Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infection program unknown


  • This topic is locked This topic is locked
20 replies to this topic

#1 guitarsrkewl08

guitarsrkewl08

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 12 January 2012 - 08:19 PM

had virus found on mbam assumed that was the virus that was causing the keyboard to disabled and the internet to not work properly it said somthing about a proxy virus or somthing so removed it but keyboard still keeps getting disabled and internet keeps going off on startup when entering into safe mode i have neither problem only on regular boot any ways here is a hijackthis log

StartupList report, 1/11/2012, 10:51:38 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HiJackThis\HiJackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16791)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
c:\program files\teamviewer\version7\TeamViewer_Desktop.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

PS2 = C:\WINDOWS\system32\ps2.exe
MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) = 

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - (no file) - AutorunsDisabled
(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - (no file) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
(no name) - (no file) - {5C255C8A-E604-49b4-9D64-90988571CECB}
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
(no name) - C:\Program Files\Windows Live\Toolbar\wltcore.dll - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

GlaryInitialize.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

[Disney Online Games ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\DISNEY~1.OCX
CODEBASE = http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab

[AXIDMDCP Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IDMFlash.dll
CODEBASE = http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

[System Requirements Lab Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\sysreqlab_ind.dll
CODEBASE = http://www.srtest.com/srl_bin/sysreqlab_ind.cab
OSD = C:\WINDOWS\Downloaded Program Files\sysreqlab.osd

[UnoCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll
CODEBASE = http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab

[GameLauncher Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\GAMELA~1.OCX
CODEBASE = http://www.acclaim.com/cabs/acclaim_v5.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

[MSN Games - Installer]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

[CGameManagerCtrl Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\DIGGameManager.dll
CODEBASE = https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash11c.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MineSweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
End of report, 9,228 bytes
Report generated in 0.125 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:42 PM

Posted 14 January 2012 - 04:45 PM

Hi,

Please do the following:



Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 guitarsrkewl08

guitarsrkewl08
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 14 January 2012 - 11:57 PM

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/22/2005 12:36:29 PM
System Uptime: 1/14/2012 3:21:53 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | Grouper
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 143 GiB total, 101.601 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.757 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP563: 10/13/2011 6:06:19 PM - System Checkpoint
RP564: 10/15/2011 2:14:02 PM - System Checkpoint
RP565: 10/17/2011 12:10:40 PM - System Checkpoint
RP566: 10/19/2011 12:42:11 PM - System Checkpoint
RP567: 10/26/2011 12:38:35 PM - Installed Java(TM) 6 Update 29
RP568: 10/26/2011 8:31:02 PM - Installed RuneScape Launcher 1.1
RP569: 10/29/2011 7:01:19 PM - System Checkpoint
RP570: 10/31/2011 12:09:48 PM - System Checkpoint
RP571: 11/2/2011 6:28:28 PM - System Checkpoint
RP572: 11/3/2011 9:58:40 PM - System Checkpoint
RP573: 11/8/2011 10:49:32 AM - System Checkpoint
RP574: 11/9/2011 2:40:17 PM - System Checkpoint
RP575: 11/11/2011 7:47:54 PM - System Checkpoint
RP576: 11/12/2011 11:37:48 PM - System Checkpoint
RP577: 11/13/2011 12:37:04 AM - Installed DirectX
RP578: 11/13/2011 12:37:18 AM - Installed DirectX
RP579: 11/13/2011 12:46:35 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP580: 11/13/2011 12:49:22 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP581: 11/13/2011 12:51:09 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP582: 11/13/2011 12:54:49 AM - Installed DirectX
RP583: 11/14/2011 10:30:38 AM - System Checkpoint
RP584: 11/22/2011 3:12:42 PM - Removed RuneScape Launcher 1.1
RP585: 11/22/2011 3:14:52 PM - Installed RuneScape Launcher 1.2
RP586: 11/24/2011 1:53:33 PM - Installed Saddle Up
RP587: 11/24/2011 1:54:38 PM - Installed Saddle Up
RP588: 11/25/2011 10:04:47 PM - Removed Saddle Up
RP589: 11/25/2011 10:35:44 PM - Installed WolfQuest
RP590: 11/27/2011 3:53:18 PM - System Checkpoint
RP591: 11/29/2011 12:20:54 PM - Removed WolfQuest
RP592: 11/30/2011 3:27:13 PM - System Checkpoint
RP593: 12/4/2011 10:05:19 PM - System Checkpoint
RP594: 12/6/2011 6:19:43 PM - System Checkpoint
RP595: 12/11/2011 2:38:20 PM - System Checkpoint
RP596: 12/12/2011 4:14:04 PM - System Checkpoint
RP597: 12/15/2011 6:28:52 PM - System Checkpoint
RP598: 12/17/2011 4:37:58 PM - System Checkpoint
RP599: 12/19/2011 4:48:45 PM - System Checkpoint
RP600: 12/21/2011 12:12:38 PM - System Checkpoint
RP601: 12/22/2011 5:55:33 PM - System Checkpoint
RP602: 12/23/2011 9:33:53 PM - System Checkpoint
RP603: 12/26/2011 1:06:01 PM - System Checkpoint
RP604: 12/27/2011 1:58:31 PM - System Checkpoint
RP605: 12/28/2011 11:26:14 PM - System Checkpoint
RP606: 12/31/2011 1:24:44 PM - System Checkpoint
RP607: 1/1/2012 7:45:18 PM - System Checkpoint
RP608: 1/3/2012 12:51:08 PM - System Checkpoint
RP609: 1/5/2012 2:10:19 PM - System Checkpoint
RP610: 1/10/2012 11:40:02 AM - System Checkpoint
RP611: 1/11/2012 12:02:46 PM - System Checkpoint
RP612: 1/11/2012 10:09:38 PM - Restore Operation
RP613: 1/11/2012 10:30:38 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 5.0
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 6.0
Adobe Reader 7.0
Adobe Shockwave Player
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
BufferChm
CameraDrivers
CardRd81
CCleaner
CCScore
Copy
Counter-Strike 1.6 DiGiTALZONE
CR2
CreativeProjects
CreativeProjectsTemplates
Cucusoft YouTube Mate 8.08
CueTour
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Codec
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
DNA
DocProc
DocumentViewer
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
eSupportQFolder
ExtraPutty 0.22
F4200_Help
Far Cry (Patch 1.4)
Fax
FileZilla Client 3.3.3
FlashMute
GIMP 2.6.7
Glary Utilities 2.12.0.658
GPBaseService
Help and Support Additions
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Customer Participation Program 10.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.2
HP Image Zone Plus 4.2
HP Imaging Device Functions 10.0
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP Photosmart Essential 2.5
HP PrecisionScan LTX
HP PSC & OfficeJet 4.0
HP Smart Web Printing
HP Solution Center 10.0
HP Update
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HPIZ402
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
HPSystemDiagnostics
InstantShare
Intel(R) Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 29
Java(TM) SE Development Kit 6 Update 26
Junk Mail filter update
KBD
Kodak EasyShare software
KSU
M8 Free Multi Clipboard
Mahjongg Master Egyptian Edition
Malwarebytes' Anti-Malware version 1.51.2.1300
Map Button (Windows Live Toolbar)
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 7.0
Mozilla Firefox 10.0 (x86 en-US)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 3.5 magicMoments - HPD
Notepad++
Notifier
OpenOffice.org Installer 1.0
OTtBP
OTtBPSDK
Pando Media Booster
PC-Doctor for Windows
PHOTOfunSTUDIO 5.0 HD Edition
PhotoGallery
Popup Blocker (Windows Live Toolbar)
PrintScreen
PS2
PSSWCORE
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Realtek High Definition Audio Driver
RuneScape Launcher 1.2
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Segoe UI
SFR
SHASTA
Shop for HP Supplies
SKIN0001
SkinsHP1
SkinsHP2
SKINXSDK
Skype™ 5.5
Smart Menus (Windows Live Toolbar)
SmartWebPrintingOC
SolutionCenter
Sonic RecordNow!
Status
SwiftKit
System Requirements Lab
TeamViewer 6
TeamViewer 7
TightVNC 2.0.3
Toolbox
TrayApp
Unity Web Player
Unload
UnloadSupport
Unlocker 1.8.7
Update Installer for WildTangent Games App
Updates from HP
Ventrilo Client
VideoToolkit01
VPRINTOL
WebFldrs XP
WebReg
WildTangent Games
WildTangent Games App
Winamp (remove only)
WindowBlinds
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012 8:34:37 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/8/2012 9:23:05 AM, error: Print [19]  - Sharing printer failed + 1722, Printer HP Deskjet F4200 series share name HPDeskje.
1/7/2012 12:44:32 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.2 for the Network Card with network address 00112F51F857 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/13/2012 12:18:41 AM, error: PlugPlayManager [11]  - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
1/12/2012 7:11:11 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
1/12/2012 7:11:11 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
1/12/2012 7:11:11 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/12/2012 7:11:11 PM, error: Service Control Manager [7001]  - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/12/2012 7:11:11 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/12/2012 7:11:11 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBT service which failed to start because of the following error:  A device attached to the system is not functioning.
1/12/2012 7:10:28 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/11/2012 9:36:24 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips intelppm
1/11/2012 9:35:12 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/11/2012 11:21:55 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/11/2012 11:08:06 AM, error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
1/10/2012 2:07:50 PM, error: Service Control Manager [7031]  - The TeamViewer 6 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/10/2012 2:07:48 PM, error: Service Control Manager [7031]  - The TeamViewer 7 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
1/10/2012 12:22:01 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.3 for the Network Card with network address 00112F51F857 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================




dds
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.11  BrowserJavaVersion: 1.6.0_29
Run by HP_Owner at 16:05:43 on 2012-01-14
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.503.245 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\Documents and Settings\HP_Owner\Desktop\Elya's Folder\ShowMyPC3010.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\IXP001.TMP\SMPCSetup.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\IXP001.TMP\sps.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\IXP001.TMP\smwinvnc.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com
BHO: Updater For eGames Toolbar - No File
autorunsdisabled
{02478d38-c3f9-4efb-9b51-7695eca05670}
{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}
{5c255c8a-e604-49b4-9d64-90988571cecb}
BHO: SearchHelperBho Class: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
mRun: [PS2] c:\windows\system32\ps2.exe
mRunOnce: [wextract_cleanup0] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\hp_owner\locals~1\temp\ixp000.tmp\"
mRunOnce: [wextract_cleanup1] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\hp_owner\locals~1\temp\ixp001.tmp\"
mRunOnce: [wextract_cleanup2] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\hp_owner\locals~1\temp\ixp002.tmp\"
mRunOnce: [wextract_cleanup3] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\hp_owner\locals~1\temp\ixp003.tmp\"
mRunOnce: [wextract_cleanup4] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\hp_owner\locals~1\temp\ixp004.tmp\"
mRunOnce: [wextract_cleanup5] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\hp_owner\locals~1\temp\ixp000.tmp\"
mRunOnce: [wextract_cleanup6] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\hp_owner\locals~1\temp\ixp001.tmp\"
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AAC6F04F-1443-436E-87D6-23F6B595CF12} : DhcpNameServer = 192.168.2.1
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\WBSrv.dll
AppInit_DLLs: c:\windows\system32\wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\bnzeakb7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://freddieyoho.com/quicklinks/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\hp_owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-17 54752]
S2 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-15 2280312]
S2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
.
=============== Created Last 30 ================
.
2012-01-13 06:34:57	98816	----a-w-	c:\windows\sed.exe
2012-01-13 06:34:57	518144	----a-w-	c:\windows\SWREG.exe
2012-01-13 06:34:57	256000	----a-w-	c:\windows\PEV.exe
2012-01-13 06:34:57	208896	----a-w-	c:\windows\MBR.exe
2012-01-13 05:29:19	--------	d-----w-	c:\documents and settings\hp_owner\local settings\application data\RcIncidents
2012-01-12 05:30:40	388096	----a-r-	c:\documents and settings\hp_owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-12 05:30:39	--------	d-----w-	c:\program files\Trend Micro
2012-01-12 02:43:56	1409	----a-w-	c:\windows\QTFont.for
2011-12-26 02:47:40	--------	d-----w-	c:\program files\Counter-Strike 1.6 V42 DiGiTALZONE
2011-12-23 22:41:06	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-16 01:52:00	--------	d-----w-	c:\documents and settings\hp_owner\application data\54253
.
==================== Find3M  ====================
.
.
============= FINISH: 16:06:35.82 ===============



