Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32/Sirefef.DT trojan, among others


  • This topic is locked This topic is locked
64 replies to this topic

#1 CzarKib

CzarKib

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 18 January 2012 - 10:27 AM

Hello,

I followed the instructions posted for removing the so-called Windows XP Security 2012 virus last week. However, other viruses seem to have taken its place. ESET is continuously blocking attacks, and when it performs a scan, it claims there to be a threat in the memory ( a variant of Win32/sirefef.DT trojan) that cannot be cleaned.

I followed the instructions in the preparation guide, but could not actually run the dds.scr scan -- when I double-click the icon, the window blinks and disappears. Further, I tried running GMER scan twice. The first time, the scan aborted after about 5 minutes - the entire program simply closed down. The second time was going very well, but about 5 hours into the scan, I got the "WARNING! about rootkit activity" message. I clicked OK, and the log up to that point disappeared entirely before the scan was finished, and before I could save/copy it.

Other symptoms I am now experiencing is an occasional Google redirect, and subsequent connectivity problems.

Thanks in advance for all of your help.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:25 PM

Posted 21 January 2012 - 07:35 PM

Hi,

Please do the following:



Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs



NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CzarKib

CzarKib
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 22 January 2012 - 09:43 AM

Hello -

Here are the results of the OTL scans. The other scan you recommended will be posted in my very next response - I wanted to make sure not to lose this in the meantime..


OTL logfile created on: 1/22/2012 9:27:22 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\M & J\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 78.33% Memory free
4.84 Gb Paging File | 4.33 Gb Available in Paging File | 89.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 218.94 Gb Total Space | 61.61 Gb Free Space | 28.14% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 74.43 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DELL | User Name: M & J | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/22 09:25:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\M & J\Desktop\OTL.exe
PRC - [2012/01/14 11:54:27 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/09/06 09:40:33 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/05/17 12:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/05/01 11:13:56 | 000,059,392 | ---- | M] () -- C:\Program Files\ABBYY FineReader for ScanSnap\update_check.exe
PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/04/05 06:19:58 | 000,444,928 | ---- | M] (Livescribe) -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2010/04/05 06:19:56 | 000,647,168 | ---- | M] () -- C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe
PRC - [2010/01/18 18:08:44 | 000,856,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2009/12/01 09:28:54 | 001,146,880 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/10/07 09:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/25 11:19:10 | 000,229,592 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc4.exe
PRC - [2007/04/03 20:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/04/25 16:30:38 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2006/03/21 12:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/03/20 15:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/11/07 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/10/20 14:45:10 | 000,871,936 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2005/10/14 12:02:02 | 000,670,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/08/11 01:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2004/07/08 16:13:42 | 000,106,496 | ---- | M] (Sony Corporation.) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
PRC - [2002/04/24 20:37:43 | 001,544,192 | ---- | M] (Support.com, Inc.) -- C:\Program Files\support.com\bin\tgcmd.exe
PRC - [2001/08/09 16:06:46 | 000,045,056 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe
PRC - [2001/07/03 08:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe
PRC - [2001/07/03 08:11:52 | 000,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/15 12:18:40 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2011/06/15 12:14:58 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011/06/15 12:14:40 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/06/15 12:13:46 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/06/15 12:13:45 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/06/15 12:13:45 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/06/15 12:13:37 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/06/15 12:13:36 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/06/15 12:13:34 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/06/15 12:13:34 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/06/15 12:13:33 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/06/15 12:13:31 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/06/15 12:13:26 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/05/01 11:13:56 | 000,059,392 | ---- | M] () -- C:\Program Files\ABBYY FineReader for ScanSnap\update_check.exe
MOD - [2011/02/04 17:48:32 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2011/02/01 16:10:57 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/02/01 16:10:57 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/02/01 16:10:57 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/02/01 16:10:56 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/02/01 16:10:56 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/02/01 16:10:56 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/02/01 16:10:56 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/02/01 16:10:56 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/02/01 16:10:56 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/02/01 16:10:56 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/02/01 16:10:56 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2010/10/05 21:33:20 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1ccccc25\mscorlib.dll
MOD - [2010/10/05 21:33:18 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_b35dba3f\system.drawing.dll
MOD - [2010/10/05 21:33:15 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_8e4f36fe\system.xml.dll
MOD - [2010/10/05 21:33:12 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_80b1a71f\system.windows.forms.dll
MOD - [2010/10/05 21:33:06 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b3979ce6\system.dll
MOD - [2010/10/05 21:33:01 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010/10/05 21:33:01 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/04/05 06:19:56 | 000,647,168 | ---- | M] () -- C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe
MOD - [2010/04/05 06:05:44 | 000,257,024 | ---- | M] () -- C:\Program Files\Livescribe\Livescribe Desktop\PenCommSDK.dll
MOD - [2010/04/05 06:05:44 | 000,257,024 | ---- | M] () -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommSdk.dll
MOD - [2010/03/03 10:36:46 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/23 09:34:28 | 000,344,064 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsConfig.dll
MOD - [2009/10/15 09:02:00 | 000,233,472 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsExtention.dll
MOD - [2009/02/14 13:27:15 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2008/10/05 18:28:39 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2008/09/21 00:09:46 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2008/09/21 00:09:46 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/09/21 00:09:46 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008/09/21 00:09:46 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2008/09/21 00:09:46 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/24 16:46:54 | 002,449,408 | ---- | M] () -- C:\Program Files\ffdshow\ffdshow.ax
MOD - [2007/06/26 20:27:18 | 000,167,936 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll
MOD - [2006/04/25 16:30:38 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
MOD - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
MOD - [2005/08/05 13:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 12:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005/05/07 13:14:56 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\custmon2k.dll
MOD - [2004/07/08 16:13:44 | 001,032,192 | ---- | M] () -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\ResidenceRes.dll
MOD - [2003/03/26 18:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll
MOD - [2001/08/09 15:54:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Util.dll
MOD - [2001/07/03 08:17:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2001/07/03 08:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (astcc)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/11/22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/11/14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/09/06 09:40:33 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/05 06:19:58 | 000,444,928 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2010/01/18 18:08:44 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/10/07 09:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008/10/16 09:05:22 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2007/06/25 11:19:10 | 000,229,592 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/04/25 16:30:38 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/10/14 12:02:02 | 000,670,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/10/07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/10/07 17:52:06 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/09/06 09:40:29 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/06 09:40:29 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/04/06 05:56:18 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/04/05 06:20:00 | 000,020,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PulseUsb.sys -- (PulseUsb)
DRV - [2010/02/21 21:41:44 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/02/21 21:41:44 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/02/21 21:41:44 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/01/29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/10/07 09:18:34 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/10/07 09:18:34 | 000,032,072 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/10/07 09:18:30 | 000,073,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/10/07 09:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2009/10/07 09:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 13:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/01/12 21:09:10 | 000,483,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2006/07/05 04:33:24 | 000,472,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG311T13.sys -- (AR5211)
DRV - [2006/06/07 16:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/20 15:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/18 11:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 11:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 04:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/10/14 12:01:56 | 000,029,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2005/10/14 12:00:36 | 000,101,760 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/10/14 12:00:26 | 000,022,016 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2005/08/15 11:08:26 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2005/08/15 11:08:26 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/01/28 14:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [1996/12/12 04:30:00 | 000,064,512 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1844237615-1972579041-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.23.0.5

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/14 11:55:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/14 11:54:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 12:00:16 | 000,000,000 | ---D | M]

