler
"Diagnostic" = CD/DVD Diagnostic 3.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Download Guard for Internet Explorer" = Download Guard for Internet Explorer
"Driver Magician_is1" = Driver Magician 3.55
"DSMT6" = MathType 6
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"DVDFab 7_is1" = DVDFab 7.0.7.0 (08/06/2010)
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.8 (09/12/2011) Qt
"DVDFab 8_is1" = DVDFab 8.0.5.6 (05/12/2010)
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.2.0
"DVDInfoPro" = DVDInfoPro
"DYMO Label Software" = DYMO Label Software
"ExplorerPlus_6.0" = ExplorerPlus 6
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"FullShot V8" = FullShot V8
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HLP to RTF Converter" = HLP to RTF Converter
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = Corel DVD Copy 6
"InstallShield_{95B87E45-CC33-49B6-9B4C-6570941FA90C}" = NTI CD & DVD-Maker 7 Platinum
"InterActual Player" = InterActual Player
"Karen's Directory Printer" = Karen's Directory Printer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MosChip Technology" = MosChip Multi-IO Controller
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPublisher BookMaker" = MyPublisher BookMaker
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ophcrack" = ophcrack 3.0.1
"Personal Stock Monitor" = Personal Stock Monitor
"PictureItSuite_v11" = Microsoft Digital Image Suite 2006
"RMPrepUSB" = RMPrepUSB
"SCP4_is1" = PC Magazine Startup Cop Pro 5.0
"SeaMonkey (1.1.2)" = SeaMonkey (1.1.2)
"Shop for HP Supplies" = Shop for HP Supplies
"Smart HLP 2 RTF" = Smart HLP 2 RTF
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SystemRequirementsLab" = System Requirements Lab
"thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"Tweak UI 2.10" = Tweak UI
"UBCD4Win_is1" = UBCD4Win 3.20
"USB Safely Remove_is1" = USB Safely Remove 4.7
"VISPROR" = Microsoft Office Visio Professional 2007
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMount3_is1" = WinMount V3.2.1217
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WRUNINST" = Webroot SecureAnywhere
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xplorer2p" = xplorer² professional
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm Pro" = ZoneAlarm Pro

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2000478354-884357618-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"Art Plus Wallpaper Calendar 5.x" = Art Plus Wallpaper Calendar LITE 5.0.1
"InstallShield_{D6209782-BDE3-461A-81BC-D6BF0965E5F0}" = AutoBackup
"ReGetDx" = ReGet Deluxe
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/8/2012 9:59:05 AM | Computer Name = SHERMAN-RS0N029 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AD7E1C28B064EF8F6003402014C3D0E3370EB58A.crt>
with error: The connection with the server was terminated abnormally

Error - 1/8/2012 9:59:05 AM | Computer Name = SHERMAN-RS0N029 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AD7E1C28B064EF8F6003402014C3D0E3370EB58A.crt>
with error: This network connection does not exist.

Error - 1/8/2012 9:59:05 AM | Computer Name = SHERMAN-RS0N029 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AD7E1C28B064EF8F6003402014C3D0E3370EB58A.crt>
with error: This network connection does not exist.

Error - 1/8/2012 9:59:05 AM | Computer Name = SHERMAN-RS0N029 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AD7E1C28B064EF8F6003402014C3D0E3370EB58A.crt>
with error: This network connection does not exist.

Error - 1/8/2012 11:24:02 PM | Computer Name = SHERMAN-RS0N029 | Source = Application Error | ID = 1000
Description = Faulting application seamon~2.exe, version 1.8.20070.50918, faulting
module gkgfxwin.dll, version 1.8.20070.50918, fault address 0x0000ea54.

Error - 1/8/2012 11:50:33 PM | Computer Name = SHERMAN-RS0N029 | Source = Application Error | ID = 1000
Description = Faulting application seamonkey.exe, version 1.8.20070.50918, faulting
module gkgfxwin.dll, version 1.8.20070.50918, fault address 0x0000ea54.

Error - 1/9/2012 1:07:12 AM | Computer Name = SHERMAN-RS0N029 | Source = Application Error | ID = 1000
Description = Faulting application nero.exe, version 6.6.1.7, faulting module nero.exe,
version 6.6.1.7, fault address 0x003554c7.