aswMBR.txt


aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-14 16:38:11
-----------------------------
16:38:11.734    OS Version: Windows 5.1.2600 Service Pack 3
16:38:11.734    Number of processors: 2 586 0x304
16:38:11.734    ComputerName: YOUR-AE066C3A9B  UserName: HP_Owner
16:38:12.390    Initialize success
16:38:24.968    AVAST engine defs: 12011401
16:42:24.359    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
16:42:24.375    Disk 0 Vendor: SAMSUNG_SP1614C SW100-30 Size: 152627MB BusType: 3
16:42:24.406    Disk 0 MBR read successfully
16:42:24.406    Disk 0 MBR scan
16:42:24.453    Disk 0 unknown MBR code
16:42:24.453    Disk 0 Partition 1 00     0B        FAT32 RECOVERY     5943 MB offset 63
16:42:24.484    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       146674 MB offset 12171600
16:42:24.500    Disk 0 scanning sectors +312560640
16:42:24.562    Disk 0 scanning C:\WINDOWS\system32\drivers
16:42:39.484    Service scanning
16:42:44.296    Modules scanning
16:42:48.921    Disk 0 trace - called modules:
16:42:48.968    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS 
16:42:48.984    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8335a030]
16:42:49.000    3 CLASSPNP.SYS[f8742fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x83392c38]
16:42:49.796    AVAST engine scan C:\WINDOWS
16:42:55.937    AVAST engine scan C:\WINDOWS\system32
16:45:28.046    AVAST engine scan C:\WINDOWS\system32\drivers
16:45:46.703    AVAST engine scan C:\Documents and Settings\HP_Owner
16:52:25.843    File: C:\Documents and Settings\HP_Owner\My Documents\Downloads\packupdate106_2211(2).exe  **INFECTED** Win32:Dropper-DYL [Trj]
16:52:26.031    File: C:\Documents and Settings\HP_Owner\My Documents\Downloads\packupdate106_2211.exe  **INFECTED** Win32:Dropper-DYL [Trj]
16:53:20.109    AVAST engine scan C:\Documents and Settings\All Users
16:57:54.875    Scan finished successfully
17:02:36.906    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Owner\Desktop\MBR.dat"
17:02:36.921    The log file has been saved successfully to "C:\Documents and Settings\HP_Owner\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-14 17:03:27
-----------------------------
17:03:27.578    OS Version: Windows 5.1.2600 Service Pack 3
17:03:27.578    Number of processors: 2 586 0x304
17:03:27.578    ComputerName: YOUR-AE066C3A9B  UserName: HP_Owner
17:03:29.234    Initialize success
17:03:41.562    AVAST engine defs: 12011401
17:04:12.609    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
17:04:12.609    Disk 0 Vendor: SAMSUNG_SP1614C SW100-30 Size: 152627MB BusType: 3
17:04:12.687    Disk 0 MBR read successfully
17:04:12.703    Disk 0 MBR scan
17:04:12.796    Disk 0 unknown MBR code
17:04:12.812    Disk 0 Partition 1 00     0B        FAT32 RECOVERY     5943 MB offset 63
17:04:12.828    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       146674 MB offset 12171600
17:04:12.875    Disk 0 scanning sectors +312560640
17:04:13.015    Disk 0 scanning C:\WINDOWS\system32\drivers
17:04:37.500    Service scanning
17:04:40.328    Modules scanning
17:04:53.625    Disk 0 trace - called modules:
17:04:53.671    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS 
17:04:53.687    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8335a030]
17:04:53.718    3 CLASSPNP.SYS[f8742fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x83392c38]
17:04:55.031    AVAST engine scan C:\
17:25:14.625    File: C:\Documents and Settings\HP_Owner\My Documents\Downloads\packupdate106_2211(2).exe  **INFECTED** Win32:Dropper-DYL [Trj]
17:25:14.953    File: C:\Documents and Settings\HP_Owner\My Documents\Downloads\packupdate106_2211.exe  **INFECTED** Win32:Dropper-DYL [Trj]
20:49:19.437    Scan finished successfully
21:45:23.140    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Owner\Desktop\MBR.dat"
21:45:23.187    The log file has been saved successfully to "C:\Documents and Settings\HP_Owner\Desktop\aswMBR.txt"


Attached Files

  • Attached File  MBR.zip   546bytes   0 downloads


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:42 PM

Posted 15 January 2012 - 10:01 AM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 guitarsrkewl08

guitarsrkewl08
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 15 January 2012 - 01:08 PM