[2008/09/21 21:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\M & J\Application Data\Mozilla\Extensions
[2011/11/09 15:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\M & J\Application Data\Mozilla\Firefox\Profiles\33e9vdp4.default\extensions
[2010/04/27 15:08:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\M & J\Application Data\Mozilla\Firefox\Profiles\33e9vdp4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/29 10:50:39 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\M & J\Application Data\Mozilla\Firefox\Profiles\33e9vdp4.default\extensions\DeviceDetection@logitech.com
[2011/06/25 23:01:11 | 000,000,000 | ---D | M] (Quick Media Converter Ask Toolbar) -- C:\Documents and Settings\M & J\Application Data\Mozilla\Firefox\Profiles\33e9vdp4.default\extensions\toolbar@ask.com
[2011/12/26 12:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/26 20:43:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/05/24 08:58:05 | 000,101,760 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2010/05/24 08:57:48 | 000,064,384 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2006/05/30 20:46:36 | 000,407,360 | ---- | M] (Documentum, Inc.) -- C:\Program Files\mozilla firefox\plugins\npeRoom7.dll
[2011/12/16 20:38:42 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/16 20:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/16 20:38:42 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/16 20:38:42 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/16 20:38:42 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\M & J\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Quick Media Converter Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Quick Media Converter Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\..\Toolbar\WebBrowser: (Quick Media Converter Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1844237615-1972579041-839522115-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [tgcmd] C:\Program Files\support.com\bin\tgcmd.exe (Support.com, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003..\Run: [LDTray] C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe ()
O4 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003..\Run: [Upgrade_Client] C:\Program Files\ABBYY FineReader for ScanSnap\update_check.exe ()
O4 - HKU\S-1-5-21-1844237615-1972579041-839522115-1007..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk = C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk = C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Notify.lnk = C:\Novell\GroupWise\notify.exe (Novell, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O4 - Startup: C:\Documents and Settings\M & J\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1844237615-1972579041-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1844237615-1972579041-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\..Trusted Domains: utorrent.com ([www] * in Trusted sites)
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{640809C2-C2EF-4A53-8372-3DA95AB8D9C5}: NameServer = 68.87.73.242,68.87.71.226
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Program Files\PS\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Program Files\PS\itss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\M & J\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\M & J\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/08 16:06:12 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{80f260e8-8ffb-11de-a6a8-b3776a880b39}\Shell\AutoRun\command - "" = K:\wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{d1f6e3f7-8ca5-11dd-a52e-00146c868ef7}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/22 09:25:30 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\M & J\Desktop\aswMBR.exe
[2012/01/22 09:25:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\M & J\Desktop\OTL.exe
[2012/01/18 09:59:13 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\M & J\Desktop\dds.scr
[2012/01/14 11:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/01/14 11:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2012/01/10 14:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WCID
[2012/01/10 13:57:23 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012/01/10 13:57:21 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2012/01/10 13:57:20 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2012/01/10 13:57:20 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2012/01/10 13:56:11 | 000,253,096 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012/01/10 13:56:04 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012/01/10 13:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/01/10 13:55:54 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012/01/10 13:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/01/10 13:51:44 | 000,660,992 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2012/01/10 13:51:43 | 000,341,656 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012/01/10 13:51:41 | 000,331,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012/01/10 13:51:41 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2012/01/10 13:51:39 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/01/10 13:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/10 13:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/10 13:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M & J\Application Data\TestApp
[2012/01/10 13:50:20 | 003,834,864 | ---- | C] (PC Tools) -- C:\Documents and Settings\M & J\My Documents\sdasetup.exe
[2012/01/09 11:31:23 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\M & J\Desktop\iexc.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/22 09:26:10 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\M & J\Desktop\aswMBR.exe
[2012/01/22 09:25:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\M & J\Desktop\OTL.exe
[2012/01/22 09:22:33 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/01/22 09:22:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/22 09:22:27 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1972579041-839522115-1003.job
[2012/01/22 09:22:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/22 09:22:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/19 00:22:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/19 00:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/18 14:48:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/18 09:59:07 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\M & J\Desktop\dds.scr
[2012/01/17 15:06:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/17 14:58:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\M & J\Desktop\wg9ksx8p.exe
[2012/01/15 18:15:25 | 000,273,457 | ---- | M] () -- C:\Documents and Settings\M & J\My Documents\Army STARRS security 01132012.pdf
[2012/01/14 12:00:16 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/14 11:55:20 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/01/14 11:54:30 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/01/14 11:54:10 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1972579041-839522115-1003.job
[2012/01/11 19:40:08 | 001,764,638 | ---- | M] () -- C:\Documents and Settings\M & J\My Documents\501 Calculus Final Edits PART 3 Jan 2012.pdf
[2012/01/11 19:38:58 | 003,250,546 | ---- | M] () -- C:\Documents and Settings\M & J\My Documents\501 Calculus Final Edits PART 2 Jan 2012.pdf
[2012/01/11 19:37:26 | 001,982,807 | ---- | M] () -- C:\Documents and Settings\M & J\My Documents\501 Calculus Final Edits Jan 2012.pdf
[2012/01/10 14:11:21 | 000,001,322 | ---- | M] () -- C:\Documents and Settings\M & J\Desktop\sdasetup.exe.lnk
[2012/01/10 13:56:05 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/01/10 13:51:58 | 000,666,046 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/10 13:50:36 | 003,834,864 | ---- | M] (PC Tools) -- C:\Documents and Settings\M & J\My Documents\sdasetup.exe
[2012/01/10 06:57:37 | 000,621,152 | ---- | M] () -- C:\Documents and Settings\M & J\My Documents\time dep neutral see.pdf
[2012/01/09 18:37:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 11:28:46 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\M & J\Desktop\iexc.exe
[2012/01/09 11:14:42 | 000,012,396 | -HS- | M] () -- C:\Documents and Settings\M & J\Local Settings\Application Data\04lst48rgy6547byqnb28gmisi7am62kcu8p20t5w28fkv
[2012/01/09 11:14:42 | 000,012,396 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\04lst48rgy6547byqnb28gmisi7am62kcu8p20t5w28fkv
[2012/01/08 19:41:16 | 009,648,910 | ---- | M] () -- C:\Documents and Settings\M & J\My Documents\DTS Manual.pdf
[2012/01/08 19:38:56 | 000,270,029 | ---- | M] () -- C:\Documents and Settings\M & J\My Documents\SPAN Addendum to DTS Manual.pdf
[2012/01/07 11:05:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/07 08:23:13 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/01/05 06:28:32 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/12/29 21:48:06 | 000,000,086 | ---- | M] () -- C:\WINDOWS\WPCMAPI.INI
[2011/12/26 12:11:10 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/17 14:58:44 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\M & J\Desktop\wg9ksx8p.exe
[2012/01/15 18:15:25 | 000,273,457 | ---- | C] () -- C:\Documents and Settings\M & J\My Documents\Army STARRS security 01132012.pdf
[2012/01/14 12:00:16 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/14 12:00:16 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/14 11:55:20 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/01/11 19:40:08 | 001,764,638 | ---- | C] () -- C:\Documents and Settings\M & J\My Documents\501 Calculus Final Edits PART 3 Jan 2012.pdf
[2012/01/11 19:38:57 | 003,250,546 | ---- | C] () -- C:\Documents and Settings\M & J\My Documents\501 Calculus Final Edits PART 2 Jan 2012.pdf
[2012/01/11 19:37:26 | 001,982,807 | ---- | C] () -- C:\Documents and Settings\M & J\My Documents\501 Calculus Final Edits Jan 2012.pdf
[2012/01/10 13:57:22 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012/01/10 13:57:22 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2012/01/10 13:57:22 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2012/01/10 13:57:21 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2012/01/10 13:57:21 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2012/01/10 13:56:05 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/01/10 13:51:44 | 000,666,046 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/10 13:51:11 | 000,001,322 | ---- | C] () -- C:\Documents and Settings\M & J\Desktop\sdasetup.exe.lnk
[2012/01/10 06:57:37 | 000,621,152 | ---- | C] () -- C:\Documents and Settings\M & J\My Documents\time dep neutral see.pdf
[2012/01/09 18:37:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 10:14:37 | 000,012,396 | -HS- | C] () -- C:\Documents and Settings\M & J\Local Settings\Application Data\04lst48rgy6547byqnb28gmisi7am62kcu8p20t5w28fkv
[2012/01/09 10:14:37 | 000,012,396 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\04lst48rgy6547byqnb28gmisi7am62kcu8p20t5w28fkv
[2012/01/08 19:41:16 | 009,648,910 | ---- | C] () -- C:\Documents and Settings\M & J\My Documents\DTS Manual.pdf
[2012/01/08 19:38:56 | 000,270,029 | ---- | C] () -- C:\Documents and Settings\M & J\My Documents\SPAN Addendum to DTS Manual.pdf
[2011/06/29 18:55:04 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2011/06/26 06:16:36 | 000,013,360 | -HS- | C] () -- C:\Documents and Settings\M & J\Local Settings\Application Data\56f7srnue42q7hf4qx
[2011/06/26 06:16:36 | 000,013,360 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\56f7srnue42q7hf4qx
[2011/06/12 18:05:49 | 000,101,352 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/07 14:54:44 | 000,000,492 | ---- | C] () -- C:\WINDOWS\{DCFC65CB-97F5-4B9D-BFCD-BAEC7B053FAE}_WiseFW.ini
[2011/02/01 17:53:08 | 004,099,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/10 15:48:08 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DISPARAM.INI
[2011/01/03 14:21:36 | 000,035,190 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/10/14 15:19:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rhproq.sys
[2010/10/03 19:09:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2010/09/22 15:44:45 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2010/09/22 15:44:45 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2010/09/22 15:44:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\maplecompat.dll
[2010/09/20 22:06:25 | 000,000,700 | ---- | C] () -- C:\WINDOWS\dbmscopy.ini
[2010/05/24 14:43:19 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010/02/10 15:20:29 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/30 20:40:15 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/31 11:01:34 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/03/29 20:36:45 | 000,581,872 | ---- | C] () -- C:\WINDOWS\System32\WODCERTIFICATE.DLL
[2009/03/29 20:34:41 | 000,631,472 | ---- | C] () -- C:\WINDOWS\System32\brgrt.DLL
[2009/03/29 11:40:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/12 21:42:40 | 002,825,728 | ---- | C] () -- C:\WINDOWS\System32\Ago4501.dll
[2009/03/12 21:42:40 | 000,398,336 | ---- | C] () -- C:\WINDOWS\System32\C4501v.dll
[2009/03/12 21:42:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\Powl6.dll
[2009/03/12 21:42:39 | 002,249,216 | ---- | C] () -- C:\WINDOWS\System32\V4501v.dll
[2009/03/12 21:42:39 | 000,335,360 | ---- | C] () -- C:\WINDOWS\System32\Houston.dll
[2009/03/12 21:42:29 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\SNTI386.DLL
[2009/03/12 21:42:29 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\Js~reg32.dll
[2009/02/08 17:04:37 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\M & J\Application Data\ViewerApp.dat
[2008/12/16 09:58:03 | 000,392,704 | ---- | C] () -- C:\WINDOWS\System32\Project10.dll
[2008/12/16 09:57:44 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\SENTINEL.SYS
[2008/12/16 09:57:44 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\RNBOVDD.DLL
[2008/10/21 08:17:33 | 000,000,557 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/10/16 22:09:26 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/10/16 22:09:26 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/10/16 22:09:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/10/16 21:53:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/10/16 21:53:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/10/16 21:53:57 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/10/16 21:52:52 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/10/16 21:52:52 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/10/16 18:59:39 | 000,008,074 | ---- | C] () -- C:\Documents and Settings\M & J\Local Settings\Application Data\WT61US.UWL
[2008/10/08 14:10:02 | 000,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2008/10/05 18:29:46 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/10/05 18:28:39 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/09/21 23:15:56 | 000,000,218 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/21 22:13:31 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LastUpdate.xml
[2008/09/21 22:13:30 | 000,000,031 | ---- | C] () -- C:\WINDOWS\WebUpdateSvc4.INI
[2008/09/21 22:12:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\wuwuninst.exe
[2008/09/21 22:08:25 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2008/09/21 21:47:20 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\custmon2k.dll
[2008/09/21 21:47:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\uninstpw.exe
[2008/09/21 21:24:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/21 21:24:02 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\M & J\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/21 20:25:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/21 20:18:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/09/21 20:18:04 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/09/21 20:16:48 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/09/21 20:09:21 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2008/09/21 20:07:05 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2008/09/21 17:54:38 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/09/21 17:54:16 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/09/21 16:11:28 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/20 22:52:08 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\M & J\Local Settings\Application Data\fusioncache.dat
[2008/09/20 22:43:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/20 22:38:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/20 18:16:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/20 18:16:01 | 000,537,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/25 11:19:12 | 000,213,208 | ---- | C] () -- C:\WINDOWS\System32\WuWUI.exe
[2007/04/06 00:51:22 | 000,757,818 | ---- | C] () -- C:\WINDOWS\System32\gwadd1.dll
[2007/04/06 00:49:34 | 000,303,166 | ---- | C] () -- C:\WINDOWS\System32\gwodm132.dll
[2007/04/06 00:48:12 | 000,032,836 | ---- | C] () -- C:\WINDOWS\System32\Gwshlimp.exe
[2007/04/06 00:21:14 | 000,098,354 | ---- | C] () -- C:\WINDOWS\System32\GWLDO132.DLL
[2006/04/25 16:30:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/04/25 16:30:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 17:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 17:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/20 07:01:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\STADEV32.DLL
[2005/01/03 09:10:44 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\DLXAPI32.DLL
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,444,494 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,072,370 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/09 09:31:18 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2003/06/24 07:07:28 | 000,111,338 | ---- | C] () -- C:\WINDOWS\CheckForNewInstall.EXE
[2003/06/24 07:06:58 | 000,111,457 | ---- | C] () -- C:\WINDOWS\ParseUninstallPath.EXE
[2003/06/20 12:03:08 | 000,111,069 | ---- | C] () -- C:\WINDOWS\RunMSIEXEC.EXE
[2003/03/11 10:53:26 | 000,112,043 | ---- | C] () -- C:\WINDOWS\FixTalkTIRegistry.EXE
[2002/04/29 11:36:22 | 000,111,390 | ---- | C] () -- C:\WINDOWS\parseuninstallpath1.EXE
[2002/04/01 15:14:52 | 000,111,328 | ---- | C] () -- C:\WINDOWS\CheckForOldInstall.EXE
[2002/04/01 13:16:48 | 000,111,282 | ---- | C] () -- C:\WINDOWS\SetTrademark.EXE
[2001/08/03 21:24:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2000/10/30 10:04:00 | 000,000,209 | ---- | C] () -- C:\WINDOWS\Ic32.ini
[1999/01/04 20:00:00 | 000,005,400 | ---- | C] () -- C:\WINDOWS\System32\gauss.DAT