Error - 1/10/2012 1:23:41 AM | Computer Name = SHERMAN-RS0N029 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/10/2012 1:23:42 AM | Computer Name = SHERMAN-RS0N029 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/10/2012 1:23:42 AM | Computer Name = SHERMAN-RS0N029 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 1/9/2012 12:37:27 AM | Computer Name = SHERMAN-RS0N029 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 1/9/2012 12:39:14 AM | Computer Name = SHERMAN-RS0N029 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 1/9/2012 2:02:22 AM | Computer Name = SHERMAN-RS0N029 | Source = JRAID | ID = 262153
Description = The device, \Device\Scsi\JRAID1, did not respond within the timeout
period.

Error - 1/10/2012 1:09:45 AM | Computer Name = SHERMAN-RS0N029 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor
service to connect.

Error - 1/10/2012 1:09:45 AM | Computer Name = SHERMAN-RS0N029 | Source = Service Control Manager | ID = 7000
Description = The TrueVector Internet Monitor service failed to start due to the
following error: %%1053

Error - 1/10/2012 1:09:45 AM | Computer Name = SHERMAN-RS0N029 | Source = Service Control Manager | ID = 7000
Description = The AutoBackup service failed to start due to the following error:
%%3

Error - 1/10/2012 1:09:45 AM | Computer Name = SHERMAN-RS0N029 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 1/10/2012 1:11:22 AM | Computer Name = SHERMAN-RS0N029 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 1/10/2012 1:14:54 AM | Computer Name = SHERMAN-RS0N029 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor
service to connect.

Error - 1/10/2012 1:14:54 AM | Computer Name = SHERMAN-RS0N029 | Source = Service Control Manager | ID = 7000
Description = The TrueVector Internet Monitor service failed to start due to the
following error: %%1053


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:17 AM

Posted 10 January 2012 - 09:15 AM

Hi!

From what I can gather from your latest logs it looks like you have a TDL4 infection.

We'll run a more powerful tool below to try and address this issue, and a few others that it might find.

Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 krazykat

krazykat
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 12 January 2012 - 03:05 AM

Hello ST,

I had a hard time getting COMBOFix to run. I wen to the web site link in you reply and clicked on the link. Got the download message, but as soon as the down load started my browser froze. I was using SeaMonkey. Tried several times but the same results. So I opened FireFox, and got the same thing. So I went to another computer and downloaded
COMBOFix to a thumb drive and transferred it to my desk top. Double clicked and comcofix started but then gave a warning that "Webroot SecureAnawhere" was running. I disabled it from my system tray, used msconfig toremove the WSRA.exe from the start menu, disconnected from the internet and rebooted. Webroot did not appear in my system tray, and task manager did not list WSRA.exe as running. I restarted Combofix and received the same warning about Webroot but this time let the program start. Combofix started, asked to update the recovery console (which I said OK). COMBOFIX also said it would restart maybe two times and to select to continue rather than use the recovery console.
ComboFix finished the scan and produced an on screen log file, but did not reboot. The windows deskto screen was reduced in size and no desk top icons were present. I copied the ComboFix log file to my thumb drive as a backup. The file is very large -- over a meg. Here is the file
I could not post the reply. got error message the file was too long. I removed some of the . tmp lines and a lot of other lines. I can email or attach if you have a way to handle a large file?