tdsskiller

10:10:18.0218 1160	TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
10:10:18.0781 1160	============================================================
10:10:18.0781 1160	Current date / time: 2012/01/15 10:10:18.0781
10:10:18.0781 1160	SystemInfo:
10:10:18.0781 1160	
10:10:18.0781 1160	OS Version: 5.1.2600 ServicePack: 3.0
10:10:18.0781 1160	Product type: Workstation
10:10:18.0781 1160	ComputerName: YOUR-AE066C3A9B
10:10:18.0781 1160	UserName: HP_Owner
10:10:18.0781 1160	Windows directory: C:\WINDOWS
10:10:18.0781 1160	System windows directory: C:\WINDOWS
10:10:18.0781 1160	Processor architecture: Intel x86
10:10:18.0781 1160	Number of processors: 2
10:10:18.0781 1160	Page size: 0x1000
10:10:18.0781 1160	Boot type: Safe boot with network
10:10:18.0781 1160	============================================================
10:10:21.0500 1160	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K', Flags 0x00000054
10:10:21.0984 1160	Initialize success
10:11:07.0640 0952	============================================================
10:11:07.0640 0952	Scan started
10:11:07.0640 0952	Mode: Manual; 
10:11:07.0640 0952	============================================================
10:11:08.0468 0952	Abiosdsk - ok
10:11:08.0531 0952	abp480n5 - ok
10:11:08.0703 0952	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:11:08.0703 0952	ACPI - ok
10:11:08.0796 0952	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:11:08.0796 0952	ACPIEC - ok
10:11:08.0875 0952	adpu160m - ok
10:11:08.0953 0952	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:11:08.0953 0952	aec - ok
10:11:09.0062 0952	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
10:11:09.0078 0952	AFD - ok
10:11:09.0218 0952	AgereSoftModem  (34f27c7d71f1c49c7d3857f28b42f544) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
10:11:09.0265 0952	AgereSoftModem - ok
10:11:09.0312 0952	Aha154x - ok
10:11:09.0375 0952	aic78u2 - ok
10:11:09.0437 0952	aic78xx - ok
10:11:09.0515 0952	AliIde - ok
10:11:09.0640 0952	AmdK7           (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
10:11:09.0640 0952	AmdK7 - ok
10:11:09.0703 0952	amsint - ok
10:11:09.0781 0952	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:11:09.0781 0952	Arp1394 - ok
10:11:09.0828 0952	asc - ok
10:11:09.0875 0952	asc3350p - ok
10:11:09.0953 0952	asc3550 - ok
10:11:10.0046 0952	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:11:10.0046 0952	AsyncMac - ok
10:11:10.0140 0952	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:11:10.0140 0952	atapi - ok
10:11:10.0171 0952	Atdisk - ok
10:11:10.0265 0952	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:11:10.0265 0952	Atmarpc - ok
10:11:10.0359 0952	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:11:10.0359 0952	audstub - ok
10:11:10.0468 0952	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:11:10.0468 0952	Beep - ok
10:11:10.0531 0952	catchme - ok
10:11:10.0609 0952	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:11:10.0609 0952	cbidf2k - ok
10:11:10.0671 0952	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:11:10.0687 0952	CCDECODE - ok
10:11:10.0718 0952	cd20xrnt - ok
10:11:10.0765 0952	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:11:10.0765 0952	Cdaudio - ok
10:11:10.0812 0952	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:11:10.0812 0952	Cdfs - ok
10:11:10.0890 0952	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:11:10.0890 0952	Cdrom - ok
10:11:10.0984 0952	Changer - ok
10:11:11.0078 0952	CmdIde - ok
10:11:11.0187 0952	Cpqarray - ok
10:11:11.0281 0952	dac2w2k - ok
10:11:11.0343 0952	dac960nt - ok
10:11:11.0453 0952	DcCam           (1b269ed3eb2d81ec11cd5b0544e89962) C:\WINDOWS\system32\DRIVERS\DcCam.sys
10:11:11.0453 0952	DcCam - ok
10:11:11.0546 0952	DcFpoint        (bd6ce20068159f9714ebe9e76decab2c) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
10:11:11.0546 0952	DcFpoint - ok
10:11:11.0609 0952	DCFS2K          (1315e0b5b6fc1fe930ee3498309700bd) C:\WINDOWS\system32\drivers\dcfs2k.sys
10:11:11.0609 0952	DCFS2K - ok
10:11:11.0671 0952	DcLps           (5f5055efb3e0820f349924e7c5bd5af4) C:\WINDOWS\system32\DRIVERS\DcLps.sys
10:11:11.0671 0952	DcLps - ok
10:11:11.0750 0952	DcPTP           (31689427da60a724b31a622b35ed21ec) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
10:11:11.0765 0952	DcPTP - ok
10:11:11.0843 0952	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:11:11.0843 0952	Disk - ok
10:11:11.0953 0952	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:11:12.0000 0952	dmboot - ok
10:11:12.0062 0952	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:11:12.0062 0952	dmio - ok
10:11:12.0093 0952	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:11:12.0109 0952	dmload - ok
10:11:12.0187 0952	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:11:12.0187 0952	DMusic - ok
10:11:12.0250 0952	dpti2o - ok
10:11:12.0296 0952	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:11:12.0296 0952	drmkaud - ok
10:11:12.0343 0952	EagleNT - ok
10:11:12.0484 0952	Exportit        (f85ffdeae43f9e9a7c3f4e3cc5ef09eb) C:\WINDOWS\system32\DRIVERS\exportit.sys
10:11:12.0484 0952	Exportit - ok
10:11:12.0562 0952	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:11:12.0562 0952	Fastfat - ok
10:11:12.0687 0952	fasttx2k        (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
10:11:12.0687 0952	fasttx2k - ok
10:11:12.0781 0952	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:11:12.0781 0952	Fdc - ok
10:11:12.0875 0952	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:11:12.0875 0952	Fips - ok
10:11:13.0000 0952	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:11:13.0000 0952	Flpydisk - ok
10:11:13.0078 0952	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:11:13.0078 0952	FltMgr - ok
10:11:13.0187 0952	fssfltr         (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
10:11:13.0187 0952	fssfltr - ok
10:11:13.0265 0952	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:11:13.0265 0952	Fs_Rec - ok
10:11:13.0281 0952	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:11:13.0296 0952	Ftdisk - ok
10:11:13.0437 0952	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:11:13.0437 0952	Gpc - ok
10:11:13.0515 0952	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:11:13.0515 0952	HDAudBus - ok
10:11:13.0593 0952	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:11:13.0593 0952	HidUsb - ok
10:11:13.0640 0952	hpn - ok
10:11:13.0781 0952	HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:11:13.0796 0952	HPZid412 - ok
10:11:13.0906 0952	HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:11:13.0906 0952	HPZipr12 - ok
10:11:13.0968 0952	HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:11:13.0984 0952	HPZius12 - ok
10:11:14.0015 0952	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
10:11:14.0031 0952	HTTP - ok
10:11:14.0078 0952	i2omgmt - ok
10:11:14.0125 0952	i2omp - ok
10:11:14.0203 0952	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:11:14.0203 0952	i8042prt - ok
10:11:14.0484 0952	ialm            (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:11:14.0671 0952	ialm - ok
10:11:14.0781 0952	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:11:14.0781 0952	Imapi - ok
10:11:14.0828 0952	ini910u - ok
10:11:15.0000 0952	IntcAzAudAddService (6a00e322875e3b3a074ad6d45e7b7e36) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:11:15.0093 0952	IntcAzAudAddService - ok
10:11:15.0125 0952	IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:11:15.0125 0952	IntelIde - ok
10:11:15.0187 0952	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:11:15.0187 0952	intelppm - ok
10:11:15.0218 0952	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:11:15.0218 0952	Ip6Fw - ok
10:11:15.0296 0952	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:11:15.0296 0952	IpFilterDriver - ok
10:11:15.0343 0952	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:11:15.0343 0952	IpInIp - ok
10:11:15.0406 0952	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:11:15.0406 0952	IpNat - ok
10:11:15.0453 0952	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:11:15.0453 0952	IPSec - ok
10:11:15.0500 0952	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:11:15.0515 0952	IRENUM - ok
10:11:15.0578 0952	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:11:15.0578 0952	isapnp - ok
10:11:15.0671 0952	Iviaspi         (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
10:11:15.0671 0952	Iviaspi - ok
10:11:15.0734 0952	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:11:15.0734 0952	Kbdclass - ok
10:11:15.0812 0952	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:11:15.0812 0952	kmixer - ok
10:11:15.0843 0952	KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
10:11:15.0843 0952	KSecDD - ok
10:11:15.0937 0952	lbrtfdc - ok
10:11:16.0046 0952	ManyCam - ok
10:11:16.0125 0952	MBAMSwissArmy - ok
10:11:16.0234 0952	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:11:16.0234 0952	mnmdd - ok
10:11:16.0281 0952	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:11:16.0281 0952	Modem - ok
10:11:16.0312 0952	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:11:16.0312 0952	Mouclass - ok
10:11:16.0375 0952	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:11:16.0375 0952	mouhid - ok
10:11:16.0468 0952	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:11:16.0468 0952	MountMgr - ok
10:11:16.0484 0952	mraid35x - ok
10:11:16.0531 0952	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:11:16.0546 0952	MRxDAV - ok
10:11:16.0625 0952	MRxSmb          (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:11:16.0640 0952	MRxSmb - ok
10:11:16.0718 0952	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:11:16.0718 0952	Msfs - ok
10:11:16.0796 0952	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:11:16.0796 0952	MSKSSRV - ok
10:11:16.0859 0952	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:11:16.0859 0952	MSPCLOCK - ok
10:11:16.0937 0952	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:11:16.0937 0952	MSPQM - ok
10:11:17.0031 0952	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:11:17.0031 0952	mssmbios - ok
10:11:17.0109 0952	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:11:17.0109 0952	MSTEE - ok
10:11:17.0156 0952	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
10:11:17.0156 0952	Mup - ok
10:11:17.0203 0952	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:11:17.0203 0952	NABTSFEC - ok
10:11:17.0281 0952	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:11:17.0296 0952	NDIS - ok
10:11:17.0343 0952	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:11:17.0343 0952	NdisIP - ok
10:11:17.0390 0952	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:11:17.0390 0952	NdisTapi - ok
10:11:17.0453 0952	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:11:17.0453 0952	Ndisuio - ok
10:11:17.0484 0952	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:11:17.0484 0952	NdisWan - ok
10:11:17.0546 0952	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
10:11:17.0546 0952	NDProxy - ok
10:11:17.0625 0952	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:11:17.0625 0952	NetBIOS - ok
10:11:17.0671 0952	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:11:17.0671 0952	NetBT - ok
10:11:17.0765 0952	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:11:17.0765 0952	NIC1394 - ok
10:11:17.0828 0952	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:11:17.0828 0952	Npfs - ok
10:11:17.0937 0952	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:11:17.0968 0952	Ntfs - ok
10:11:18.0062 0952	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:11:18.0062 0952	Null - ok
10:11:18.0218 0952	nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:11:18.0265 0952	nv - ok
10:11:18.0343 0952	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:11:18.0343 0952	NwlnkFlt - ok
10:11:18.0359 0952	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:11:18.0359 0952	NwlnkFwd - ok
10:11:18.0406 0952	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:11:18.0406 0952	ohci1394 - ok
10:11:18.0468 0952	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:11:18.0468 0952	Parport - ok
10:11:18.0484 0952	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:11:18.0484 0952	PartMgr - ok
10:11:18.0546 0952	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:11:18.0546 0952	ParVdm - ok
10:11:18.0593 0952	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:11:18.0593 0952	PCI - ok
10:11:18.0656 0952	PCIDump - ok
10:11:18.0687 0952	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:11:18.0687 0952	PCIIde - ok
10:11:18.0765 0952	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:11:18.0765 0952	Pcmcia - ok
10:11:18.0796 0952	PDCOMP - ok
10:11:18.0875 0952	PDFRAME - ok
10:11:18.0921 0952	PDRELI - ok
10:11:18.0968 0952	PDRFRAME - ok
10:11:19.0000 0952	perc2 - ok
10:11:19.0062 0952	perc2hib - ok
10:11:19.0187 0952	Pfc             (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
10:11:19.0187 0952	Pfc - ok
10:11:19.0328 0952	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:11:19.0328 0952	PptpMiniport - ok
10:11:19.0421 0952	Processor       (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
10:11:19.0421 0952	Processor - ok
10:11:19.0500 0952	Ps2             (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
10:11:19.0500 0952	Ps2 - ok
10:11:19.0562 0952	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:11:19.0562 0952	PSched - ok
10:11:19.0609 0952	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:11:19.0609 0952	Ptilink - ok
10:11:19.0687 0952	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:11:19.0703 0952	PxHelp20 - ok
10:11:19.0718 0952	ql1080 - ok
10:11:19.0750 0952	Ql10wnt - ok
10:11:19.0796 0952	ql12160 - ok
10:11:19.0843 0952	ql1240 - ok
10:11:19.0890 0952	ql1280 - ok
10:11:20.0000 0952	QV2KUX          (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
10:11:20.0015 0952	QV2KUX - ok
10:11:20.0062 0952	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:11:20.0062 0952	RasAcd - ok
10:11:20.0140 0952	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:11:20.0140 0952	Rasl2tp - ok
10:11:20.0187 0952	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:11:20.0187 0952	RasPppoe - ok
10:11:20.0218 0952	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:11:20.0218 0952	Raspti - ok
10:11:20.0281 0952	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:11:20.0281 0952	Rdbss - ok
10:11:20.0328 0952	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:11:20.0328 0952	RDPCDD - ok
10:11:20.0406 0952	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
10:11:20.0421 0952	RDPWD - ok
10:11:20.0484 0952	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:11:20.0484 0952	redbook - ok
10:11:20.0578 0952	rtl8139         (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
10:11:20.0578 0952	rtl8139 - ok
10:11:20.0703 0952	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:11:20.0703 0952	Secdrv - ok
10:11:20.0781 0952	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:11:20.0781 0952	serenum - ok
10:11:20.0859 0952	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:11:20.0859 0952	Serial - ok
10:11:20.0890 0952	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:11:20.0890 0952	Sfloppy - ok
10:11:20.0937 0952	Simbad - ok
10:11:21.0046 0952	SiS315          (7467e510c81b19a6b590a3868f499b23) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
10:11:21.0062 0952	SiS315 - ok
10:11:21.0140 0952	SISAGP          (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
10:11:21.0140 0952	SISAGP - ok
10:11:21.0203 0952	SiSkp           (14ed728e44b0e7a169217127d8510ca9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
10:11:21.0203 0952	SiSkp - ok
10:11:21.0296 0952	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:11:21.0296 0952	SLIP - ok
10:11:21.0328 0952	Sparrow - ok
10:11:21.0406 0952	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:11:21.0406 0952	splitter - ok
10:11:21.0437 0952	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:11:21.0437 0952	sr - ok
10:11:21.0546 0952	Srv             (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
10:11:21.0562 0952	Srv - ok
10:11:21.0671 0952	StillCam        (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
10:11:21.0671 0952	StillCam - ok
10:11:21.0718 0952	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:11:21.0734 0952	streamip - ok
10:11:21.0812 0952	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:11:21.0812 0952	swenum - ok
10:11:21.0843 0952	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:11:21.0843 0952	swmidi - ok
10:11:21.0921 0952	symc810 - ok
10:11:21.0953 0952	symc8xx - ok
10:11:21.0984 0952	sym_hi - ok
10:11:22.0031 0952	sym_u3 - ok
10:11:22.0093 0952	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:11:22.0093 0952	sysaudio - ok
10:11:22.0187 0952	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:11:22.0203 0952	Tcpip - ok
10:11:22.0250 0952	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:11:22.0250 0952	TDPIPE - ok
10:11:22.0328 0952	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:11:22.0328 0952	TDTCP - ok
10:11:22.0437 0952	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:11:22.0437 0952	TermDD - ok
10:11:22.0500 0952	TosIde - ok
10:11:22.0593 0952	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:11:22.0593 0952	Udfs - ok
10:11:22.0640 0952	ultra - ok
10:11:22.0703 0952	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:11:22.0718 0952	Update - ok
10:11:22.0859 0952	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:11:22.0859 0952	usbaudio - ok
10:11:22.0921 0952	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:11:22.0921 0952	usbccgp - ok
10:11:23.0000 0952	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:11:23.0000 0952	usbehci - ok
10:11:23.0015 0952	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:11:23.0015 0952	usbhub - ok
10:11:23.0093 0952	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:11:23.0093 0952	usbohci - ok
10:11:23.0187 0952	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:11:23.0187 0952	usbprint - ok
10:11:23.0234 0952	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:11:23.0234 0952	usbscan - ok
10:11:23.0265 0952	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:11:23.0265 0952	USBSTOR - ok
10:11:23.0296 0952	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:11:23.0312 0952	usbuhci - ok
10:11:23.0359 0952	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:11:23.0359 0952	VgaSave - ok
10:11:23.0437 0952	viaagp1         (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
10:11:23.0437 0952	viaagp1 - ok
10:11:23.0531 0952	viagfx          (19bba101cb87d18ff04e7f24e1792ab0) C:\WINDOWS\system32\DRIVERS\vtmini.sys
10:11:23.0531 0952	viagfx - ok
10:11:23.0609 0952	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:11:23.0609 0952	ViaIde - ok
10:11:23.0640 0952	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:11:23.0656 0952	VolSnap - ok
10:11:23.0859 0952	VX1000          (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys
10:11:23.0953 0952	VX1000 - ok
10:11:24.0078 0952	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:11:24.0078 0952	Wanarp - ok
10:11:24.0203 0952	Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:11:24.0250 0952	Wdf01000 - ok
10:11:24.0312 0952	WDICA - ok
10:11:24.0359 0952	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:11:24.0359 0952	wdmaud - ok
10:11:24.0531 0952	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:11:24.0531 0952	WpdUsb - ok
10:11:24.0593 0952	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:11:24.0593 0952	WS2IFSL - ok
10:11:24.0671 0952	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:11:24.0671 0952	WSTCODEC - ok
10:11:24.0750 0952	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:11:24.0750 0952	WudfPf - ok
10:11:24.0812 0952	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:11:24.0812 0952	WudfRd - ok
10:11:24.0890 0952	xusb21          (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
10:11:24.0890 0952	xusb21 - ok
10:11:24.0968 0952	MBR (0x1B8)     (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0
10:11:24.0984 0952	\Device\Harddisk0\DR0 - ok
10:11:25.0000 0952	Boot (0x1200)   (9419c23c1c7869410a3effac34f5589d) \Device\Harddisk0\DR0\Partition0
10:11:25.0000 0952	\Device\Harddisk0\DR0\Partition0 - ok
10:11:25.0031 0952	Boot (0x1200)   (548b8c0c50863c83b92ed5e4d0ef153a) \Device\Harddisk0\DR0\Partition1
10:11:25.0031 0952	\Device\Harddisk0\DR0\Partition1 - ok
10:11:25.0031 0952	============================================================
10:11:25.0031 0952	Scan finished
10:11:25.0031 0952	============================================================
10:11:25.0078 1088	Detected object count: 0
10:11:25.0078 1088	Actual detected object count: 0
10:18:59.0609 1332	============================================================
10:18:59.0609 1332	Scan started
10:18:59.0609 1332	Mode: Manual; SigCheck; TDLFS; 
10:18:59.0609 1332	============================================================
10:19:00.0421 1332	Abiosdsk - ok
10:19:00.0500 1332	abp480n5 - ok
10:19:00.0625 1332	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:19:02.0718 1332	ACPI - ok
10:19:02.0906 1332	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:19:03.0156 1332	ACPIEC - ok
10:19:03.0218 1332	adpu160m - ok
10:19:03.0343 1332	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:19:03.0546 1332	aec - ok
10:19:03.0656 1332	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
10:19:03.0718 1332	AFD - ok
10:19:03.0843 1332	AgereSoftModem  (34f27c7d71f1c49c7d3857f28b42f544) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
10:19:03.0937 1332	AgereSoftModem - ok
10:19:03.0984 1332	Aha154x - ok
10:19:04.0046 1332	aic78u2 - ok
10:19:04.0062 1332	aic78xx - ok
10:19:04.0109 1332	AliIde - ok
10:19:04.0140 1332	AmdK7           (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
10:19:04.0343 1332	AmdK7 - ok
10:19:04.0359 1332	amsint - ok
10:19:04.0421 1332	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:19:04.0625 1332	Arp1394 - ok
10:19:04.0625 1332	asc - ok
10:19:04.0656 1332	asc3350p - ok
10:19:04.0687 1332	asc3550 - ok
10:19:04.0781 1332	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:19:04.0984 1332	AsyncMac - ok
10:19:05.0031 1332	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:19:05.0234 1332	atapi - ok
10:19:05.0265 1332	Atdisk - ok
10:19:05.0343 1332	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:19:05.0546 1332	Atmarpc - ok
10:19:05.0656 1332	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:19:05.0859 1332	audstub - ok
10:19:05.0968 1332	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:19:06.0156 1332	Beep - ok
10:19:06.0203 1332	catchme - ok
10:19:06.0250 1332	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:19:06.0453 1332	cbidf2k - ok
10:19:06.0500 1332	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:19:06.0718 1332	CCDECODE - ok
10:19:06.0750 1332	cd20xrnt - ok
10:19:06.0796 1332	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:19:07.0015 1332	Cdaudio - ok
10:19:07.0109 1332	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:19:07.0312 1332	Cdfs - ok
10:19:07.0375 1332	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:19:07.0578 1332	Cdrom - ok
10:19:07.0609 1332	Changer - ok
10:19:07.0671 1332	CmdIde - ok
10:19:07.0750 1332	Cpqarray - ok
10:19:07.0828 1332	dac2w2k - ok
10:19:07.0890 1332	dac960nt - ok
10:19:07.0968 1332	DcCam           (1b269ed3eb2d81ec11cd5b0544e89962) C:\WINDOWS\system32\DRIVERS\DcCam.sys
10:19:08.0046 1332	DcCam - ok
10:19:08.0109 1332	DcFpoint        (bd6ce20068159f9714ebe9e76decab2c) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
10:19:08.0125 1332	DcFpoint - ok
10:19:08.0171 1332	DCFS2K          (1315e0b5b6fc1fe930ee3498309700bd) C:\WINDOWS\system32\drivers\dcfs2k.sys
10:19:08.0203 1332	DCFS2K - ok
10:19:08.0250 1332	DcLps           (5f5055efb3e0820f349924e7c5bd5af4) C:\WINDOWS\system32\DRIVERS\DcLps.sys
10:19:08.0281 1332	DcLps - ok
10:19:08.0343 1332	DcPTP           (31689427da60a724b31a622b35ed21ec) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
10:19:08.0375 1332	DcPTP - ok
10:19:08.0437 1332	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:19:08.0640 1332	Disk - ok
10:19:08.0718 1332	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:19:08.0953 1332	dmboot - ok
10:19:09.0000 1332	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:19:09.0203 1332	dmio - ok
10:19:09.0265 1332	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:19:09.0468 1332	dmload - ok
10:19:09.0546 1332	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:19:09.0750 1332	DMusic - ok
10:19:09.0796 1332	dpti2o - ok
10:19:09.0843 1332	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:19:10.0031 1332	drmkaud - ok
10:19:10.0062 1332	EagleNT - ok
10:19:10.0203 1332	Exportit        (f85ffdeae43f9e9a7c3f4e3cc5ef09eb) C:\WINDOWS\system32\DRIVERS\exportit.sys
10:19:10.0218 1332	Exportit - ok
10:19:10.0265 1332	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:19:10.0468 1332	Fastfat - ok
10:19:10.0515 1332	fasttx2k        (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
10:19:10.0593 1332	fasttx2k - ok
10:19:10.0687 1332	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:19:10.0890 1332	Fdc - ok
10:19:10.0953 1332	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:19:11.0171 1332	Fips - ok
10:19:11.0265 1332	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:19:11.0453 1332	Flpydisk - ok
10:19:11.0562 1332	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:19:11.0750 1332	FltMgr - ok
10:19:11.0828 1332	fssfltr         (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
10:19:11.0843 1332	fssfltr - ok
10:19:11.0921 1332	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:19:12.0109 1332	Fs_Rec - ok
10:19:12.0203 1332	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:19:12.0437 1332	Ftdisk - ok
10:19:12.0515 1332	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:19:12.0718 1332	Gpc - ok
10:19:12.0765 1332	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:19:12.0984 1332	HDAudBus - ok
10:19:13.0015 1332	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:19:13.0234 1332	HidUsb - ok
10:19:13.0250 1332	hpn - ok
10:19:13.0343 1332	HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:19:13.0453 1332	HPZid412 - ok
10:19:13.0531 1332	HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:19:13.0578 1332	HPZipr12 - ok
10:19:13.0640 1332	HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:19:13.0687 1332	HPZius12 - ok
10:19:13.0750 1332	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
10:19:13.0953 1332	HTTP - ok
10:19:13.0984 1332	i2omgmt - ok
10:19:14.0000 1332	i2omp - ok
10:19:14.0078 1332	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:19:14.0281 1332	i8042prt - ok
10:19:14.0546 1332	ialm            (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:19:14.0765 1332	ialm - ok
10:19:14.0937 1332	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:19:15.0156 1332	Imapi - ok
10:19:15.0234 1332	ini910u - ok
10:19:15.0406 1332	IntcAzAudAddService (6a00e322875e3b3a074ad6d45e7b7e36) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:19:15.0531 1332	IntcAzAudAddService - ok
10:19:15.0625 1332	IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:19:15.0828 1332	IntelIde - ok
10:19:15.0906 1332	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:19:16.0093 1332	intelppm - ok
10:19:16.0140 1332	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:19:16.0359 1332	Ip6Fw - ok
10:19:16.0437 1332	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:19:16.0625 1332	IpFilterDriver - ok
10:19:16.0671 1332	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:19:16.0875 1332	IpInIp - ok
10:19:16.0937 1332	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:19:17.0140 1332	IpNat - ok
10:19:17.0203 1332	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:19:17.0421 1332	IPSec - ok
10:19:17.0468 1332	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:19:17.0640 1332	IRENUM - ok
10:19:17.0703 1332	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:19:17.0921 1332	isapnp - ok
10:19:18.0015 1332	Iviaspi         (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
10:19:18.0031 1332	Iviaspi ( UnsignedFile.Multi.Generic ) - warning
10:19:18.0031 1332	Iviaspi - detected UnsignedFile.Multi.Generic (1)
10:19:18.0093 1332	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:19:18.0296 1332	Kbdclass - ok
10:19:18.0375 1332	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:19:18.0562 1332	kmixer - ok
10:19:18.0609 1332	KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
10:19:18.0796 1332	KSecDD - ok
10:19:18.0828 1332	lbrtfdc - ok
10:19:18.0890 1332	ManyCam - ok
10:19:18.0921 1332	MBAMSwissArmy - ok
10:19:19.0015 1332	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:19:19.0203 1332	mnmdd - ok
10:19:19.0234 1332	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:19:19.0437 1332	Modem - ok
10:19:19.0453 1332	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:19:19.0671 1332	Mouclass - ok
10:19:19.0718 1332	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:19:19.0906 1332	mouhid - ok
10:19:19.0921 1332	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:19:20.0109 1332	MountMgr - ok
10:19:20.0125 1332	mraid35x - ok
10:19:20.0187 1332	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:19:20.0375 1332	MRxDAV - ok
10:19:20.0468 1332	MRxSmb          (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:19:20.0515 1332	MRxSmb - ok
10:19:20.0578 1332	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:19:20.0765 1332	Msfs - ok
10:19:20.0859 1332	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:19:21.0062 1332	MSKSSRV - ok
10:19:21.0125 1332	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:19:21.0328 1332	MSPCLOCK - ok
10:19:21.0375 1332	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:19:21.0578 1332	MSPQM - ok
10:19:21.0671 1332	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:19:21.0843 1332	mssmbios - ok
10:19:21.0937 1332	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:19:22.0125 1332	MSTEE - ok
10:19:22.0171 1332	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
10:19:22.0375 1332	Mup - ok
10:19:22.0406 1332	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:19:22.0593 1332	NABTSFEC - ok
10:19:22.0640 1332	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:19:22.0843 1332	NDIS - ok
10:19:22.0890 1332	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:19:23.0062 1332	NdisIP - ok
10:19:23.0093 1332	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:19:23.0296 1332	NdisTapi - ok
10:19:23.0312 1332	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:19:23.0515 1332	Ndisuio - ok
10:19:23.0546 1332	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:19:23.0750 1332	NdisWan - ok
10:19:23.0765 1332	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
10:19:23.0968 1332	NDProxy - ok
10:19:24.0000 1332	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:19:24.0203 1332	NetBIOS - ok
10:19:24.0218 1332	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:19:24.0406 1332	NetBT - ok
10:19:24.0484 1332	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:19:24.0671 1332	NIC1394 - ok
10:19:24.0718 1332	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:19:24.0937 1332	Npfs - ok
10:19:24.0984 1332	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:19:25.0218 1332	Ntfs - ok
10:19:25.0296 1332	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:19:25.0484 1332	Null - ok
10:19:25.0609 1332	nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:19:25.0843 1332	nv - ok
10:19:25.0906 1332	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:19:26.0109 1332	NwlnkFlt - ok
10:19:26.0140 1332	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:19:26.0312 1332	NwlnkFwd - ok
10:19:26.0359 1332	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:19:26.0562 1332	ohci1394 - ok
10:19:26.0625 1332	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:19:26.0828 1332	Parport - ok
10:19:26.0875 1332	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:19:27.0062 1332	PartMgr - ok
10:19:27.0125 1332	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:19:27.0296 1332	ParVdm - ok
10:19:27.0343 1332	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:19:27.0531 1332	PCI - ok
10:19:27.0578 1332	PCIDump - ok
10:19:27.0609 1332	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:19:27.0812 1332	PCIIde - ok
10:19:27.0875 1332	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:19:28.0062 1332	Pcmcia - ok
10:19:28.0109 1332	PDCOMP - ok
10:19:28.0140 1332	PDFRAME - ok
10:19:28.0187 1332	PDRELI - ok
10:19:28.0234 1332	PDRFRAME - ok
10:19:28.0265 1332	perc2 - ok
10:19:28.0312 1332	perc2hib - ok
10:19:28.0437 1332	Pfc             (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
10:19:28.0453 1332	Pfc ( UnsignedFile.Multi.Generic ) - warning
10:19:28.0453 1332	Pfc - detected UnsignedFile.Multi.Generic (1)
10:19:28.0562 1332	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:19:28.0765 1332	PptpMiniport - ok
10:19:28.0812 1332	Processor       (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
10:19:29.0015 1332	Processor - ok
10:19:29.0109 1332	Ps2             (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
10:19:29.0156 1332	Ps2 - ok
10:19:29.0171 1332	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:19:29.0359 1332	PSched - ok
10:19:29.0421 1332	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:19:29.0625 1332	Ptilink - ok
10:19:29.0703 1332	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:19:30.0421 1332	PxHelp20 - ok
10:19:30.0453 1332	ql1080 - ok
10:19:30.0484 1332	Ql10wnt - ok
10:19:30.0531 1332	ql12160 - ok
10:19:30.0562 1332	ql1240 - ok
10:19:30.0609 1332	ql1280 - ok
10:19:30.0687 1332	QV2KUX          (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
10:19:30.0875 1332	QV2KUX - ok
10:19:30.0968 1332	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:19:31.0156 1332	RasAcd - ok
10:19:31.0234 1332	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:19:31.0437 1332	Rasl2tp - ok
10:19:31.0515 1332	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:19:31.0718 1332	RasPppoe - ok
10:19:31.0796 1332	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:19:31.0953 1332	Raspti - ok
10:19:32.0031 1332	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:19:32.0218 1332	Rdbss - ok
10:19:32.0265 1332	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:19:32.0453 1332	RDPCDD - ok
10:19:32.0531 1332	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
10:19:32.0703 1332	RDPWD - ok
10:19:32.0781 1332	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:19:32.0968 1332	redbook - ok
10:19:33.0062 1332	rtl8139         (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
10:19:33.0093 1332	rtl8139 - ok
10:19:33.0234 1332	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:19:33.0406 1332	Secdrv - ok
10:19:33.0500 1332	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:19:33.0687 1332	serenum - ok
10:19:33.0765 1332	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:19:33.0953 1332	Serial - ok
10:19:33.0984 1332	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:19:34.0171 1332	Sfloppy - ok
10:19:34.0218 1332	Simbad - ok
10:19:34.0281 1332	SiS315          (7467e510c81b19a6b590a3868f499b23) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
10:19:34.0359 1332	SiS315 - ok
10:19:34.0375 1332	SISAGP          (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
10:19:34.0406 1332	SISAGP - ok
10:19:34.0421 1332	SiSkp           (14ed728e44b0e7a169217127d8510ca9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
10:19:34.0437 1332	SiSkp - ok
10:19:34.0484 1332	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:19:34.0656 1332	SLIP - ok
10:19:34.0828 1332	Sparrow - ok
10:19:34.0906 1332	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:19:35.0078 1332	splitter - ok
10:19:35.0125 1332	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:19:35.0312 1332	sr - ok
10:19:35.0421 1332	Srv             (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
10:19:35.0484 1332	Srv - ok
10:19:35.0546 1332	StillCam        (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
10:19:35.0734 1332	StillCam - ok
10:19:35.0812 1332	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:19:36.0000 1332	streamip - ok
10:19:36.0062 1332	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:19:36.0250 1332	swenum - ok
10:19:36.0296 1332	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:19:36.0468 1332	swmidi - ok
10:19:36.0531 1332	symc810 - ok
10:19:36.0562 1332	symc8xx - ok
10:19:36.0609 1332	sym_hi - ok
10:19:36.0656 1332	sym_u3 - ok
10:19:36.0718 1332	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:19:36.0906 1332	sysaudio - ok
10:19:37.0000 1332	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:19:37.0062 1332	Tcpip - ok
10:19:37.0140 1332	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:19:37.0343 1332	TDPIPE - ok
10:19:37.0406 1332	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:19:37.0578 1332	TDTCP - ok
10:19:37.0640 1332	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:19:37.0812 1332	TermDD - ok
10:19:37.0890 1332	TosIde - ok
10:19:37.0968 1332	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:19:38.0140 1332	Udfs - ok
10:19:38.0187 1332	ultra - ok
10:19:38.0250 1332	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:19:38.0468 1332	Update - ok
10:19:38.0578 1332	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:19:38.0765 1332	usbaudio - ok
10:19:38.0828 1332	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:19:39.0015 1332	usbccgp - ok
10:19:39.0093 1332	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:19:39.0281 1332	usbehci - ok
10:19:39.0328 1332	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:19:39.0515 1332	usbhub - ok
10:19:39.0578 1332	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:19:39.0750 1332	usbohci - ok
10:19:39.0828 1332	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:19:40.0015 1332	usbprint - ok
10:19:40.0062 1332	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:19:40.0250 1332	usbscan - ok
10:19:40.0296 1332	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:19:40.0500 1332	USBSTOR - ok
10:19:40.0531 1332	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:19:40.0718 1332	usbuhci - ok
10:19:40.0812 1332	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:19:40.0984 1332	VgaSave - ok
10:19:41.0015 1332	viaagp1         (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
10:19:41.0078 1332	viaagp1 - ok
10:19:41.0156 1332	viagfx          (19bba101cb87d18ff04e7f24e1792ab0) C:\WINDOWS\system32\DRIVERS\vtmini.sys
10:19:41.0171 1332	viagfx - ok
10:19:41.0218 1332	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:19:41.0421 1332	ViaIde - ok
10:19:41.0453 1332	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:19:41.0656 1332	VolSnap - ok
10:19:41.0812 1332	VX1000          (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys
10:19:41.0906 1332	VX1000 - ok
10:19:41.0953 1332	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:19:42.0140 1332	Wanarp - ok
10:19:42.0250 1332	Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:19:42.0265 1332	Wdf01000 - ok
10:19:42.0312 1332	WDICA - ok
10:19:42.0359 1332	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:19:42.0546 1332	wdmaud - ok
10:19:42.0734 1332	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:19:42.0812 1332	WpdUsb - ok
10:19:42.0875 1332	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:19:43.0062 1332	WS2IFSL - ok
10:19:43.0140 1332	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:19:43.0312 1332	WSTCODEC - ok
10:19:43.0406 1332	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:19:43.0453 1332	WudfPf - ok
10:19:43.0500 1332	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:19:43.0531 1332	WudfRd - ok
10:19:43.0625 1332	xusb21          (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
10:19:43.0671 1332	xusb21 - ok
10:19:43.0750 1332	MBR (0x1B8)     (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0
10:19:43.0859 1332	\Device\Harddisk0\DR0 - ok
10:19:43.0875 1332	Boot (0x1200)   (9419c23c1c7869410a3effac34f5589d) \Device\Harddisk0\DR0\Partition0
10:19:43.0875 1332	\Device\Harddisk0\DR0\Partition0 - ok
10:19:43.0906 1332	Boot (0x1200)   (548b8c0c50863c83b92ed5e4d0ef153a) \Device\Harddisk0\DR0\Partition1
10:19:43.0906 1332	\Device\Harddisk0\DR0\Partition1 - ok
10:19:43.0906 1332	============================================================
10:19:43.0906 1332	Scan finished
10:19:43.0906 1332	============================================================
10:19:44.0062 1568	Detected object count: 2
10:19:44.0062 1568	Actual detected object count: 2
10:23:27.0187 1568	Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:27.0187 1568	Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:23:27.0187 1568	Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:27.0187 1568	Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip 