========== LOP Check ==========

[2008/11/12 22:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aiksaurus
[2009/01/15 09:27:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/09/20 22:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/09/21 01:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/10/05 18:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/09/15 19:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/06/01 21:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2010/04/24 21:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Livescribe, Inc
[2011/12/09 12:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/06/19 20:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2009/01/02 21:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Resources
[2008/10/16 21:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/03/27 20:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2008/09/21 20:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/06/09 11:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2008/10/16 21:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2008/09/21 22:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StatTransfer9
[2012/01/22 09:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/07 14:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TI-SmartView 84
[2008/09/21 20:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{02C45027-B817-41FE-A000-2799C43CEF41}
[2011/01/13 12:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/17 10:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{59292F87-91BA-41EE-853D-540AEA75CD73}
[2010/04/13 10:56:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5FEE901F-6F51-43C2-990D-83A16AE01A1E}
[2010/05/17 16:20:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DF13D82E-D8E5-4B41-8167-F79C5D938D1F}
[2010/04/21 22:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2008/09/21 20:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\ACD Systems
[2008/12/21 09:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Amazon
[2011/01/21 12:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Big Fish Games
[2011/04/17 10:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Canon
[2011/06/19 20:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\CocoonSoftware
[2010/02/15 18:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/21 20:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Design Science
[2010/04/08 11:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Diploma
[2010/04/24 15:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Downloaded Installations
[2009/08/12 22:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\EndNote
[2008/09/21 01:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\ESET
[2011/01/10 15:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Fujitsu
[2011/06/12 18:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Full
[2008/12/21 17:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\GARMIN
[2011/06/19 20:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\GetRightToGo
[2008/10/18 22:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\LaCie
[2011/01/10 15:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Leadertech
[2011/03/27 22:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\lyx16
[2011/02/05 20:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Maple
[2011/05/14 13:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Mobipocket
[2009/09/16 09:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\MSNInstaller
[2008/11/23 19:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\NewSoft
[2008/09/27 10:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Opera
[2008/10/05 18:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\pdf995
[2011/01/10 15:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\PFU
[2011/01/24 16:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\runic games
[2011/02/05 17:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\SanDisk
[2008/09/21 20:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\ScanSoft
[2008/09/21 20:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Seven Zip
[2010/04/21 22:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Softland
[2012/01/10 13:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\TestApp
[2011/05/07 14:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Texas Instruments
[2011/06/26 22:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\uTorrent
[2011/12/16 14:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\webex
[2011/03/29 12:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\WinEdt
[2010/01/30 22:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ESET
[2012/01/19 00:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\M & J\Local Settings\temp\RarSFX2\h\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\M & J\Local Settings\temp\RarSFX2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\M & J\Local Settings\temp\RarSFX2\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >


OTL logfile created on: 1/22/2012 9:27:22 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\M & J\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 78.33% Memory free
4.84 Gb Paging File | 4.33 Gb Available in Paging File | 89.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 218.94 Gb Total Space | 61.61 Gb Free Space | 28.14% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 74.43 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DELL | User Name: M & J | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/22 09:25:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\M & J\Desktop\OTL.exe
PRC - [2012/01/14 11:54:27 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/09/06 09:40:33 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/05/17 12:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/05/01 11:13:56 | 000,059,392 | ---- | M] () -- C:\Program Files\ABBYY FineReader for ScanSnap\update_check.exe
PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/04/05 06:19:58 | 000,444,928 | ---- | M] (Livescribe) -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2010/04/05 06:19:56 | 000,647,168 | ---- | M] () -- C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe
PRC - [2010/01/18 18:08:44 | 000,856,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2009/12/01 09:28:54 | 001,146,880 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/10/07 09:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/25 11:19:10 | 000,229,592 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc4.exe
PRC - [2007/04/03 20:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/04/25 16:30:38 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2006/03/21 12:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/03/20 15:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/11/07 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/10/20 14:45:10 | 000,871,936 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2005/10/14 12:02:02 | 000,670,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/08/11 01:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2004/07/08 16:13:42 | 000,106,496 | ---- | M] (Sony Corporation.) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
PRC - [2002/04/24 20:37:43 | 001,544,192 | ---- | M] (Support.com, Inc.) -- C:\Program Files\support.com\bin\tgcmd.exe
PRC - [2001/08/09 16:06:46 | 000,045,056 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe
PRC - [2001/07/03 08:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe
PRC - [2001/07/03 08:11:52 | 000,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/15 12:18:40 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2011/06/15 12:14:58 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011/06/15 12:14:40 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/06/15 12:13:46 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/06/15 12:13:45 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/06/15 12:13:45 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/06/15 12:13:37 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/06/15 12:13:36 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/06/15 12:13:34 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/06/15 12:13:34 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/06/15 12:13:33 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/06/15 12:13:31 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/06/15 12:13:26 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/05/01 11:13:56 | 000,059,392 | ---- | M] () -- C:\Program Files\ABBYY FineReader for ScanSnap\update_check.exe
MOD - [2011/02/04 17:48:32 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2011/02/01 16:10:57 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/02/01 16:10:57 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/02/01 16:10:57 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/02/01 16:10:56 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/02/01 16:10:56 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/02/01 16:10:56 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/02/01 16:10:56 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/02/01 16:10:56 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/02/01 16:10:56 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/02/01 16:10:56 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/02/01 16:10:56 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2010/10/05 21:33:20 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1ccccc25\mscorlib.dll
MOD - [2010/10/05 21:33:18 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_b35dba3f\system.drawing.dll
MOD - [2010/10/05 21:33:15 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_8e4f36fe\system.xml.dll
MOD - [2010/10/05 21:33:12 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_80b1a71f\system.windows.forms.dll
MOD - [2010/10/05 21:33:06 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b3979ce6\system.dll
MOD - [2010/10/05 21:33:01 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010/10/05 21:33:01 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/04/05 06:19:56 | 000,647,168 | ---- | M] () -- C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe
MOD - [2010/04/05 06:05:44 | 000,257,024 | ---- | M] () -- C:\Program Files\Livescribe\Livescribe Desktop\PenCommSDK.dll
MOD - [2010/04/05 06:05:44 | 000,257,024 | ---- | M] () -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommSdk.dll
MOD - [2010/03/03 10:36:46 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/23 09:34:28 | 000,344,064 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsConfig.dll
MOD - [2009/10/15 09:02:00 | 000,233,472 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsExtention.dll
MOD - [2009/02/14 13:27:15 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2008/10/05 18:28:39 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2008/09/21 00:09:46 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2008/09/21 00:09:46 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/09/21 00:09:46 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008/09/21 00:09:46 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2008/09/21 00:09:46 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/24 16:46:54 | 002,449,408 | ---- | M] () -- C:\Program Files\ffdshow\ffdshow.ax
MOD - [2007/06/26 20:27:18 | 000,167,936 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll
MOD - [2006/04/25 16:30:38 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
MOD - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
MOD - [2005/08/05 13:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 12:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005/05/07 13:14:56 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\custmon2k.dll
MOD - [2004/07/08 16:13:44 | 001,032,192 | ---- | M] () -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\ResidenceRes.dll
MOD - [2003/03/26 18:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll
MOD - [2001/08/09 15:54:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Util.dll
MOD - [2001/07/03 08:17:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2001/07/03 08:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (astcc)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/11/22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/11/14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/09/06 09:40:33 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/05 06:19:58 | 000,444,928 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2010/01/18 18:08:44 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/10/07 09:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008/10/16 09:05:22 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2007/06/25 11:19:10 | 000,229,592 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/04/25 16:30:38 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/10/14 12:02:02 | 000,670,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/10/07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/10/07 17:52:06 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/09/06 09:40:29 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/06 09:40:29 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/04/06 05:56:18 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/04/05 06:20:00 | 000,020,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PulseUsb.sys -- (PulseUsb)
DRV - [2010/02/21 21:41:44 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/02/21 21:41:44 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/02/21 21:41:44 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/01/29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/10/07 09:18:34 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/10/07 09:18:34 | 000,032,072 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/10/07 09:18:30 | 000,073,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/10/07 09:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2009/10/07 09:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 13:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/01/12 21:09:10 | 000,483,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2006/07/05 04:33:24 | 000,472,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG311T13.sys -- (AR5211)
DRV - [2006/06/07 16:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/20 15:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/18 11:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 11:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 04:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/10/14 12:01:56 | 000,029,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2005/10/14 12:00:36 | 000,101,760 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/10/14 12:00:26 | 000,022,016 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2005/08/15 11:08:26 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2005/08/15 11:08:26 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/01/28 14:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [1996/12/12 04:30:00 | 000,064,512 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1844237615-1972579041-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.23.0.5

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/14 11:55:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/14 11:54:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 12:00:16 | 000,000,000 | ---D | M]