ComboFix 12-01-11.01 - Sherman 01/11/2012 22:24:42.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2023.1266 [GMT -8:00]
Running from: J:\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
FW: ZoneAlarm Pro Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\284D1EE4.TMP
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\9B013599.TMP
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\FED912DB.TMP
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
c:\documents and settings\Sherman.SHERMAN-RS0N029\WINDOWS
c:\windows\dasetup.log
c:\windows\iun6002.exe
c:\windows\system32\PowerToyReadme.htm
cc:\windows\system32\SETFED.tmp
c:\windows\system32\SETFFC.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 06:12 . 2012-01-12 06:12 56200 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Windows Defender\Definition Updates\{EA598AA0-53F6-4F76-A0AA-FDE43BEDF120}\offreg.dll
2012-01-12 04:47 . 2011-11-30 10:21 6823496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Windows Defender\Definition Updates\{EA598AA0-53F6-4F76-A0AA-FDE43BEDF120}\mpengine.dll
2012-01-07 23:36 . 2012-01-07 23:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-12-31 20:09 . 2011-12-31 20:09 107336 ----a-w- c:\windows\system32\drivers\AGyehUqd.sys
2011-12-31 10:42 . 2011-12-31 18:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-31 10:42 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-31 09:18 . 2011-12-31 09:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\adawaretb
2011-12-31 09:05 . 2011-12-31 09:05 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2011-12-31 09:05 . 2011-12-31 09:05 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2011-12-31 09:05 . 2011-12-31 09:05 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-12-31 09:02 . 2011-12-31 09:44 -------- d-----w- c:\documents and settings\Sherman.SHERMAN-RS0N029\Local Settings\Application Data\adaware
2011-12-31 09:02 . 2012-01-12 05:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection
2011-12-31 09:01 . 2011-12-31 09:01 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-31 09:01 . 2011-12-31 09:02 -------- d-----w- c:\documents and settings\Sherman.SHERMAN-RS0N029\Application Data\adawaretb
2011-12-31 09:01 . 2011-12-31 09:01 -------- d-----w- c:\program files\adawaretb
2011-12-31 08:46 . 2011-12-31 08:46 -------- d-sh--w- c:\documents and settings\Sherman.SHERMAN-RS0N029\IETldCache
2011-12-31 08:35 . 2011-12-31 08:37 -------- dc-h--w- c:\windows\ie8
2011-12-31 08:28 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-12-31 08:28 . 2011-11-04 19:20 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-12-31 08:28 . 2011-11-04 19:20 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-12-31 08:28 . 2011-11-04 19:20 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-12-31 06:00 . 2011-12-31 06:00 234752 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-12-31 05:59 . 2011-12-31 05:59 126144 ----a-w- c:\windows\system32\drivers\vididr.sys
2011-12-31 05:59 . 2011-12-31 05:59 84544 ----a-w- c:\windows\system32\drivers\vsflt61.sys
2011-12-31 05:59 . 2011-12-31 05:59 77696 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2011-12-31 05:58 . 2011-12-31 05:58 -------- d-----w- c:\program files\Acronis
2011-12-31 04:53 . 2011-12-31 04:53 -------- d-----w- c:\documents and settings\Sherman.SHERMAN-RS0N029\Application Data\Avira
2011-12-31 04:47 . 2011-12-15 23:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-31 04:47 . 2011-12-15 23:00 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-31 04:47 . 2011-12-31 04:47 -------- d-----w- c:\program files\Avira
2011-12-31 04:47 . 2011-12-31 04:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2011-12-31 04:14 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-12-31 04:14 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-12-31 04:12 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-12-29 06:07 . 2011-12-29 06:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Garmin
2011-12-29 05:53 . 2011-12-29 05:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Webroot
2011-12-29 05:51 . 2011-12-29 05:51 141272 ----a-w- c:\windows\system32\WRusr.dll
2011-12-29 05:51 . 2011-12-29 05:51 107336 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2011-12-29 05:51 . 2012-01-12 05:48 -------- d-----w- c:\program files\Webroot
2011-12-29 05:37 . 2012-01-12 04:38 -------- d-----w- c:\documents and settings\All 00:12 122880 c:\windows\ServicePackFiles\i386\oledlg.dll
+ 2007-07-25 23:30 . 2008-04-14 00:12 487424 c:\windows\ServicePackFiles\i386\oledb32.dll
- 2007-07-25 23:30 . 2004-08-04 07:56 487424 c:\windows\ServicePackFiles\i386\oledb32.dll
+ 2007-07-25 23:30 . 2008-04-14 00:12 551936 c:\windows\ServicePackFiles\i386\oleaut32.dll
+ 2007-07-25 23:30 . 2008-04-14 00:12 192000 c:\windows\ServicePackFiles\i386\offfilt.dll
- 2007-07-25 23:30 . 2004-08-04 07:56 104448 c:\windows\ServicePackFiles\i386\oeimport.dll
+ 2007ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
HKCU-Run-OpAgent - OpAgent.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - d:\utilites\Malwarebytes(112809)\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-PDF5ShutDown4Upgrade - g:\pdfcreate5\System32\PDFCreate\Setup.exe
MSConfigStartUp-WRSVC - c:\program files\Webroot\WRSA.exe
AddRemove-Driver Magician_is1 - n:\driver back up software\Driver Magician\Driver Magician\unins000.exe
AddRemove-ExplorerPlus_6.0 - c:\windows\iun6002.exe
AddRemove-WRUNINST - c:\program files\Webroot\WRSA.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-11 22:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST31000340AS rev.AD14 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-12
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A81D31B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1232)
c:\windows\system32\relog_ap.dll
.
Completion time: 2012-01-11 22:42:27
ComboFix-quarantined-files.txt 2012-01-12 06:42
ComboFix2.txt 2010-06-06 07:06
ComboFix3.txt 2009-12-12 04:44
.
Pre-Run: 186,814,857,728 bytes free
Post-Run: 187,410,499,584 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 1371D5CBBC5CA32DF9E486B193BC3198

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:17 AM

Posted 12 January 2012 - 03:29 AM

Could you please drop the ComboFix.txt log in my submission channel?