combofix
ComboFix 12-01-15.01 - HP_Owner 01/15/2012  10:33:14.3.2 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.503.324 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-15 to 2012-01-15  )))))))))))))))))))))))))))))))
.
.
2012-01-13 05:29 . 2012-01-13 05:29	--------	d-----w-	c:\documents and settings\HP_Owner\Local Settings\Application Data\RcIncidents
2012-01-12 05:30 . 2012-01-12 05:30	388096	----a-r-	c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-12 05:30 . 2012-01-12 05:30	--------	d-----w-	c:\program files\Trend Micro
2012-01-12 02:43 . 2012-01-12 02:43	1409	----a-w-	c:\windows\QTFont.for
2011-12-26 02:47 . 2012-01-12 01:04	--------	d-----w-	c:\program files\Counter-Strike 1.6 V42 DiGiTALZONE
2011-12-23 22:41 . 2011-12-23 22:41	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-01-13_07.30.49   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-27 03:34 . 2012-01-13 20:26	66048              c:\windows\.jagex_cache_32\browsercontrol.dll
- 2011-10-27 03:34 . 2012-01-12 01:44	66048              c:\windows\.jagex_cache_32\browsercontrol.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup1"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup2"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup3"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup4"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup5"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup6"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup7"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup8"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-02-05 20:39	204080	----a-w-	c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0 HD Edition.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 5.0 HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^FreeClip.lnk]
backup=c:\windows\pss\FreeClip.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HP Organize.lnk]
backup=c:\windows\pss\HP Organize.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 07:43	67488	----a-w-	c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-30 00:06	88363	----a-w-	c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-07-03 02:49	57344	----a-w-	c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-07-06 01:05	2550272	----a-w-	c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-07 07:11	323392	----a-w-	c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\firstintel]
2008-04-14 00:12	146432	------w-	c:\windows\regedit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashMute]
2006-03-11 19:49	221184	----a-w-	c:\program files\FlashMute\flashmute.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2010-12-29 03:36	233936	----a-w-	c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 16:47	163840	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 3400C]
2002-02-01 20:33	32768	----a-w-	c:\sj652\hpupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31	80896	----a-w-	c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 23:04	52736	----a-w-	c:\windows\system\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 16:47	131072	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-12 03:02	61440	----a-w-	c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45	279912	----a-w-	c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-09-01 00:00	449608	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 00:12	169984	----a-w-	c:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-10-01 05:12	3077528	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-01-13 16:46	135168	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-10-16 23:57	81920	----a-w-	c:\windows\system32\ps2.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-08-07 21:20	98304	----a-w-	c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-15 03:43	233472	----a-w-	c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-07-01 18:58	73728	----a-w-	c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 20:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-08-07 21:03	180269	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2011-05-26 21:47	826896	----a-w-	c:\program files\TightVNC\tvnserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
2010-03-29 15:53	68000	----a-w-	c:\program files\NOS\bin\getPlus_Helper.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15	15872	----a-w-	c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 21:46	709992	----a-w-	c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wextract_cleanup0]
2008-12-20 23:15	124928	----a-w-	c:\windows\system32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TeamViewer5"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
S2 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 10:59 AM 206072]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [4/15/2011 2:43 AM 2280312]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [12/14/2011 4:59 AM 2984832]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 02280957
*Deregistered* - 02280957
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-28 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-05-19 16:49]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bnzeakb7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://freddieyoho.com/quicklinks/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-15 10:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="mzymva.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(444)
c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll
.
Completion time: 2012-01-15  10:45:53
ComboFix-quarantined-files.txt  2012-01-15 17:45
ComboFix2.txt  2012-01-13 07:35
.
Pre-Run: 108,978,700,288 bytes free
Post-Run: 109,036,347,392 bytes free
.
- - End Of File - - C1C1A3AF18E2D11136DCDFC05D0121BD