[2008/09/21 21:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\M & J\Application Data\Mozilla\Extensions
[2011/11/09 15:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\M & J\Application Data\Mozilla\Firefox\Profiles\33e9vdp4.default\extensions
[2010/04/27 15:08:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\M & J\Application Data\Mozilla\Firefox\Profiles\33e9vdp4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/29 10:50:39 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\M & J\Application Data\Mozilla\Firefox\Profiles\33e9vdp4.default\extensions\DeviceDetection@logitech.com
[2011/06/25 23:01:11 | 000,000,000 | ---D | M] (Quick Media Converter Ask Toolbar) -- C:\Documents and Settings\M & J\Application Data\Mozilla\Firefox\Profiles\33e9vdp4.default\extensions\toolbar@ask.com
[2011/12/26 12:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/26 20:43:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/05/24 08:58:05 | 000,101,760 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2010/05/24 08:57:48 | 000,064,384 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2006/05/30 20:46:36 | 000,407,360 | ---- | M] (Documentum, Inc.) -- C:\Program Files\mozilla firefox\plugins\npeRoom7.dll
[2011/12/16 20:38:42 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/16 20:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/16 20:38:42 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/16 20:38:42 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/16 20:38:42 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\M & J\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Quick Media Converter Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Quick Media Converter Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\..\Toolbar\WebBrowser: (Quick Media Converter Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1844237615-1972579041-839522115-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [tgcmd] C:\Program Files\support.com\bin\tgcmd.exe (Support.com, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003..\Run: [LDTray] C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe ()
O4 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003..\Run: [Upgrade_Client] C:\Program Files\ABBYY FineReader for ScanSnap\update_check.exe ()
O4 - HKU\S-1-5-21-1844237615-1972579041-839522115-1007..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk = C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk = C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Notify.lnk = C:\Novell\GroupWise\notify.exe (Novell, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O4 - Startup: C:\Documents and Settings\M & J\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1844237615-1972579041-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1844237615-1972579041-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1844237615-1972579041-839522115-1003\..Trusted Domains: utorrent.com ([www] * in Trusted sites)
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{640809C2-C2EF-4A53-8372-3DA95AB8D9C5}: NameServer = 68.87.73.242,68.87.71.226
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Program Files\PS\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Program Files\PS\itss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\M & J\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\M & J\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/08 16:06:12 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{80f260e8-8ffb-11de-a6a8-b3776a880b39}\Shell\AutoRun\command - "" = K:\wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{d1f6e3f7-8ca5-11dd-a52e-00146c868ef7}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/22 09:25:30 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\M & J\Desktop\aswMBR.exe
[2012/01/22 09:25:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\M & J\Desktop\OTL.exe
[2012/01/18 09:59:13 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\M & J\Desktop\dds.scr
[2012/01/14 11:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/01/14 11:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2012/01/10 14:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WCID
[2012/01/10 13:57:23 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012/01/10 13:57:21 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2012/01/10 13:57:20 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2012/01/10 13:57:20 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2012/01/10 13:56:11 | 000,253,096 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012/01/10 13:56:04 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012/01/10 13:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/01/10 13:55:54 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012/01/10 13:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/01/10 13:51:44 | 000,660,992 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2012/01/10 13:51:43 | 000,341,656 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012/01/10 13:51:41 | 000,331,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012/01/10 13:51:41 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2012/01/10 13:51:39 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/01/10 13:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/10 13:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/10 13:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M & J\Application Data\TestApp
[2012/01/10 13:50:20 | 003,834,864 | ---- | C] (PC Tools) -- C:\Documents and Settings\M & J\My Documents\sdasetup.exe
[2012/01/09 11:31:23 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\M & J\Desktop\iexc.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/22 09:26:10 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\M & J\Desktop\aswMBR.exe
[2012/01/22 09:25:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\M & J\Desktop\OTL.exe
[2012/01/22 09:22:33 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/01/22 09:22:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/22 09:22:27 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1972579041-839522115-1003.job
[2012/01/22 09:22:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/22 09:22:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/19 00:22:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/19 00:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/18 14:48:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/18 09:59:07 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\M & J\Desktop\dds.scr
[2012/01/17 15:06:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/17 14:58:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\M & J\Desktop\wg9ksx8p.exe
[2012/01/15 18:15:25 | 000,273,457 | ---- | M] () -- C:\Documents and Settings\M & J\My Documents\Army STARRS security 01132012.pdf
[2012/01/14 12:00:16 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/14 11:55:20 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/01/14 11:54:30 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/01/14 11:54:10 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1972579041-839522115-1003.job
[2012/01/11 19:40:08 | 001,764,638 | ---- | M] () -- C:\Documents and Settings\M & J\My Documents\501 Calculus Final Edits PART 3 Jan 2012.pdf
[2012/01/11 19:38:58 | 003,250,546 | ---- | M] () -- C:\Documents and Settings\M & J\My Documents\501 Calculus Final Edits PART 2 Jan 2012.pdf
[2012/01/11 19:37:26 | 001,982,807 | ---- | M] () -- C:\Documents and Settings\M & J\My Documents\501 Calculus Final Edits Jan 2012.pdf
[2012/01/10 14:11:21 | 000,001,322 | ---- | M] () -- C:\Documents and Settings\M & J\Desktop\sdasetup.exe.lnk
[2012/01/10 13:56:05 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/01/10 13:51:58 | 000,666,046 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/10 13:50:36 | 003,834,864 | ---- | M] (PC Tools) -- C:\Documents and Settings\M & J\My Documents\sdasetup.exe
[2012/01/10 06:57:37 | 000,621,152 | ---- | M] () -- C:\Documents and Settings\M & J\My Documents\time dep neutral see.pdf
[2012/01/09 18:37:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 11:28:46 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\M & J\Desktop\iexc.exe
[2012/01/09 11:14:42 | 000,012,396 | -HS- | M] () -- C:\Documents and Settings\M & J\Local Settings\Application Data\04lst48rgy6547byqnb28gmisi7am62kcu8p20t5w28fkv
[2012/01/09 11:14:42 | 000,012,396 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\04lst48rgy6547byqnb28gmisi7am62kcu8p20t5w28fkv
[2012/01/08 19:41:16 | 009,648,910 | ---- | M] () -- C:\Documents and Settings\M & J\My Documents\DTS Manual.pdf
[2012/01/08 19:38:56 | 000,270,029 | ---- | M] () -- C:\Documents and Settings\M & J\My Documents\SPAN Addendum to DTS Manual.pdf
[2012/01/07 11:05:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/07 08:23:13 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/01/05 06:28:32 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/12/29 21:48:06 | 000,000,086 | ---- | M] () -- C:\WINDOWS\WPCMAPI.INI
[2011/12/26 12:11:10 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/17 14:58:44 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\M & J\Desktop\wg9ksx8p.exe
[2012/01/15 18:15:25 | 000,273,457 | ---- | C] () -- C:\Documents and Settings\M & J\My Documents\Army STARRS security 01132012.pdf
[2012/01/14 12:00:16 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/14 12:00:16 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/14 11:55:20 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/01/11 19:40:08 | 001,764,638 | ---- | C] () -- C:\Documents and Settings\M & J\My Documents\501 Calculus Final Edits PART 3 Jan 2012.pdf
[2012/01/11 19:38:57 | 003,250,546 | ---- | C] () -- C:\Documents and Settings\M & J\My Documents\501 Calculus Final Edits PART 2 Jan 2012.pdf
[2012/01/11 19:37:26 | 001,982,807 | ---- | C] () -- C:\Documents and Settings\M & J\My Documents\501 Calculus Final Edits Jan 2012.pdf
[2012/01/10 13:57:22 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012/01/10 13:57:22 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2012/01/10 13:57:22 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2012/01/10 13:57:21 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2012/01/10 13:57:21 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2012/01/10 13:56:05 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/01/10 13:51:44 | 000,666,046 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/10 13:51:11 | 000,001,322 | ---- | C] () -- C:\Documents and Settings\M & J\Desktop\sdasetup.exe.lnk
[2012/01/10 06:57:37 | 000,621,152 | ---- | C] () -- C:\Documents and Settings\M & J\My Documents\time dep neutral see.pdf
[2012/01/09 18:37:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 10:14:37 | 000,012,396 | -HS- | C] () -- C:\Documents and Settings\M & J\Local Settings\Application Data\04lst48rgy6547byqnb28gmisi7am62kcu8p20t5w28fkv
[2012/01/09 10:14:37 | 000,012,396 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\04lst48rgy6547byqnb28gmisi7am62kcu8p20t5w28fkv
[2012/01/08 19:41:16 | 009,648,910 | ---- | C] () -- C:\Documents and Settings\M & J\My Documents\DTS Manual.pdf
[2012/01/08 19:38:56 | 000,270,029 | ---- | C] () -- C:\Documents and Settings\M & J\My Documents\SPAN Addendum to DTS Manual.pdf
[2011/06/29 18:55:04 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2011/06/26 06:16:36 | 000,013,360 | -HS- | C] () -- C:\Documents and Settings\M & J\Local Settings\Application Data\56f7srnue42q7hf4qx
[2011/06/26 06:16:36 | 000,013,360 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\56f7srnue42q7hf4qx
[2011/06/12 18:05:49 | 000,101,352 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/07 14:54:44 | 000,000,492 | ---- | C] () -- C:\WINDOWS\{DCFC65CB-97F5-4B9D-BFCD-BAEC7B053FAE}_WiseFW.ini
[2011/02/01 17:53:08 | 004,099,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/10 15:48:08 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DISPARAM.INI
[2011/01/03 14:21:36 | 000,035,190 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/10/14 15:19:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rhproq.sys
[2010/10/03 19:09:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2010/09/22 15:44:45 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2010/09/22 15:44:45 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2010/09/22 15:44:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\maplecompat.dll
[2010/09/20 22:06:25 | 000,000,700 | ---- | C] () -- C:\WINDOWS\dbmscopy.ini
[2010/05/24 14:43:19 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010/02/10 15:20:29 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/30 20:40:15 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/31 11:01:34 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/03/29 20:36:45 | 000,581,872 | ---- | C] () -- C:\WINDOWS\System32\WODCERTIFICATE.DLL
[2009/03/29 20:34:41 | 000,631,472 | ---- | C] () -- C:\WINDOWS\System32\brgrt.DLL
[2009/03/29 11:40:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/12 21:42:40 | 002,825,728 | ---- | C] () -- C:\WINDOWS\System32\Ago4501.dll
[2009/03/12 21:42:40 | 000,398,336 | ---- | C] () -- C:\WINDOWS\System32\C4501v.dll
[2009/03/12 21:42:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\Powl6.dll
[2009/03/12 21:42:39 | 002,249,216 | ---- | C] () -- C:\WINDOWS\System32\V4501v.dll
[2009/03/12 21:42:39 | 000,335,360 | ---- | C] () -- C:\WINDOWS\System32\Houston.dll
[2009/03/12 21:42:29 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\SNTI386.DLL
[2009/03/12 21:42:29 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\Js~reg32.dll
[2009/02/08 17:04:37 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\M & J\Application Data\ViewerApp.dat
[2008/12/16 09:58:03 | 000,392,704 | ---- | C] () -- C:\WINDOWS\System32\Project10.dll
[2008/12/16 09:57:44 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\SENTINEL.SYS
[2008/12/16 09:57:44 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\RNBOVDD.DLL
[2008/10/21 08:17:33 | 000,000,557 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/10/16 22:09:26 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/10/16 22:09:26 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/10/16 22:09:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/10/16 21:53:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/10/16 21:53:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/10/16 21:53:57 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/10/16 21:52:52 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/10/16 21:52:52 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/10/16 18:59:39 | 000,008,074 | ---- | C] () -- C:\Documents and Settings\M & J\Local Settings\Application Data\WT61US.UWL
[2008/10/08 14:10:02 | 000,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2008/10/05 18:29:46 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/10/05 18:28:39 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/09/21 23:15:56 | 000,000,218 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/21 22:13:31 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LastUpdate.xml
[2008/09/21 22:13:30 | 000,000,031 | ---- | C] () -- C:\WINDOWS\WebUpdateSvc4.INI
[2008/09/21 22:12:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\wuwuninst.exe
[2008/09/21 22:08:25 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2008/09/21 21:47:20 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\custmon2k.dll
[2008/09/21 21:47:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\uninstpw.exe
[2008/09/21 21:24:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/21 21:24:02 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\M & J\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/21 20:25:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/21 20:18:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/09/21 20:18:04 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/09/21 20:16:48 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/09/21 20:09:21 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2008/09/21 20:07:05 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2008/09/21 17:54:38 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/09/21 17:54:16 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/09/21 16:11:28 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/20 22:52:08 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\M & J\Local Settings\Application Data\fusioncache.dat
[2008/09/20 22:43:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/20 22:38:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/20 18:16:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/20 18:16:01 | 000,537,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/25 11:19:12 | 000,213,208 | ---- | C] () -- C:\WINDOWS\System32\WuWUI.exe
[2007/04/06 00:51:22 | 000,757,818 | ---- | C] () -- C:\WINDOWS\System32\gwadd1.dll
[2007/04/06 00:49:34 | 000,303,166 | ---- | C] () -- C:\WINDOWS\System32\gwodm132.dll
[2007/04/06 00:48:12 | 000,032,836 | ---- | C] () -- C:\WINDOWS\System32\Gwshlimp.exe
[2007/04/06 00:21:14 | 000,098,354 | ---- | C] () -- C:\WINDOWS\System32\GWLDO132.DLL
[2006/04/25 16:30:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/04/25 16:30:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 17:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 17:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/20 07:01:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\STADEV32.DLL
[2005/01/03 09:10:44 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\DLXAPI32.DLL
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,444,494 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,072,370 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/09 09:31:18 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2003/06/24 07:07:28 | 000,111,338 | ---- | C] () -- C:\WINDOWS\CheckForNewInstall.EXE
[2003/06/24 07:06:58 | 000,111,457 | ---- | C] () -- C:\WINDOWS\ParseUninstallPath.EXE
[2003/06/20 12:03:08 | 000,111,069 | ---- | C] () -- C:\WINDOWS\RunMSIEXEC.EXE
[2003/03/11 10:53:26 | 000,112,043 | ---- | C] () -- C:\WINDOWS\FixTalkTIRegistry.EXE
[2002/04/29 11:36:22 | 000,111,390 | ---- | C] () -- C:\WINDOWS\parseuninstallpath1.EXE
[2002/04/01 15:14:52 | 000,111,328 | ---- | C] () -- C:\WINDOWS\CheckForOldInstall.EXE
[2002/04/01 13:16:48 | 000,111,282 | ---- | C] () -- C:\WINDOWS\SetTrademark.EXE
[2001/08/03 21:24:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2000/10/30 10:04:00 | 000,000,209 | ---- | C] () -- C:\WINDOWS\Ic32.ini
[1999/01/04 20:00:00 | 000,005,400 | ---- | C] () -- C:\WINDOWS\System32\gauss.DAT