Uploading File
Please visit this site & follow the instructions for uploading the file mentioned below.
Copy/paste the contents of the Code Box below into the Link to topic where this file was requested: box:
http://www.bleepingcomputer.com/forums/topic436922.html/page__view__findpost__p__2550211
Click Browse & navigate to where the ComboFix.txt log file is saved.

Do me a favor and post back once you've submitted the file.

Cheers,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 krazykat

krazykat
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 12 January 2012 - 05:14 PM

Hello ST,

I have posted the ComboFix log to the site you referenced. Received a reply the post was sussessful, so you should be able to review

I also have some disturbing news. After I posted the partial ComboFix log I went to turn off my computer (I was using laptop to post, my desktop has the problem). The ComboFix log text was still being displayed by note pad and the screen was still the reduced size ( a border on all 4 sides) desk top with no icons shown. I click to close notepad but could get no other response from keyboard or mouse. I finally had to use the power OFF switch to to turn OFF.

I powered back on, computer went through the boot process, but ended up at the same display; reduced size desktop with no desktop icons, including the windows “start” icon. Mouse pointer was active, but no response to mouse clicks. Keyboard was only responsive to Ctrl,shift, Esc, bring up the task manager. Task manager showed processes running, but no applications running. Some of the task manager tabs responded. The “File” tab responded but the tab with the dropdown to “stop” or “restart” would drop down m but non responsive to selecting stop or restart. Powered down with the OFF switch and rebooted to “last known good” option. Boot ended up at the sane desktop with no icons. Powered down, powered up and went to safe mode” Safe mode finished boot at essentially the same place, a blank (black) screen with no icons. Had to power OFF to exit. When selecting to go to Safe mode, the recovery console was a choice but I have not tried to boot to the recovery console.

As I said some disturbing news. Suggestions??

Thanks, Sherman

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:17 AM

Posted 13 January 2012 - 01:47 AM

Hi Sherman!

Oh noes! That doesn't sound good. Do you by any chance have your Windows XP disc? I'd like to maybe try running some advanced fixes, but some of these will require the use of a Windows XP disc.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 krazykat

krazykat
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 13 January 2012 - 01:05 PM

ST
Yes I have the Original XP "install" disk. It is XP PRO SP2 ventage. Let me know and I will also do some thinking.

Thanks,

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:17 AM

Posted 14 January 2012 - 02:32 AM

Hi Sherman,

I'm going to ask that you read this post in it's entirety before you proceed with attempting these instructions. If you have any questions, please feel free to ask me.

This is definitely an interesting case. I'm a bit conflicted here, as there are a couple of things that can be going on with your computer. There is an infection that is making it's rounds that messes with the file attributes of files and folders and hides them, some variants of this infection will even move the desktop icon shortcuts to your temporary files so that when you run a temp cleaner it'll remove them. This is one thought that came to my mind when you described the latest issue with the black desktop with no icons. However, your logs don't seem to show evidence that you were infected with that infection, and combined with the fact that you also mention not having access to your start menu, lead me to believe that it's not the case with your computer.

If you'd like you can try to run these two utilities below and see if they will bring back some of your missing items, but I'm not entirely sure they'll restore anything.

But if you're not still able to mouse click while booted into Windows, then I'm not sure how successfully you're going to be in running this tools.

However, if you're able to mouse click in Windows then you'll want to load the two tools below onto your USB device, and launch the Run dialog box. There is a possibility that it may not work, but you can try to launch it by pressing the Windows Key + R

This should display the Windows Run Dialog box.

You'll want to click on the Browse button and find your USB device via the drop down menu and select the tools one at a time to run. You'll want to let UnHide run, and then once it's complete see if anything has changed, if it hasn't you can try running the second download link.

We can try to download and run two utilities to try and restore your items.

If you're not able to launch Internet Explorer via the Start menu, please try launching it via the Run dialog box.

Press the Windows Key + R this should bring up the run dialog box.

The links to download the two tools are here:

UnHide.exe by Grinler.

Start Menu Reset for XP

____________________________________________________

Another possibility is that the infection you had has damaged some key system files, and replacing them maybe required.

There is a scan that we can run called System File Checker to check for this, but it'll have to be run in Windows while booted in Normal mode.

Make sure you have your XP Disc handy.

The System File Checker (Sfc.exe) utility is used for scanning protected operating system files to verify their version and integrity. If System File Checker detects any operating system file with the incorrect file version, it replaces the corrupted file with a file that has the correct version from the Windows installation source files.