#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:42 PM

Posted 15 January 2012 - 01:22 PM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]

Registry::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"=""

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 guitarsrkewl08

guitarsrkewl08
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 15 January 2012 - 05:47 PM

combo fix

ComboFix 12-01-15.01 - HP_Owner 01/15/2012  12:02:28.4.2 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.503.324 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\cfscript.txt
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-15 to 2012-01-15  )))))))))))))))))))))))))))))))
.
.
2012-01-15 14:24 . 2012-01-15 14:24	--------	d-----w-	c:\documents and settings\Administrator
2012-01-13 05:29 . 2012-01-13 05:29	--------	d-----w-	c:\documents and settings\HP_Owner\Local Settings\Application Data\RcIncidents
2012-01-12 05:30 . 2012-01-12 05:30	388096	----a-r-	c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-12 05:30 . 2012-01-12 05:30	--------	d-----w-	c:\program files\Trend Micro
2012-01-12 02:43 . 2012-01-12 02:43	1409	----a-w-	c:\windows\QTFont.for
2011-12-26 02:47 . 2012-01-12 01:04	--------	d-----w-	c:\program files\Counter-Strike 1.6 V42 DiGiTALZONE
2011-12-23 22:41 . 2011-12-23 22:41	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-01-13_07.30.49   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-27 03:34 . 2012-01-15 18:20	66048              c:\windows\.jagex_cache_32\browsercontrol.dll
- 2011-10-27 03:34 . 2012-01-12 01:44	66048              c:\windows\.jagex_cache_32\browsercontrol.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"tvncontrol"="c:\program files\ShowMyPCService\tvnserver.exe" [2010-07-08 815704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup1"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup2"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup3"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup4"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup5"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup6"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup7"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
"wextract_cleanup8"="c:\windows\system32\advpack.dll" [2008-12-20 124928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-02-05 20:39	204080	----a-w-	c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0 HD Edition.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 5.0 HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^FreeClip.lnk]
backup=c:\windows\pss\FreeClip.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HP Organize.lnk]
backup=c:\windows\pss\HP Organize.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 07:43	67488	----a-w-	c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-30 00:06	88363	----a-w-	c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-07-03 02:49	57344	----a-w-	c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-07-06 01:05	2550272	----a-w-	c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-07 07:11	323392	----a-w-	c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\firstintel]
2008-04-14 00:12	146432	------w-	c:\windows\regedit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashMute]
2006-03-11 19:49	221184	----a-w-	c:\program files\FlashMute\flashmute.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2010-12-29 03:36	233936	----a-w-	c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 16:47	163840	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 3400C]
2002-02-01 20:33	32768	----a-w-	c:\sj652\hpupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31	80896	----a-w-	c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 23:04	52736	----a-w-	c:\windows\system\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 16:47	131072	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-12 03:02	61440	----a-w-	c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45	279912	----a-w-	c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-09-01 00:00	449608	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 00:12	169984	----a-w-	c:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-10-01 05:12	3077528	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-01-13 16:46	135168	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-10-16 23:57	81920	----a-w-	c:\windows\system32\ps2.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-08-07 21:20	98304	----a-w-	c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-15 03:43	233472	----a-w-	c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-07-01 18:58	73728	----a-w-	c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 20:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-08-07 21:03	180269	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2011-05-26 21:47	826896	----a-w-	c:\program files\TightVNC\tvnserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
2010-03-29 15:53	68000	----a-w-	c:\program files\NOS\bin\getPlus_Helper.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15	15872	----a-w-	c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 21:46	709992	----a-w-	c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wextract_cleanup0]
2008-12-20 23:15	124928	----a-w-	c:\windows\system32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TeamViewer5"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 tvnserver;TightVNC Server;c:\program files\ShowMyPCService\tvnserver.exe [7/8/2010 6:28 AM 815704]
S2 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 10:59 AM 206072]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [4/15/2011 2:43 AM 2280312]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [12/14/2011 4:59 AM 2984832]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 02280957
*NewlyCreated* - TVNSERVER
*Deregistered* - 02280957
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-28 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-05-19 16:49]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bnzeakb7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://freddieyoho.com/quicklinks/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-15 12:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(444)
c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll
.
Completion time: 2012-01-15  12:14:48
ComboFix-quarantined-files.txt  2012-01-15 19:14
ComboFix2.txt  2012-01-15 17:45
ComboFix3.txt  2012-01-13 07:35
.
Pre-Run: 109,038,276,608 bytes free
Post-Run: 109,028,507,648 bytes free
.
- - End Of File - - 7BAF15E0C845885C516A5BCF7D5D37BD