========== LOP Check ==========

[2008/11/12 22:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aiksaurus
[2009/01/15 09:27:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/09/20 22:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/09/21 01:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/10/05 18:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/09/15 19:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/06/01 21:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2010/04/24 21:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Livescribe, Inc
[2011/12/09 12:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/06/19 20:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2009/01/02 21:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Resources
[2008/10/16 21:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/03/27 20:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2008/09/21 20:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/06/09 11:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2008/10/16 21:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2008/09/21 22:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StatTransfer9
[2012/01/22 09:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/07 14:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TI-SmartView 84
[2008/09/21 20:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{02C45027-B817-41FE-A000-2799C43CEF41}
[2011/01/13 12:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/17 10:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{59292F87-91BA-41EE-853D-540AEA75CD73}
[2010/04/13 10:56:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5FEE901F-6F51-43C2-990D-83A16AE01A1E}
[2010/05/17 16:20:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DF13D82E-D8E5-4B41-8167-F79C5D938D1F}
[2010/04/21 22:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2008/09/21 20:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\ACD Systems
[2008/12/21 09:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Amazon
[2011/01/21 12:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Big Fish Games
[2011/04/17 10:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Canon
[2011/06/19 20:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\CocoonSoftware
[2010/02/15 18:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/21 20:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Design Science
[2010/04/08 11:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Diploma
[2010/04/24 15:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Downloaded Installations
[2009/08/12 22:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\EndNote
[2008/09/21 01:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\ESET
[2011/01/10 15:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Fujitsu
[2011/06/12 18:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Full
[2008/12/21 17:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\GARMIN
[2011/06/19 20:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\GetRightToGo
[2008/10/18 22:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\LaCie
[2011/01/10 15:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Leadertech
[2011/03/27 22:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\lyx16
[2011/02/05 20:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Maple
[2011/05/14 13:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Mobipocket
[2009/09/16 09:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\MSNInstaller
[2008/11/23 19:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\NewSoft
[2008/09/27 10:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Opera
[2008/10/05 18:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\pdf995
[2011/01/10 15:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\PFU
[2011/01/24 16:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\runic games
[2011/02/05 17:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\SanDisk
[2008/09/21 20:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\ScanSoft
[2008/09/21 20:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Seven Zip
[2010/04/21 22:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Softland
[2012/01/10 13:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\TestApp
[2011/05/07 14:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\Texas Instruments
[2011/06/26 22:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\uTorrent
[2011/12/16 14:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\webex
[2011/03/29 12:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M & J\Application Data\WinEdt
[2010/01/30 22:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ESET
[2012/01/19 00:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\M & J\Local Settings\temp\RarSFX2\h\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\M & J\Local Settings\temp\RarSFX2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\M & J\Local Settings\temp\RarSFX2\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >

#4 CzarKib

CzarKib
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 22 January 2012 - 01:13 PM

Hello. Attached are the reports from the aswMBR scan.

Hello. Attached are the reports from the aswMBR scan.

Attached Files



#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:25 PM

Posted 22 January 2012 - 07:36 PM

Hi,

Please do the following:



Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    [2012/01/09 11:14:42 | 000,012,396 | -HS- | M] () -- C:\Documents and Settings\M & J\Local Settings\Application Data\04lst48rgy6547byqnb28gmisi7am62kcu8p20t5w28fkv
    [2012/01/09 11:14:42 | 000,012,396 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\04lst48rgy6547byqnb28gmisi7am62kcu8p20t5w28fkv
    [2011/06/26 06:16:36 | 000,013,360 | -HS- | C] () -- C:\Documents and Settings\M & J\Local Settings\Application Data\56f7srnue42q7hf4qx
    [2011/06/26 06:16:36 | 000,013,360 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\56f7srnue42q7hf4qx
    [2010/10/14 15:19:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rhproq.sys
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log



NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 CzarKib

CzarKib
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 22 January 2012 - 10:33 PM

Hi. I ran OTL.exe successfully. Here is the log file.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
File not found.
C:\Documents and Settings\M & J\Local Settings\Application Data\04lst48rgy6547byqnb28gmisi7am62kcu8p20t5w28fkv moved successfully.
C:\Documents and Settings\All Users\Application Data\04lst48rgy6547byqnb28gmisi7am62kcu8p20t5w28fkv moved successfully.
C:\Documents and Settings\M & J\Local Settings\Application Data\56f7srnue42q7hf4qx moved successfully.
C:\Documents and Settings\All Users\Application Data\56f7srnue42q7hf4qx moved successfully.
C:\WINDOWS\system32\drivers\rhproq.sys moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
C:\Documents and Settings\M & J\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\M & J\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 82400 bytes
->Temporary Internet Files folder emptied: 1727725 bytes

User: M & J
->Temp folder emptied: 1912033382 bytes
->Temporary Internet Files folder emptied: 956050562 bytes
->Java cache emptied: 8752923 bytes
->FireFox cache emptied: 53686081 bytes
->Google Chrome cache emptied: 6391163 bytes
->Apple Safari cache emptied: 900096 bytes
->Flash cache emptied: 42894 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 77214332 bytes
->Java cache emptied: 33355 bytes
->Flash cache emptied: 20369 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 41 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 782336 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 324175681 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 289270944 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3828122 bytes

Total Files Cleaned = 3,467.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01222012_200800

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\M & J\Local Settings\Temp\Temporary Directory 2 for CHILD NEGLECT PROJECT_USB_08.13.zip\CHILD NEGLECT PROJECT_USB_08.13.08\Deployment Family Stress_06.06.2008\1_Protocol\15_Biosketches and Grant Support.Neglect\A_Cozza.Neglect\1_Biosketch_Cozza.Neglect not found!
File\Folder C:\Documents and Settings\M & J\Local Settings\Temp\Temporary Directory 1 for CHILD NEGLECT PROJECT_USB_08.13.zip\CHILD NEGLECT PROJECT_USB_08.13.08\Deployment Family Stress_06.06.2008\1_Protocol\15_Biosketches and Grant Support.Neglect\A_Cozza.Neglect\1_Biosketch_Cozza.Neglect not found!

Registry entries deleted on Reboot...


I then ran TDSSKiller.exe successfully. Here is the log file.