You'll need to bring up the run dialog box again (Windows key + R) and type in: cmd

Hit ENTER

You should see a blank window pop-up titled Command Prompt or CMD.exe

At this screen you will want to type in: sfc /purgecache

Hit ENTER

Please Note::

You may be prompted to provide Windows installation source files when you run the sfc /purgecache command. If the command is completed successfully, you will receive the following message:
Windows File Protection successfully made the requested change.
At the command prompt, type sfc /scannow, and then press ENTER.

Please Note::

This command may take several minutes to finish. You may also be
prompted to provide Windows installation source files when you run the sfc /scannow command.

____________________________________________________

There is another option that we may need to try next, but I'd like to wait and see how you make out with the above before I go ahead and give you those instructions.

Please keep me updated.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 krazykat

krazykat
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 16 January 2012 - 04:41 PM

ST,

Thanks for the reply and instructions. I will read ALL before I make any changes. I did a little "memory recall" since last Friday. I had a similar problem some time ago ---- boot to desktop with no icons or start button present. Here is suggestions I found. Suggestion 1 worked, but icons were slow to load the first couple of times to boot.
I could boot to my no-icon desk top, use CTRL+Shift+Esc to bring up Task Manager. Then check processes to see if explorer.exe and /or iexplore.exe is running. If neither is running I could start either or both --- assuming the New Tasks menu selection works.

Comments? Won't do anything until I have your response.

Sherman

#12 krazykat

krazykat
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 17 January 2012 - 12:55 AM

ST,
Ran a check of the Task manager. Here are the results:

Did a normal boot to desktop
Desktop appeared rolling meadow, blue sky but no icons or start icom
did Ctrl,shift,Esc and Task manager started
Clicked on Processes and could see all processes running, "explorer.exe" nor Iexplorer.exe was running
Clicked on File and drop down box appeared with 2 cchoices "New task (run) and End task nmanager.
Clicked on New Taks (run) and runbox appeared
Clicked on Browse and could access all partitions on internal hard drive, external hard drive and CD drives
Run bos was populated with msinfo, so I clicked OK and msinfo opened.
Shut down tab items would not work
click on File, end task manager an dtask manager ended
could not get Taks manager to restart with Ctrl, shift Esc.
So I probably could run the Unhide.exe and or Start Menu Reset for XP
I did not plug in a thumb drive to check
I do feel the explorer.exe and or iexplore.exe would run.

Let me know what you suggest.

Sherman

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:17 AM

Posted 17 January 2012 - 04:01 AM

Hi Sherman,

That's very interesting.

I'm starting to think that a registry key is set with the wrong value.

Lets see if manually starting the explorer.exe service does anything to bring up your desktop as well as your icons.

Please launch Task Manager, go to File > New Process (Run) > type in explorer.exe and see if that brings your Desktop + icons up.

Let me know how that goes.

ST.

Edited by SweetTech, 17 January 2012 - 04:02 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 krazykat

krazykat
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 22 January 2012 - 12:19 AM

ST,

Here are the results of the test I have run.

Booted the computer and started Task manager. Entered explorer.exe in the File (run) box and hit return. No errors, no change in the screen and explorer.exe did not appear in "processes". Same thing for iexplore.exe. I did verify that both files are in the C:\windows directory. So, that was not successful.

I down loaded both Unhide.exe and Start Menu Reset for XP to my thumb drive. Booted the computer, started Task manager and was able to use the Brouse function to run both programs. Both programs ran with no errors, but no change in screen appearance. Start menu asked for a restart when it finished, but a restart did not produce any difference.

So, what are the next steps?

There is an alternative; before I started any of the scans I made a commplete disk image backup (using Acronis). I used the Acronis emergency boot disk to boot to the Acronis restore program( glad I made that disk. I was able to locate the backup (external hard drive) and Acronis said it was ready to restore. I did not do the restore, but I assume Acronis will be able to restore. So, if successful, the computer would be back to the same state when we started. We would have to do all the scans over and maybe this time do something to keep combofix from crashing. I can uninstall spysweeper rather than disable if that mskes combo fix happy.

Thanks,

Sherman

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:17 AM

Posted 22 January 2012 - 06:07 AM

Hi Sherman,

That was a smart decision to take! I wish more users were like you in that aspect.

It maybe easier for us if we just go ahead and run the back-up from Acronis.

But before we do that, I'd like to have us try to see if we can get OTL running and see if we can get a log file from it.

Can you launch the task manager, and try to browse to your desktop and see if the OTL file is listed there if it is, please go ahead and run OTL. Run a Quick Scan, and post the log for me. I'm not exactly sure if that's going to work, but if it does, it may provide me with some more information to try and pinpoint exactly what's going on with the desktop issue.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users