MBAM
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 912011503

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

1/15/2012 12:26:39 PM
mbam-log-2012-01-15 (12-26-38).txt

Scan type: Quick scan
Objects scanned: 201252
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


eset log
C:\Documents and Settings\HP_Owner\My Documents\Downloads\packupdate106_2211(2).exe	Win32/TrojanDownloader.FakeAlert.AEY trojan
C:\Documents and Settings\HP_Owner\My Documents\Downloads\packupdate106_2211.exe	Win32/TrojanDownloader.FakeAlert.AEY trojan


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:42 PM

Posted 15 January 2012 - 06:50 PM

  • Go to Start->Run and type in notepad and hit OK.
  • Then copy and paste the content of the following codebox into Notepad:

    @echo off
    if exist results.txt del results.txt
    FOR %%H IN (
    "C:\Documents and Settings\HP_Owner\My Documents\Downloads\packupdate106_2211(2).exe"
    "C:\Documents and Settings\HP_Owner\My Documents\Downloads\packupdate106_2211.exe"
    ) DO (
    attrib -r -h -s %%H
    del /q /f %%H >> results.txt 2>>&1
    )
    del %0 
    start notepad results.txt
    del %0 
    
  • Save the file to your DESKTOP as "fix.bat". Make sure to save it with the quotes.
  • Once saved, the icon to click should look like this on your desktop:

    Posted Image
  • Double click fix.bat. to run it. A small black box should open and close - this is normal.
  • Please post the content of results.txt


NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 30
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u30-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT

Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 guitarsrkewl08

guitarsrkewl08
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 15 January 2012 - 08:58 PM

the results.txt was empty and 0 bytes


same problems exist everything done so far seems to have no results



dds


.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 7.0.5730.11  BrowserJavaVersion: 1.6.0_30
Run by HP_Owner at 18:27:52 on 2012-01-15
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.503.189 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\WildTangent Games\App\GamesAppService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ShowMyPC\-----------ShowMyPC3105\SMPCSetup.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ShowMyPC\-----------ShowMyPC3105\spcplink.exe
C:\Program Files\ShowMyPCService\tvnserver.exe
C:\Program Files\ShowMyPCService\tvnserver.exe
C:\Program Files\ShowMyPCService\tvnserver.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com
BHO: Updater For eGames Toolbar - No File
autorunsdisabled
{02478d38-c3f9-4efb-9b51-7695eca05670}
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}
{5c255c8a-e604-49b4-9d64-90988571cecb}
BHO: SearchHelperBho Class: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [tvncontrol] "c:\program files\showmypcservice\tvnserver.exe" -controlservice -slave
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AAC6F04F-1443-436E-87D6-23F6B595CF12} : DhcpNameServer = 192.168.2.1
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\WBSrv.dll
AppInit_DLLs: c:\windows\system32\wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\bnzeakb7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://freddieyoho.com/quicklinks/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\hp_owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-17 54752]
R2 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-15 2280312]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-14 2984832]
R2 tvnserver;TightVNC Server;c:\program files\showmypcservice\tvnserver.exe [2010-7-8 815704]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S4 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
.
=============== Created Last 30 ================
.
2012-01-16 01:01:18	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-01-15 19:32:30	--------	d-----w-	c:\program files\ESET
2012-01-13 06:34:57	98816	----a-w-	c:\windows\sed.exe
2012-01-13 06:34:57	518144	----a-w-	c:\windows\SWREG.exe
2012-01-13 06:34:57	256000	----a-w-	c:\windows\PEV.exe
2012-01-13 06:34:57	208896	----a-w-	c:\windows\MBR.exe
2012-01-13 05:29:19	--------	d-----w-	c:\documents and settings\hp_owner\local settings\application data\RcIncidents
2012-01-12 05:30:40	388096	----a-r-	c:\documents and settings\hp_owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-12 05:30:39	--------	d-----w-	c:\program files\Trend Micro
2012-01-12 02:43:56	1409	----a-w-	c:\windows\QTFont.for
2011-12-26 02:47:40	--------	d-----w-	c:\program files\Counter-Strike 1.6 V42 DiGiTALZONE
2011-12-23 22:41:06	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M  ====================
.
2012-01-16 01:01:05	472808	----a-w-	c:\windows\system32\deployJava1.dll
.
============= FINISH: 18:33:24.50 ===============



attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/22/2005 12:36:29 PM
System Uptime: 1/15/2012 6:20:47 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | Grouper
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 143 GiB total, 100.688 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.757 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP563: 10/13/2011 6:06:19 PM - System Checkpoint
RP564: 10/15/2011 2:14:02 PM - System Checkpoint
RP565: 10/17/2011 12:10:40 PM - System Checkpoint
RP566: 10/19/2011 12:42:11 PM - System Checkpoint
RP567: 10/26/2011 12:38:35 PM - Installed Java(TM) 6 Update 29
RP568: 10/26/2011 8:31:02 PM - Installed RuneScape Launcher 1.1
RP569: 10/29/2011 7:01:19 PM - System Checkpoint
RP570: 10/31/2011 12:09:48 PM - System Checkpoint
RP571: 11/2/2011 6:28:28 PM - System Checkpoint
RP572: 11/3/2011 9:58:40 PM - System Checkpoint
RP573: 11/8/2011 10:49:32 AM - System Checkpoint
RP574: 11/9/2011 2:40:17 PM - System Checkpoint
RP575: 11/11/2011 7:47:54 PM - System Checkpoint
RP576: 11/12/2011 11:37:48 PM - System Checkpoint
RP577: 11/13/2011 12:37:04 AM - Installed DirectX
RP578: 11/13/2011 12:37:18 AM - Installed DirectX
RP579: 11/13/2011 12:46:35 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP580: 11/13/2011 12:49:22 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP581: 11/13/2011 12:51:09 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP582: 11/13/2011 12:54:49 AM - Installed DirectX
RP583: 11/14/2011 10:30:38 AM - System Checkpoint
RP584: 11/22/2011 3:12:42 PM - Removed RuneScape Launcher 1.1
RP585: 11/22/2011 3:14:52 PM - Installed RuneScape Launcher 1.2
RP586: 11/24/2011 1:53:33 PM - Installed Saddle Up
RP587: 11/24/2011 1:54:38 PM - Installed Saddle Up
RP588: 11/25/2011 10:04:47 PM - Removed Saddle Up
RP589: 11/25/2011 10:35:44 PM - Installed WolfQuest
RP590: 11/27/2011 3:53:18 PM - System Checkpoint
RP591: 11/29/2011 12:20:54 PM - Removed WolfQuest
RP592: 11/30/2011 3:27:13 PM - System Checkpoint
RP593: 12/4/2011 10:05:19 PM - System Checkpoint
RP594: 12/6/2011 6:19:43 PM - System Checkpoint
RP595: 12/11/2011 2:38:20 PM - System Checkpoint
RP596: 12/12/2011 4:14:04 PM - System Checkpoint
RP597: 12/15/2011 6:28:52 PM - System Checkpoint
RP598: 12/17/2011 4:37:58 PM - System Checkpoint
RP599: 12/19/2011 4:48:45 PM - System Checkpoint
RP600: 12/21/2011 12:12:38 PM - System Checkpoint
RP601: 12/22/2011 5:55:33 PM - System Checkpoint
RP602: 12/23/2011 9:33:53 PM - System Checkpoint
RP603: 12/26/2011 1:06:01 PM - System Checkpoint
RP604: 12/27/2011 1:58:31 PM - System Checkpoint
RP605: 12/28/2011 11:26:14 PM - System Checkpoint
RP606: 12/31/2011 1:24:44 PM - System Checkpoint
RP607: 1/1/2012 7:45:18 PM - System Checkpoint
RP608: 1/3/2012 12:51:08 PM - System Checkpoint
RP609: 1/5/2012 2:10:19 PM - System Checkpoint
RP610: 1/10/2012 11:40:02 AM - System Checkpoint
RP611: 1/11/2012 12:02:46 PM - System Checkpoint
RP612: 1/11/2012 10:09:38 PM - Restore Operation
RP613: 1/11/2012 10:30:38 PM - Installed HiJackThis
RP614: 1/15/2012 5:48:02 PM - Removed Adobe Reader 7.0
RP615: 1/15/2012 5:48:38 PM - Installed Adobe Reader X (10.1.2).
RP616: 1/15/2012 6:00:29 PM - Removed Java(TM) 6 Update 26
RP617: 1/15/2012 6:00:59 PM - Installed Java(TM) 6 Update 30
RP618: 1/15/2012 6:10:42 PM - Removed Java(TM) SE Development Kit 6 Update 26
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 6.0
Adobe Reader X (10.1.2)
Adobe Shockwave Player
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
BufferChm
CameraDrivers
CardRd81
CCleaner
CCScore
Copy
Counter-Strike 1.6 DiGiTALZONE
CR2
CreativeProjects
CreativeProjectsTemplates
Cucusoft YouTube Mate 8.08
CueTour
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Codec
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
DNA
DocProc
DocumentViewer
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
eSupportQFolder
ExtraPutty 0.22
F4200_Help
Far Cry (Patch 1.4)
Fax
FileZilla Client 3.3.3
FlashMute
GIMP 2.6.7
Glary Utilities 2.12.0.658
GPBaseService
Help and Support Additions
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Customer Participation Program 10.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.2
HP Image Zone Plus 4.2
HP Imaging Device Functions 10.0
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP Photosmart Essential 2.5
HP PrecisionScan LTX
HP PSC & OfficeJet 4.0
HP Smart Web Printing
HP Solution Center 10.0
HP Update
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HPIZ402
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
HPSystemDiagnostics
InstantShare
Intel(R) Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 30
Junk Mail filter update
KBD
Kodak EasyShare software
KSU
M8 Free Multi Clipboard
Mahjongg Master Egyptian Edition
Malwarebytes' Anti-Malware version 1.51.2.1300
Map Button (Windows Live Toolbar)
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 7.0
Mozilla Firefox 10.0 (x86 en-US)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 3.5 magicMoments - HPD
Notepad++
Notifier
OpenOffice.org Installer 1.0
OTtBP
OTtBPSDK
Pando Media Booster
PC-Doctor for Windows
PHOTOfunSTUDIO 5.0 HD Edition
PhotoGallery
Popup Blocker (Windows Live Toolbar)
PrintScreen
PS2
PSSWCORE
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Realtek High Definition Audio Driver
RuneScape Launcher 1.2
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Segoe UI
SFR
SHASTA
Shop for HP Supplies
SKIN0001
SkinsHP1
SkinsHP2
SKINXSDK
Skype™ 5.5
Smart Menus (Windows Live Toolbar)
SmartWebPrintingOC
SolutionCenter
Sonic RecordNow!
Status
SwiftKit
System Requirements Lab
TeamViewer 6
TeamViewer 7
TightVNC 2.0.3
Toolbox
TrayApp
Unity Web Player
Unload
UnloadSupport
Unlocker 1.8.7
Update Installer for WildTangent Games App
Updates from HP
Ventrilo Client
VideoToolkit01
VPRINTOL
WebFldrs XP
WebReg
WildTangent Games
WildTangent Games App
Winamp (remove only)
WindowBlinds
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012 8:34:37 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/9/2012 6:32:47 PM, error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
1/8/2012 9:23:05 AM, error: Print [19]  - Sharing printer failed + 1722, Printer HP Deskjet F4200 series share name HPDeskje.
1/15/2012 7:24:42 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
1/15/2012 6:12:01 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
1/15/2012 5:15:08 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/13/2012 12:18:41 AM, error: PlugPlayManager [11]  - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
1/12/2012 7:11:11 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
1/12/2012 7:11:11 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
1/12/2012 7:11:11 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/12/2012 7:11:11 PM, error: Service Control Manager [7001]  - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/12/2012 7:11:11 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/12/2012 7:11:11 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBT service which failed to start because of the following error:  A device attached to the system is not functioning.
1/12/2012 7:10:28 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/11/2012 9:36:24 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips intelppm
1/11/2012 9:35:12 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/11/2012 6:15:07 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.2 for the Network Card with network address 00112F51F857 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/11/2012 11:21:55 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/10/2012 2:07:50 PM, error: Service Control Manager [7031]  - The TeamViewer 6 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/10/2012 2:07:48 PM, error: Service Control Manager [7031]  - The TeamViewer 7 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
1/10/2012 12:22:01 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.3 for the Network Card with network address 00112F51F857 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================