20:39:36.0671 6096 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
20:39:36.0687 6096 ============================================================
20:39:36.0687 6096 Current date / time: 2012/01/22 20:39:36.0687
20:39:36.0687 6096 SystemInfo:
20:39:36.0687 6096
20:39:36.0687 6096 OS Version: 5.1.2600 ServicePack: 3.0
20:39:36.0687 6096 Product type: Workstation
20:39:36.0687 6096 ComputerName: DELL
20:39:36.0687 6096 UserName: M & J
20:39:36.0687 6096 Windows directory: C:\WINDOWS
20:39:36.0687 6096 System windows directory: C:\WINDOWS
20:39:36.0687 6096 Processor architecture: Intel x86
20:39:36.0687 6096 Number of processors: 2
20:39:36.0687 6096 Page size: 0x1000
20:39:36.0687 6096 Boot type: Normal boot
20:39:36.0687 6096 ============================================================
20:39:37.0171 6096 Drive \Device\Harddisk0\DR0 - Size: 0x4A85B00000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:39:37.0171 6096 Drive \Device\Harddisk1\DR4 - Size: 0xF0E00000 (3.76 Gb), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:39:37.0265 6096 Initialize success
20:39:47.0984 3632 ============================================================
20:39:47.0984 3632 Scan started
20:39:47.0984 3632 Mode: Manual;
20:39:47.0984 3632 ============================================================
20:39:48.0484 3632 Abiosdsk - ok
20:39:48.0500 3632 abp480n5 - ok
20:39:48.0625 3632 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:39:48.0640 3632 ACPI - ok
20:39:48.0703 3632 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:39:48.0734 3632 ACPIEC - ok
20:39:48.0812 3632 adpu160m - ok
20:39:48.0921 3632 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:39:48.0953 3632 aec - ok
20:39:49.0000 3632 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:39:49.0015 3632 AegisP - ok
20:39:49.0078 3632 AFD (4fa443da0051cb6d4cf10542918d2484) C:\WINDOWS\System32\drivers\afd.sys
20:39:49.0078 3632 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 4fa443da0051cb6d4cf10542918d2484, Fake md5: 355556d9e580915118cd7ef736653a89
20:39:49.0078 3632 AFD ( Virus.Win32.ZAccess.k ) - infected
20:39:49.0078 3632 AFD - detected Virus.Win32.ZAccess.k (0)
20:39:49.0093 3632 Aha154x - ok
20:39:49.0093 3632 aic78u2 - ok
20:39:49.0140 3632 aic78xx - ok
20:39:49.0187 3632 AliIde - ok
20:39:49.0218 3632 amsint - ok
20:39:49.0281 3632 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WG311T13.sys
20:39:49.0312 3632 AR5211 - ok
20:39:49.0343 3632 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:39:49.0359 3632 Arp1394 - ok
20:39:49.0390 3632 asc - ok
20:39:49.0421 3632 asc3350p - ok
20:39:49.0421 3632 asc3550 - ok
20:39:49.0468 3632 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:39:49.0484 3632 AsyncMac - ok
20:39:49.0515 3632 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
20:39:49.0562 3632 atapi - ok
20:39:49.0609 3632 Atdisk - ok
20:39:49.0671 3632 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:39:49.0687 3632 ati2mtag - ok
20:39:49.0718 3632 ATIAVPCI (bfa971be38aeeb4b89f4c838079bba02) C:\WINDOWS\system32\DRIVERS\atinavrr.sys
20:39:49.0734 3632 ATIAVPCI - ok
20:39:49.0765 3632 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:39:49.0796 3632 Atmarpc - ok
20:39:49.0843 3632 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:39:49.0859 3632 audstub - ok
20:39:49.0890 3632 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:39:49.0906 3632 Beep - ok
20:39:49.0921 3632 catchme - ok
20:39:49.0953 3632 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:39:49.0968 3632 cbidf2k - ok
20:39:50.0015 3632 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:39:50.0031 3632 CCDECODE - ok
20:39:50.0046 3632 cd20xrnt - ok
20:39:50.0093 3632 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:39:50.0109 3632 Cdaudio - ok
20:39:50.0156 3632 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:39:50.0171 3632 Cdfs - ok
20:39:50.0234 3632 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
20:39:50.0250 3632 cdrbsdrv - ok
20:39:50.0312 3632 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:39:50.0328 3632 Cdrom - ok
20:39:50.0375 3632 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
20:39:50.0390 3632 cercsr6 - ok
20:39:50.0406 3632 Changer - ok
20:39:50.0437 3632 CmdIde - ok
20:39:50.0453 3632 Cpqarray - ok
20:39:50.0500 3632 dac2w2k - ok
20:39:50.0500 3632 dac960nt - ok
20:39:50.0546 3632 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:39:50.0578 3632 Disk - ok
20:39:50.0640 3632 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
20:39:50.0671 3632 DLABOIOM - ok
20:39:50.0703 3632 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
20:39:50.0718 3632 DLACDBHM - ok
20:39:50.0750 3632 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS
20:39:50.0750 3632 DLADResN - ok
20:39:50.0765 3632 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
20:39:50.0812 3632 DLAIFS_M - ok
20:39:50.0843 3632 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
20:39:50.0859 3632 DLAOPIOM - ok
20:39:50.0890 3632 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
20:39:50.0906 3632 DLAPoolM - ok
20:39:50.0921 3632 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
20:39:50.0937 3632 DLARTL_N - ok
20:39:50.0953 3632 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
20:39:50.0984 3632 DLAUDFAM - ok
20:39:51.0031 3632 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
20:39:51.0062 3632 DLAUDF_M - ok
20:39:51.0156 3632 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:39:51.0250 3632 dmboot - ok
20:39:51.0281 3632 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:39:51.0343 3632 dmio - ok
20:39:51.0375 3632 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:39:51.0390 3632 dmload - ok
20:39:51.0453 3632 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:39:51.0453 3632 DMusic - ok
20:39:51.0484 3632 dpti2o - ok
20:39:51.0546 3632 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:39:51.0562 3632 drmkaud - ok
20:39:51.0593 3632 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
20:39:51.0609 3632 DRVMCDB - ok
20:39:51.0625 3632 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
20:39:51.0640 3632 DRVNDDM - ok
20:39:51.0671 3632 eamon (a777d095402b31b0aafe7f19c89fb3a1) C:\WINDOWS\system32\DRIVERS\eamon.sys
20:39:51.0687 3632 eamon - ok
20:39:51.0734 3632 easdrv (e6dffb60bdbd91749eab4d45bc8926a9) C:\WINDOWS\system32\DRIVERS\easdrv.sys
20:39:51.0750 3632 easdrv - ok
20:39:51.0781 3632 epfw (a0da5645ead0656dcd589f7819dd8082) C:\WINDOWS\system32\DRIVERS\epfw.sys
20:39:51.0781 3632 epfw - ok
20:39:51.0796 3632 Epfwndis (9bfd0c86e3522d1522ec77f862de555c) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
20:39:51.0843 3632 Epfwndis - ok
20:39:51.0859 3632 epfwtdi (0bded81831115973f7ddd7b532e4ced2) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
20:39:51.0859 3632 epfwtdi - ok
20:39:51.0890 3632 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:39:51.0937 3632 Fastfat - ok
20:39:52.0031 3632 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:39:52.0046 3632 Fdc - ok
20:39:52.0109 3632 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:39:52.0140 3632 Fips - ok
20:39:52.0171 3632 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:39:52.0187 3632 Flpydisk - ok
20:39:52.0218 3632 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:39:52.0265 3632 FltMgr - ok
20:39:52.0312 3632 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:39:52.0328 3632 Fs_Rec - ok
20:39:52.0375 3632 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:39:52.0406 3632 Ftdisk - ok
20:39:52.0437 3632 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:39:52.0437 3632 GEARAspiWDM - ok
20:39:52.0484 3632 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:39:52.0500 3632 Gpc - ok
20:39:52.0546 3632 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:39:52.0546 3632 HDAudBus - ok
20:39:52.0593 3632 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
20:39:52.0609 3632 HidIr - ok
20:39:52.0640 3632 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:39:52.0656 3632 hidusb - ok
20:39:52.0703 3632 hpn - ok
20:39:52.0750 3632 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:39:52.0765 3632 HTTP - ok
20:39:52.0812 3632 i2omgmt - ok
20:39:52.0875 3632 i2omp - ok
20:39:52.0921 3632 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
20:39:52.0953 3632 i8042prt - ok
20:39:53.0015 3632 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
20:39:53.0015 3632 iastor - ok
20:39:53.0078 3632 imagedrv (25edd75e23c5ef6b33d0fbcce125a601) C:\WINDOWS\system32\Drivers\imagedrv.sys
20:39:53.0078 3632 imagedrv - ok
20:39:53.0093 3632 imagesrv (9c4bbacf4e9b9543c3ce23f1fe556941) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
20:39:53.0093 3632 imagesrv - ok
20:39:53.0125 3632 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:39:53.0140 3632 Imapi - ok
20:39:53.0187 3632 InCDfs (673e994063f3ebb76fccb1b601599567) C:\WINDOWS\system32\drivers\InCDFs.sys
20:39:53.0218 3632 InCDfs - ok
20:39:53.0281 3632 InCDPass (0608a8e30e000c79dcadfc71f36e90c7) C:\WINDOWS\system32\drivers\InCDPass.sys
20:39:53.0281 3632 InCDPass - ok
20:39:53.0328 3632 InCDrec (5640b85335369971e9f3ed479840578c) C:\WINDOWS\system32\drivers\InCDrec.sys
20:39:53.0328 3632 InCDrec - ok
20:39:53.0359 3632 incdrm (e19757161ca5decf10e0796e8bbd1c3d) C:\WINDOWS\system32\drivers\InCDRm.sys
20:39:53.0359 3632 incdrm - ok
20:39:53.0406 3632 ini910u - ok
20:39:53.0437 3632 IntelIde - ok
20:39:53.0468 3632 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:39:53.0484 3632 intelppm - ok
20:39:53.0531 3632 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:39:53.0562 3632 Ip6Fw - ok
20:39:53.0609 3632 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:39:53.0640 3632 IpFilterDriver - ok
20:39:53.0687 3632 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:39:53.0703 3632 IpInIp - ok
20:39:53.0765 3632 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:39:53.0812 3632 IpNat - ok
20:39:53.0875 3632 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:39:53.0890 3632 IPSec - ok
20:39:53.0937 3632 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
20:39:53.0953 3632 IrBus - ok
20:39:54.0015 3632 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:39:54.0031 3632 IRENUM - ok
20:39:54.0062 3632 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:39:54.0078 3632 isapnp - ok
20:39:54.0140 3632 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
20:39:54.0156 3632 ISODrive - ok
20:39:54.0218 3632 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:39:54.0234 3632 Kbdclass - ok
20:39:54.0296 3632 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:39:54.0312 3632 kbdhid - ok
20:39:54.0359 3632 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:39:54.0359 3632 kmixer - ok
20:39:54.0406 3632 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:39:54.0453 3632 KSecDD - ok
20:39:54.0500 3632 lbrtfdc - ok
20:39:54.0578 3632 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
20:39:54.0578 3632 MBAMProtector - ok
20:39:54.0656 3632 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:39:54.0671 3632 MHNDRV - ok
20:39:54.0718 3632 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:39:54.0750 3632 mnmdd - ok
20:39:54.0781 3632 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:39:54.0812 3632 Modem - ok
20:39:54.0890 3632 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:39:54.0906 3632 Mouclass - ok
20:39:54.0953 3632 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:39:54.0984 3632 mouhid - ok
20:39:55.0015 3632 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:39:55.0031 3632 MountMgr - ok
20:39:55.0078 3632 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
20:39:55.0093 3632 MPE - ok
20:39:55.0125 3632 mraid35x - ok
20:39:55.0156 3632 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:39:55.0203 3632 MRxDAV - ok