Edited by guitarsrkewl08, 15 January 2012 - 09:10 PM.


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:42 PM

Posted 15 January 2012 - 09:15 PM

Please run the following:

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.


NEXT


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Please describe in as much detail as possible all the outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 guitarsrkewl08

guitarsrkewl08
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 15 January 2012 - 10:17 PM

MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Home Edition
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x000007bc

Kernel Drivers (total 133):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x806FF000 \WINDOWS\system32\hal.dll
  0xF8C02000 \WINDOWS\system32\KDCOM.DLL
  0xF8B12000 \WINDOWS\system32\BOOTVID.dll
  0xF86B3000 ACPI.sys
  0xF8C04000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF86A2000 pci.sys
  0xF8702000 isapnp.sys
  0xF8CCA000 pciide.sys
  0xF8982000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF8C06000 intelide.sys
  0xF8712000 MountMgr.sys
  0xF8683000 ftdisk.sys
  0xF898A000 PartMgr.sys
  0xF8722000 VolSnap.sys
  0xF866B000 atapi.sys
  0xF8648000 fasttx2k.sys
  0xF8630000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
  0xF8732000 disk.sys
  0xF8742000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF8610000 fltmgr.sys
  0xF85FE000 sr.sys
  0xF8752000 PxHelp20.sys
  0xF85E7000 KSecDD.sys
  0xF85D4000 WudfPf.sys
  0xF8547000 Ntfs.sys
  0xF851A000 NDIS.sys
  0xF8762000 SISAGPX.sys
  0xF8992000 viaagp1.sys
  0xF8772000 ohci1394.sys
  0xF8782000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF8500000 Mup.sys
  0xF87B2000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xF8822000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xF7735000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
  0xF7721000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF76F9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF8A7A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xF76D5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF8A82000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF75C9000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0xF75A6000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF8A8A000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF7592000 \SystemRoot\system32\DRIVERS\parport.sys
  0xF8842000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF84DC000 \SystemRoot\system32\DRIVERS\PS2.sys
  0xF8A92000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF8852000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF8A9A000 \SystemRoot\system32\drivers\iviaspi.sys
  0xF84D8000 \SystemRoot\system32\drivers\pfc.sys
  0xF8862000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF8872000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF8DB2000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF8882000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF84CC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF757B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF8892000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF88A2000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF8AA2000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF756A000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF88B2000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF8AAA000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF8AB2000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF88C2000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF8ABA000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF8C32000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF750C000 \SystemRoot\system32\DRIVERS\update.sys
  0xF84C0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF88D2000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xAA5AA000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xAA586000 \SystemRoot\system32\drivers\portcls.sys
  0xF8902000 \SystemRoot\system32\drivers\drmk.sys
  0xF8912000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF8C36000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF8C38000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF8932000 \SystemRoot\system32\DRIVERS\DcCam.sys
  0xAA538000 \SystemRoot\system32\DRIVERS\EXPORTIT.SYS
  0xF8D1E000 \SystemRoot\System32\Drivers\Null.SYS
  0xF8C3A000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF8ACA000 \SystemRoot\System32\drivers\vga.sys
  0xF8C3C000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF8C3E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF8AD2000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF8ADA000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF8B92000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xAA505000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xAA4AC000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xAA484000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xAA45E000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF8942000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF8BA2000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xAA39C000 \SystemRoot\System32\drivers\afd.sys
  0xF8952000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF8972000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xF8BAA000 \SystemRoot\system32\DRIVERS\srvkp.sys
  0xAA371000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xAA2D9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF803B000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF8BB2000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF802B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF8AE2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF8AEA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xF8AF2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xF8BB6000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xF8BBA000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0xF8B02000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0xF8B0A000 \SystemRoot\system32\DRIVERS\HPZius12.sys
  0xF801B000 \SystemRoot\system32\DRIVERS\HPZid412.sys
  0xF8BBE000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
  0xAA2B5000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xAA29D000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF8C52000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xAA57A000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF89D2000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF8DE5000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF024000 \SystemRoot\System32\igxpgd32.dll
  0xBF012000 \SystemRoot\System32\igxprd32.dll
  0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
  0xBF1CC000 \SystemRoot\System32\igxpdx32.DLL
  0xF87C2000 \SystemRoot\system32\drivers\dcfs2k.sys
  0xF87E2000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
  0xAA159000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA9EF0000 \SystemRoot\system32\drivers\wdmaud.sys
  0xAA1D5000 \SystemRoot\system32\drivers\sysaudio.sys
  0xA9EE0000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xA9C45000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xA9ADB000 \SystemRoot\system32\DRIVERS\srv.sys
  0xA95C2000 \SystemRoot\System32\Drivers\HTTP.sys
  0xF8832000 \SystemRoot\system32\DRIVERS\R8139n51.SYS
  0xA933F000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
       0 System Idle Process
       4 System
     468 C:\WINDOWS\system32\smss.exe
     536 csrss.exe
     560 C:\WINDOWS\system32\winlogon.exe
     604 C:\WINDOWS\system32\services.exe
     616 C:\WINDOWS\system32\lsass.exe
     788 C:\WINDOWS\system32\svchost.exe
     836 svchost.exe
     904 C:\WINDOWS\system32\svchost.exe
     944 C:\WINDOWS\system32\svchost.exe
     988 svchost.exe
    1080 svchost.exe
    1212 C:\WINDOWS\system32\spoolsv.exe
    1492 C:\WINDOWS\explorer.exe
    1684 C:\WINDOWS\system32\ps2.EXE
    1720 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1868 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    1900 C:\WINDOWS\system32\bgsvcgen.exe
    1960 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    1992 C:\Program Files\WildTangent Games\App\GamesAppService.exe
    2016 C:\WINDOWS\system32\svchost.exe
     128 C:\Program Files\Java\jre6\bin\jqs.exe
     148 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
     216 C:\WINDOWS\system32\svchost.exe
     352 C:\WINDOWS\system32\svchost.exe
     396 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
     580 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    1480 C:\Program Files\TeamViewer\Version7\TeamViewer.exe
    1616 C:\Program Files\TeamViewer\Version7\tv_w32.exe
    2632 alg.exe
    2800 C:\WINDOWS\system32\wscntfy.exe
    3104 C:\WINDOWS\system32\svchost.exe
    3744 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    2420 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    3440 C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
    3780 C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
    3520 C:\DOCUME~1\HP_Owner\LOCALS~1\temp\ShowMyPC\-----------ShowMyPC3105\SMPCSetup.exe
     608 C:\DOCUME~1\HP_Owner\LOCALS~1\temp\ShowMyPC\-----------ShowMyPC3105\spcplink.exe
    2560 C:\Program Files\ShowMyPCService\tvnserver.exe
     312 C:\Program Files\ShowMyPCService\tvnserver.exe
    2248 C:\Program Files\ShowMyPCService\tvnserver.exe
    3436 C:\Documents and Settings\HP_Owner\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`7372a000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (FAT32)

PhysicalDrive0 Model Number: SAMSUNGSP1614C, Rev: SW100-30

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: EC5B6F4B08268D5344F30BFF61C8B587F034795B


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!





otl


OTL logfile created on: 1/15/2012 7:51:47 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\HP_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
503.29 Mb Total Physical Memory | 128.78 Mb Available Physical Memory | 25.59% Memory free
4.46 Gb Paging File | 4.06 Gb Available in Paging File | 90.96% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.24 Gb Total Space | 100.65 Gb Free Space | 70.27% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.76 Gb Free Space | 13.07% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-AE066C3A9B | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/01/15 19:49:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\My Documents\Downloads\OTL.exe
PRC - [2012/01/15 18:39:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
PRC - [2012/01/15 18:39:22 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
PRC - [2011/12/14 04:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/12/14 04:59:18 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2011/12/14 04:41:54 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2011/10/15 17:12:40 | 003,397,008 | ---- | M] (ShowMyPC) -- C:\Documents and Settings\HP_Owner\Local Settings\temp\ShowMyPC\-----------ShowMyPC3105\SMPCSetup.exe
PRC - [2011/08/30 18:52:16 | 000,432,528 | ---- | M] (ShowMyPC) -- C:\Documents and Settings\HP_Owner\Local Settings\temp\ShowMyPC\-----------ShowMyPC3105\spcplink.exe
PRC - [2011/04/15 02:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe
PRC - [2010/07/08 06:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\ShowMyPCService\tvnserver.exe
PRC - [2009/11/06 11:12:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2007/05/17 14:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2002/10/16 16:57:10 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/01/15 18:39:24 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 12\mozjs.dll
MOD - [2010/12/28 20:36:35 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/07/08 06:28:56 | 000,068,696 | ---- | M] () -- C:\Program Files\ShowMyPCService\screenhooks.dll
MOD - [2010/06/13 14:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/05/06 22:12:40 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011/12/14 04:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/04/15 02:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Auto | Running] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/08 06:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\ShowMyPCService\tvnserver.exe -- (tvnserver)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/11/06 11:12:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/08/02 12:33:50 | 000,080,528 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/05/17 14:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/04/10 14:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2005/06/30 13:16:26 | 001,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/07/19 17:33:14 | 000,218,112 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/07/17 04:20:34 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/07/06 16:59:44 | 002,185,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2003/12/02 18:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/07/18 16:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 11:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 17:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation       ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/17 13:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2001/06/04 14:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2809893791-3934609222-1653351773-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2809893791-3934609222-1653351773-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2809893791-3934609222-1653351773-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://freddieyoho.com/quicklinks/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1879: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1939: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.872: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2012/01/15 18:39:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins
 
[2010/08/16 01:03:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2009/06/30 18:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012/01/06 12:40:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bnzeakb7.default\extensions
[2011/12/23 17:02:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bnzeakb7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/18 13:26:28 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bnzeakb7.default\searchplugins\bing.xml
[2009/12/16 05:00:34 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bnzeakb7.default\searchplugins\egames.xml
[2011/04/06 10:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/09 12:04:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2012/01/13 00:30:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Reg Error: Value error.) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Value error. File not found
O2 - BHO: (Reg Error: Value error.) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Reg Error: Value error.) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Reg Error: Value error.) - AutorunsDisabled - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-2809893791-3934609222-1653351773-1009\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2809893791-3934609222-1653351773-1009\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2809893791-3934609222-1653351773-1009\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\ShowMyPCService\tvnserver.exe (GlavSoft LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2809893791-3934609222-1653351773-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2809893791-3934609222-1653351773-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2809893791-3934609222-1653351773-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2809893791-3934609222-1653351773-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAC6F04F-1443-436E-87D6-23F6B595CF12}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wbsys.dll) -C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - (C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll) - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O24 - Desktop Components:0 () - 
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/22 12:35:50 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/01/15 12:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/15 12:14:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/15 11:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\antivirus stuff
[2012/01/14 16:05:29 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Owner\Desktop\dds.com
[2012/01/12 23:34:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/12 23:34:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/12 23:34:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/12 23:34:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/12 23:34:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/12 23:34:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/12 22:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\RcIncidents
[2012/01/12 20:35:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2012/01/11 23:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\admin
[2012/01/11 22:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/11 22:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\HiJackThis
[2012/01/05 13:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/12/25 19:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Counter-Strike 1.6 DiGiTALZONE
[2011/12/25 19:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6 V42 DiGiTALZONE
[2011/12/24 20:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/01/15 19:30:12 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\HP_Owner\random.dat
[2012/01/15 19:28:52 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\HP_Owner\jagex_cl_runescape_LIVE.dat
[2012/01/15 19:28:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/15 19:27:16 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012/01/15 19:26:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/15 19:26:37 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/15 17:49:29 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/15 17:30:06 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/01/15 11:45:38 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\HP_Owner\jagexappletviewer.preferences
[2012/01/15 10:55:16 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\PUTTY.RND
[2012/01/15 10:26:40 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to ComboFix.exe.lnk
[2012/01/14 16:05:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Owner\Desktop\dds.com
[2012/01/13 18:43:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/13 18:42:59 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/13 12:52:36 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Windows Live Call.lnk
[2012/01/13 00:30:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/12 23:05:48 | 004,366,336 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2012/01/12 23:05:47 | 003,313,664 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2012/01/12 22:44:08 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Desktop.lnk
[2012/01/12 19:32:36 | 000,000,030 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Copy of fix internet.bat
[2012/01/12 19:18:21 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\fix internet.bat
[2012/01/11 19:43:56 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/01/11 18:18:53 | 000,402,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/11 18:18:53 | 000,063,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/24 20:25:19 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2011/12/17 14:12:58 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\naromisi
[2012/01/15 17:49:29 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/15 17:49:29 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/15 17:21:40 | 527,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/15 10:26:40 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to ComboFix.exe.lnk
[2012/01/13 18:43:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/12 23:34:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/12 23:34:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/12 23:34:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/12 23:34:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/12 23:34:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/12 22:44:08 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Desktop.lnk
[2012/01/12 19:22:36 | 000,000,030 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Copy of fix internet.bat
[2012/01/11 21:29:01 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\fix internet.bat
[2012/01/11 19:43:56 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/01/11 19:43:55 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/12/24 20:25:18 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2011/07/22 15:08:26 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\RSBuddy-Dev.ini
[2011/07/16 21:54:55 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/06/21 13:28:05 | 000,000,234 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\RSBuddy_waterbottle22.ini
[2011/03/17 17:58:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2011/03/01 10:22:41 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/03/01 10:22:41 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/03/01 10:22:40 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/03/01 10:22:40 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/03/01 10:22:40 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/03/01 10:22:40 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/03/01 10:22:40 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/03/01 10:22:40 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/03/01 10:22:40 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/03/01 10:22:40 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/03/01 10:22:40 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011/03/01 10:22:40 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/03/01 10:22:40 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/03/01 10:22:40 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/03/01 10:22:40 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/03/01 10:22:40 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/03/01 10:22:40 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011/03/01 10:22:40 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011/03/01 10:22:40 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/12/16 16:10:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/26 10:36:52 | 000,157,590 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2009/12/26 10:36:52 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2009/08/17 11:44:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/12 16:01:36 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2009/07/12 16:01:36 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2009/07/05 22:53:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/18 17:55:44 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2009/05/17 22:34:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2009/01/24 12:37:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/01/23 00:01:16 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\PUTTY.RND
[2009/01/13 16:26:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2007/10/10 06:50:20 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/25 17:09:21 | 001,148,760 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Install.xat
[2007/07/26 08:53:49 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/09 12:07:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/09 12:05:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/24 18:26:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2007/01/27 19:02:21 | 000,000,055 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2006/11/20 11:14:34 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/06 14:08:25 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2006/07/19 12:42:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/03/20 13:51:59 | 000,000,139 | ---- | C] () -- C:\WINDOWS\chmpchss.INI
[2006/03/20 10:08:37 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/10/23 17:45:32 | 000,000,316 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2005/10/23 17:42:34 | 000,000,906 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/10/22 19:58:06 | 000,000,377 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/10/22 19:58:04 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2005/10/22 18:32:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/10/22 12:01:04 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\hpgt34.dll
[2005/09/22 12:37:24 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2005/09/22 12:34:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/22 12:34:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/22 12:34:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/22 12:34:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/22 12:34:32 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/22 12:34:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/09/01 21:13:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/01 21:13:07 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/01 21:13:03 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/01 21:12:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/01 21:12:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/01 21:12:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/01 21:12:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/01 21:11:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/08 08:16:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 14:39:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/08/07 14:39:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/07 14:39:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/07 14:34:39 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/08/07 14:33:31 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/08/07 14:28:27 | 000,026,939 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/08/07 14:27:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/08/07 14:17:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/07 13:50:45 | 000,094,339 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2004/08/07 13:50:45 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2004/08/07 13:42:52 | 000,104,115 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2004/08/07 13:42:52 | 000,016,939 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2004/08/07 13:33:07 | 000,089,028 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2004/08/07 13:33:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2004/08/07 13:24:38 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2004/08/07 13:24:38 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2004/08/07 13:17:16 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/07 13:02:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/08/07 13:02:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/08/07 13:02:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/08/07 12:26:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/08/07 12:26:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/08/07 12:25:38 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/08/07 12:07:48 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 12:06:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 12:01:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/07 11:47:30 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/07 11:47:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/07 11:47:05 | 000,402,738 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 11:47:05 | 000,063,364 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 11:46:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/07 04:55:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 04:54:52 | 000,208,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/06/29 05:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/02/27 10:10:30 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/05/15 21:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin
[2003/03/06 22:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/23 10:30:00 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2003/01/23 10:30:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2003/01/07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2004/08/07 14:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2012/01/15 07:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2008/12/01 14:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dragon's Eye Productions
[2009/12/13 14:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/11/28 19:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2011/03/01 10:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2011/11/12 22:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/06/02 13:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SwiftKit
[2011/11/28 19:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2004/08/07 14:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2009/03/04 20:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TeamViewer
[2011/06/22 21:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2011/05/28 16:34:07 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2004/08/04 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2004/08/04 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >






extras


OTL Extras logfile created on: 1/15/2012 7:51:47 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\HP_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
503.29 Mb Total Physical Memory | 128.78 Mb Available Physical Memory | 25.59% Memory free
4.46 Gb Paging File | 4.06 Gb Available in Paging File | 90.96% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.24 Gb Total Space | 100.65 Gb Free Space | 70.27% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.76 Gb Free Space | 13.07% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-AE066C3A9B | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2809893791-3934609222-1653351773-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Documents and Settings\HP_Owner\Local Settings\temp\ShowMyPC\-----------ShowMyPC3105\SMPCSetup.exe" = C:\Documents and Settings\HP_Owner\Local Settings\temp\ShowMyPC\-----------ShowMyPC3105\SMPCSetup.exe:*:Enabled:SMPCSetup -- (ShowMyPC)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{14C76057-E495-47E1-BDF0-1A1CC1752ADF}" = ExtraPutty 0.22
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3EFF5902-2310-4F66-9144-1B11783A7E54}_is1" = Counter-Strike 1.6 DiGiTALZONE
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
"{5E1494D4-3562-4FFB-B35C-600F80F6934C}" = HP Image Zone Plus 4.2
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8D9768AE-DE42-4A04-A461-2361A58C384D}" = HPIZ402
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0 HD Edition
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{B103C8A7-D1CC-4B1A-BD41-883F652E097D}" = muvee autoProducer 3.5 magicMoments - HPD
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"BackWeb-309731 Uninstaller" = Updates from HP
"CCleaner" = CCleaner
"Cucusoft YouTube Mate (Downloader+Player+Converter)_is1" = Cucusoft YouTube Mate 8.08
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.3
"Glary Utilities_is1" = Glary Utilities 2.12.0.658
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Help and Support Additions" = Help and Support Additions
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo & Imaging" = HP Image Zone 4.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP PrecisionScan LTX" = HP PrecisionScan LTX
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"M8 Free Multi Clipboard" = M8 Free Multi Clipboard
"Mahjongg Master Egyptian Edition" = Mahjongg Master Egyptian Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TightVNC" = TightVNC 2.0.3
"Unlocker" = Unlocker 1.8.7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Winamp" = Winamp (remove only)
"WindowBlinds" = WindowBlinds
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-2809893791-3934609222-1653351773-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"FlashMute" = FlashMute
"SwiftKit" = SwiftKit
"UnityWebPlayer" = Unity Web Player
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 1/13/2012 1:26:08 AM | Computer Name = YOUR-AE066C3A9B | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 1/13/2012 1:29:05 AM | Computer Name = YOUR-AE066C3A9B | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 1/13/2012 1:38:41 PM | Computer Name = YOUR-AE066C3A9B | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 1/14/2012 6:25:44 PM | Computer Name = YOUR-AE066C3A9B | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 1/14/2012 7:28:59 PM | Computer Name = YOUR-AE066C3A9B | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 1/15/2012 12:48:19 AM | Computer Name = YOUR-AE066C3A9B | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 1/15/2012 1:06:38 PM | Computer Name = YOUR-AE066C3A9B | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 1/15/2012 2:00:35 PM | Computer Name = YOUR-AE066C3A9B | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 1/15/2012 3:15:35 PM | Computer Name = YOUR-AE066C3A9B | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 1/15/2012 7:43:58 PM | Computer Name = YOUR-AE066C3A9B | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
[ OSession Events ]
Error - 5/8/2009 8:55:28 PM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 4281 seconds with 2520 seconds of active time.  This session ended with a
 crash.
 
Error - 5/16/2009 3:58:19 PM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 18858 seconds with 16140 seconds of active time.  This session ended with
 a crash.
 
Error - 5/19/2009 9:22:58 PM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 720 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 9/24/2009 12:11:08 PM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 3346 seconds with 2880 seconds of active time.  This session ended with a
 crash.
 
Error - 11/16/2009 12:55:11 PM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 6473 seconds with 6060 seconds of active time.  This session ended with a
 crash.
 
Error - 4/24/2010 11:24:54 AM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2254
 seconds with 1380 seconds of active time.  This session ended with a crash.
 
Error - 4/28/2010 12:15:02 PM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2879
 seconds with 2700 seconds of active time.  This session ended with a crash.
 
Error - 6/4/2011 10:28:22 AM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/5/2011 9:46:21 AM | Computer Name = YOUR-AE066C3A9B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 27
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 1/15/2012 9:12:11 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 1/15/2012 9:12:11 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 1/15/2012 9:12:11 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 1/15/2012 9:12:11 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 1/15/2012 9:12:11 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 1/15/2012 9:12:11 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 1/15/2012 9:12:11 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 1/15/2012 9:12:11 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 1/15/2012 9:22:52 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 1/15/2012 10:28:17 PM | Computer Name = YOUR-AE066C3A9B | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
 
< End of report >


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:42 PM

Posted 16 January 2012 - 11:34 AM

Hi

Please do the following:


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O2 - BHO: (Reg Error: Value error.) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Value error. File not found
    O2 - BHO: (Reg Error: Value error.) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
    O2 - BHO: (Reg Error: Value error.) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Value error. File not found
    O2 - BHO: (Reg Error: Value error.) - AutorunsDisabled - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-21-2809893791-3934609222-1653351773-1009\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\naromisi
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT


Please describe in as much detail as possible what issues are outstanding

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 guitarsrkewl08

guitarsrkewl08
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 17 January 2012 - 12:26 PM

sorry on vacation for a week or so don't have access to that computer to try will try and post back when i get back home

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:42 PM

Posted 17 January 2012 - 05:44 PM

no problem, I'll keep the thread open till I hear back from you

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 guitarsrkewl08

guitarsrkewl08
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 19 January 2012 - 01:24 PM

ok ty




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users