20:39:55.0265 3632 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:39:55.0296 3632 MRxSmb - ok
20:39:55.0328 3632 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:39:55.0343 3632 Msfs - ok
20:39:55.0406 3632 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:39:55.0421 3632 MSKSSRV - ok
20:39:55.0453 3632 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:39:55.0484 3632 MSPCLOCK - ok
20:39:55.0531 3632 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:39:55.0546 3632 MSPQM - ok
20:39:55.0578 3632 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:39:55.0578 3632 mssmbios - ok
20:39:55.0609 3632 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:39:55.0625 3632 MSTEE - ok
20:39:55.0656 3632 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:39:55.0703 3632 Mup - ok
20:39:55.0765 3632 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:39:55.0796 3632 NABTSFEC - ok
20:39:55.0875 3632 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:39:55.0906 3632 NDIS - ok
20:39:55.0968 3632 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:39:55.0984 3632 NdisIP - ok
20:39:56.0031 3632 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:39:56.0046 3632 NdisTapi - ok
20:39:56.0093 3632 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:39:56.0109 3632 Ndisuio - ok
20:39:56.0171 3632 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:39:56.0234 3632 NdisWan - ok
20:39:56.0265 3632 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:39:56.0296 3632 NDProxy - ok
20:39:56.0312 3632 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:39:56.0343 3632 NetBIOS - ok
20:39:56.0390 3632 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:39:56.0437 3632 NetBT - ok
20:39:56.0500 3632 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:39:56.0515 3632 NIC1394 - ok
20:39:56.0593 3632 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:39:56.0609 3632 Npfs - ok
20:39:56.0671 3632 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:39:56.0703 3632 Ntfs - ok
20:39:56.0765 3632 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
20:39:56.0781 3632 NuidFltr - ok
20:39:56.0828 3632 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:39:56.0843 3632 Null - ok
20:39:56.0890 3632 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:39:56.0906 3632 NwlnkFlt - ok
20:39:56.0937 3632 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:39:56.0953 3632 NwlnkFwd - ok
20:39:56.0968 3632 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:39:57.0000 3632 ohci1394 - ok
20:39:57.0031 3632 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:39:57.0062 3632 Parport - ok
20:39:57.0140 3632 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:39:57.0156 3632 PartMgr - ok
20:39:57.0203 3632 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:39:57.0218 3632 ParVdm - ok
20:39:57.0265 3632 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:39:57.0281 3632 PCI - ok
20:39:57.0343 3632 PCIDump - ok
20:39:57.0375 3632 PCIIde - ok
20:39:57.0453 3632 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:39:57.0500 3632 Pcmcia - ok
20:39:57.0578 3632 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
20:39:57.0578 3632 PCTBD - ok
20:39:57.0625 3632 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys
20:39:57.0671 3632 PCTCore - ok
20:39:57.0734 3632 pctDS (af08ec0f2093867ab955e24121ee7002) C:\WINDOWS\system32\drivers\pctDS.sys
20:39:57.0796 3632 pctDS - ok
20:39:57.0875 3632 pctEFA (4b1b0cd45a047c0941f6b6151f6fb3c1) C:\WINDOWS\system32\drivers\pctEFA.sys
20:39:57.0937 3632 pctEFA - ok
20:39:58.0015 3632 PCTSD (86b9af53e46d0618d230608aed82622f) C:\WINDOWS\system32\Drivers\PCTSD.sys
20:39:58.0046 3632 PCTSD - ok
20:39:58.0078 3632 PDCOMP - ok
20:39:58.0109 3632 PDFRAME - ok
20:39:58.0109 3632 PDRELI - ok
20:39:58.0140 3632 PDRFRAME - ok
20:39:58.0187 3632 perc2 - ok
20:39:58.0218 3632 perc2hib - ok
20:39:58.0281 3632 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:39:58.0296 3632 PptpMiniport - ok
20:39:58.0328 3632 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:39:58.0359 3632 PSched - ok
20:39:58.0437 3632 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
20:39:58.0437 3632 PSI - ok
20:39:58.0500 3632 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:39:58.0515 3632 Ptilink - ok
20:39:58.0578 3632 PulseUsb (071ae03df7d37fbbf9766703265ad871) C:\WINDOWS\system32\DRIVERS\PulseUsb.sys
20:39:58.0578 3632 PulseUsb - ok
20:39:58.0625 3632 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:39:58.0640 3632 PxHelp20 - ok
20:39:58.0656 3632 ql1080 - ok
20:39:58.0687 3632 Ql10wnt - ok
20:39:58.0718 3632 ql12160 - ok
20:39:58.0750 3632 ql1240 - ok
20:39:58.0796 3632 ql1280 - ok
20:39:58.0843 3632 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:39:58.0875 3632 RasAcd - ok
20:39:58.0921 3632 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:39:58.0953 3632 Rasl2tp - ok
20:39:59.0015 3632 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:39:59.0031 3632 RasPppoe - ok
20:39:59.0078 3632 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:39:59.0109 3632 Raspti - ok
20:39:59.0156 3632 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:39:59.0234 3632 Rdbss - ok
20:39:59.0312 3632 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:39:59.0328 3632 RDPCDD - ok
20:39:59.0375 3632 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:39:59.0421 3632 rdpdr - ok
20:39:59.0468 3632 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
20:39:59.0515 3632 RDPWD - ok
20:39:59.0578 3632 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:39:59.0593 3632 redbook - ok
20:39:59.0640 3632 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:39:59.0656 3632 SASDIFSV - ok
20:39:59.0687 3632 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
20:39:59.0718 3632 SASENUM - ok
20:39:59.0750 3632 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
20:39:59.0765 3632 SASKUTIL - ok
20:39:59.0828 3632 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:39:59.0843 3632 Secdrv - ok
20:39:59.0906 3632 Sentinel (05f03d7f2999431c53ce254da1301b31) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
20:39:59.0921 3632 Sentinel - ok
20:39:59.0968 3632 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:40:00.0000 3632 Serial - ok
20:40:00.0046 3632 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:40:00.0062 3632 Sfloppy - ok
20:40:00.0125 3632 SilverLink (392834adb35deb199b03ae6a6caab23a) C:\WINDOWS\system32\Drivers\SilvrLnk.sys
20:40:00.0140 3632 SilverLink - ok
20:40:00.0156 3632 Simbad - ok
20:40:00.0234 3632 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:40:00.0250 3632 SLIP - ok
20:40:00.0312 3632 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
20:40:00.0359 3632 sonypvs1 - ok
20:40:00.0406 3632 Sparrow - ok
20:40:00.0468 3632 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:40:00.0484 3632 splitter - ok
20:40:00.0546 3632 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:40:00.0578 3632 sr - ok
20:40:00.0593 3632 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:40:00.0640 3632 Srv - ok
20:40:00.0703 3632 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
20:40:00.0765 3632 sscdbus - ok
20:40:00.0796 3632 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
20:40:00.0828 3632 sscdmdfl - ok
20:40:00.0859 3632 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
20:40:00.0921 3632 sscdmdm - ok
20:40:01.0000 3632 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
20:40:01.0015 3632 STHDA - ok
20:40:01.0046 3632 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:40:01.0078 3632 streamip - ok
20:40:01.0125 3632 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:40:01.0140 3632 swenum - ok
20:40:01.0265 3632 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:40:01.0296 3632 swmidi - ok
20:40:01.0343 3632 symc810 - ok
20:40:01.0390 3632 symc8xx - ok
20:40:01.0406 3632 sym_hi - ok
20:40:01.0437 3632 sym_u3 - ok
20:40:01.0484 3632 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:40:01.0484 3632 sysaudio - ok
20:40:01.0531 3632 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:40:01.0562 3632 Tcpip - ok
20:40:01.0625 3632 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:40:01.0640 3632 TDPIPE - ok
20:40:01.0687 3632 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:40:01.0703 3632 TDTCP - ok
20:40:01.0765 3632 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:40:01.0812 3632 TermDD - ok
20:40:01.0859 3632 TosIde - ok
20:40:01.0921 3632 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:40:01.0953 3632 Udfs - ok
20:40:01.0968 3632 ultra - ok
20:40:02.0015 3632 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:40:02.0062 3632 Update - ok
20:40:02.0140 3632 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:40:02.0156 3632 USBAAPL - ok
20:40:02.0218 3632 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:40:02.0234 3632 usbaudio - ok
20:40:02.0281 3632 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:40:02.0296 3632 usbccgp - ok
20:40:02.0343 3632 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:40:02.0359 3632 usbehci - ok
20:40:02.0406 3632 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:40:02.0421 3632 usbhub - ok
20:40:02.0453 3632 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:40:02.0468 3632 usbprint - ok
20:40:02.0515 3632 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:40:02.0531 3632 usbscan - ok
20:40:02.0562 3632 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:40:02.0578 3632 usbstor - ok
20:40:02.0609 3632 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:40:02.0625 3632 usbuhci - ok
20:40:02.0671 3632 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:40:02.0687 3632 VgaSave - ok
20:40:02.0718 3632 ViaIde - ok
20:40:02.0734 3632 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:40:02.0765 3632 VolSnap - ok
20:40:02.0796 3632 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:40:02.0812 3632 Wanarp - ok
20:40:02.0890 3632 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:40:02.0921 3632 Wdf01000 - ok
20:40:02.0953 3632 WDICA - ok
20:40:02.0984 3632 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:40:03.0031 3632 wdmaud - ok
20:40:03.0109 3632 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:40:03.0109 3632 WpdUsb - ok
20:40:03.0156 3632 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:40:03.0187 3632 WS2IFSL - ok
20:40:03.0218 3632 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:40:03.0234 3632 WSTCODEC - ok
20:40:03.0296 3632 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:40:03.0312 3632 WudfPf - ok
20:40:03.0359 3632 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:40:03.0375 3632 WudfRd - ok
20:40:03.0406 3632 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:40:03.0531 3632 \Device\Harddisk0\DR0 - ok
20:40:03.0531 3632 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR4
20:40:08.0828 3632 \Device\Harddisk1\DR4 - ok
20:40:08.0828 3632 Boot (0x1200) (7349b2ad8536088f4756411723574e58) \Device\Harddisk0\DR0\Partition0
20:40:08.0828 3632 \Device\Harddisk0\DR0\Partition0 - ok
20:40:08.0859 3632 Boot (0x1200) (ed0920261504f4863fc5d3ef913e1feb) \Device\Harddisk0\DR0\Partition1
20:40:08.0875 3632 \Device\Harddisk0\DR0\Partition1 - ok
20:40:08.0875 3632 Boot (0x1200) (96a459480a03e8ae2a273a43558e4a9b) \Device\Harddisk1\DR4\Partition0
20:40:08.0875 3632 \Device\Harddisk1\DR4\Partition0 - ok
20:40:08.0875 3632 ============================================================
20:40:08.0875 3632 Scan finished
20:40:08.0875 3632 ============================================================
20:40:08.0890 3608 Detected object count: 1
20:40:08.0890 3608 Actual detected object count: 1
20:40:28.0875 3608 Backup copy found, using it..
20:40:28.0937 3608 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
20:40:32.0328 3608 AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure
20:40:38.0015 6104 Deinitialize success


I then disabled Antivirus/AntiSpyware and ran ComboFix.exe. It was able to download and install the Microsoft Windows Recovery Console successfully and then continued with its malware removal. At this point it locked up and the computer froze. Even the system clock froze. So, I do not have a log file for this piece and did not re-run as per the instructions.

Thanks!

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:25 PM

Posted 22 January 2012 - 10:43 PM

OK

Please boot into safe mode and try running ComboFix in safe mode

please give it lots of time to complete:


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 CzarKib

CzarKib
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 22 January 2012 - 11:45 PM

I was able to successfully disable ESET NOD32, restart in Safe Mode and start ComboFix.exe.
Within 1-2 minutes of starting I received a warning message that the computer was infected with Rootkit.zeroAccess! in the tcp/ip stack and that this was a particularly difficult item. It also mentioned that if after the removal, I was unable to get on the internet,, to re-run ComboFix. I clicked Ok to proceed.
In another 1-2 minutes, I received a beep and a warning that ComboFix needed to reboot the machine due to the presence of rootkit activity.
I clicked ok and it proceeded to reboot.
I put it into Safe Mode again and ComboFix automatically restarted.
It completed stages 1,2,3,4,5,6,6A, and I think 7.
It then flashed to a white screen and the screen saver started.
After that I received the usual warning, "Are you sure that you want to be in SafeMode?" I clicked Yes.
ComboFix had stopped and there was no log file to be found in C.

Thanks!

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:25 PM

Posted 23 January 2012 - 08:23 AM

OK,

we're making progress

Please delete the copy of ComboFix that you have on your desktop and download a fresh copy

try running it again in normal mode. make certain your security programs are disabled.

Leave it uninterrupted until it has completed (a log will pop open) sometimes it takes a lot longer than you'd expect especially with this nasty infection, it may appear to have stalled, but leave it alone and wait till it completes.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 CzarKib

CzarKib
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 23 January 2012 - 07:55 PM

Hi. I downloaded a fresh copy and replaced the one on the desktop and again disabled all antivirus/antispamware programs. Once I started ComboFix, it went through a similar pattern as it had in Safe Mode.

Within 1-2 minutes of starting I received a warning message that the computer was infected with Rootkit.zeroAccess! in the tcp/ip stack and that this was a particularly difficult item. It also mentioned that if after the removal, I was unable to get on the internet,, to re-run ComboFix. I clicked Ok to proceed.

Then I received a message stating that the rootkit is detected and to be patient. This may take some moments.

Next, I received the message stating that rootkit activity had been detected and ComboFix would need to reboot the machine. The machine started the shutdown process and got stuck in the midst of shutting down. After I restarted, ComboFix did not restart of its own accord and I have not done anything else.

Thanks!

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:25 PM

Posted 23 January 2012 - 08:09 PM

Please run the following:

Download RogueKiller to your desktop
  • Quit all running programs
  • run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.


NEXT


Please re-run aswMBR > post the resulting log

Edited by CatByte, 24 January 2012 - 06:50 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 CzarKib

CzarKib
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 23 January 2012 - 11:05 PM

Hi. I was able to complete both items successfully this time.

The RKreport log is below, followed by the aswMBR log and the zipped MBR.dat file is attached.

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: M & J [Admin rights]
Mode: Scan -- Date : 01/23/2012 20:43:37

Bad processes: 0

Registry Entries: 6
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{640809C2-C2EF-4A53-8372-3DA95AB8D9C5} : NameServer (68.87.73.242,68.87.71.226) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{640809C2-C2EF-4A53-8372-3DA95AB8D9C5} : NameServer (68.87.73.242,68.87.71.226) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED

Particular Files / Folders:

Driver: [LOADED]

Infection :

HOSTS File:
1

MBR Check:

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 4e55eb12ba88e3dbae82ad30715ea311
[BSP] 0865dbc3033a5b0d1557ae0b87d99f0b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 235086 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 459153765 | Size: 79990 Mo
2 - [XXXXXX] FAT32 [HIDDEN!] Offset (sectors): 615385890 | Size: 4984 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt


Here is the aswMBR log.

aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-23 20:45:01
-----------------------------
20:45:01.453 OS Version: Windows 5.1.2600 Service Pack 3
20:45:01.453 Number of processors: 2 586 0xF06
20:45:01.453 ComputerName: DELL UserName:
20:45:02.328 Initialize success
20:51:31.763 AVAST engine defs: 12012301
20:52:23.591 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
20:52:23.591 Disk 0 Vendor: Intel___ 1.0. Size: 305243MB BusType: 3
20:52:23.607 Disk 0 MBR read successfully
20:52:23.607 Disk 0 MBR scan
20:52:23.638 Disk 0 Windows XP default MBR code
20:52:23.638 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 224196 MB offset 63
20:52:23.638 Disk 0 Partition - 00 0F Extended LBA 76285 MB offset 459153765
20:52:23.669 Disk 0 Partition 2 00 DB CP/M / CTOS MSDOS5.0 4753 MB offset 615385890
20:52:23.685 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 76285 MB offset 459153828
20:52:23.685 Disk 0 scanning sectors +625121280
20:52:23.747 Disk 0 scanning C:\WINDOWS\system32\drivers
20:52:52.232 Service scanning
20:52:58.310 Modules scanning
20:53:09.076 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
20:53:10.591 Disk 0 trace - called modules:
20:53:10.591 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys iaStor.sys hal.dll
20:53:10.607 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5f4840]
20:53:10.607 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8a5f4020]
20:53:10.607 5 PCTCore.sys[b9dc2407] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8aef6030]
20:53:14.482 AVAST engine scan C:\WINDOWS
20:53:55.951 AVAST engine scan C:\WINDOWS\system32
20:56:58.810 AVAST engine scan C:\WINDOWS\system32\drivers
20:57:27.107 AVAST engine scan C:\Documents and Settings\M & J
22:22:09.263 AVAST engine scan C:\Documents and Settings\All Users
22:31:21.810 Scan finished successfully
22:53:15.310 Disk 0 MBR has been saved successfully to "L:\MBR.dat"
22:53:15.326 The log file has been saved successfully to "L:\aswMBR.txt"

Attached File  MBR.zip   523bytes   0 downloads

Thanks!

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:25 PM

Posted 24 January 2012 - 07:36 PM

Please run the following:

Download FixTDSS and save it to your desktop.

  • Double click on the FixTDSS.exe icon to run it.
  • Click the "I Accept" button, then the "Proceed" button to begin
  • The tool will restart your computer automatically - click OK to allow it to do so
  • The tool will begin it's scan on reboot > click "run" to begin
  • It will report if an infected MBR is found > click the "repair" button
  • a log is created in the same location as the tool and is called FixTDSS.log, please post the content in your next reply



NEXT



  • Please download Junction.zip and save it to your desktop.
  • Unzip it and put junction.exe in the Windows directory (C:\WINDOWS).
  • Now go to Start > Run to open a run box > Copy and paste the following command in the open run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

  • A command window will open and the system will be scanned.
  • Wait until a log file opens.
  • Copy and paste or attach the content of it in your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 CzarKib

CzarKib
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 24 January 2012 - 10:37 PM

Hi. I ran FixTDSS. At some point a window popped up stating Backdoor.Tidserv has not been found on your computer. However, I could not locate a log file anywhere on the C drive.

Next I ran junction from the command line and the following log was produced.

Thanks!


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

.
Failed to open \\?\c:\\Documents and Settings\M & J\Desktop\RootRepeal.exe: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Program Files\NETGEAR\WG311T\wlancfg5.exe: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.\\?\c:\\WINDOWS\$NtUninstallKB61266$\1699256103: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config

..

...

.\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

\\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.1.31.0__540d4816ead86321: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47

\\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.1.31.0__540d4816ead86321: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f

..

...

...

...

...

...

...

...

...

...

...

...

...

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:25 PM

Posted 25 January 2012 - 08:21 PM

Hi

Please do the following:

Please run the following:
  • please download GrantPerms.zip and save it to your desktop.
  • Unzip the file and run GrantPerms.exe
  • Copy and paste the following in the edit box:


c:\\WINDOWS\$NtUninstallKB61266$\1699256103
c:\\Program Files\NETGEAR\WG311T\wlancfg5.exe
c:\\Documents and Settings\M & J\Desktop\RootRepeal.exe



  • Now Click Unlock.
  • When it is done click "OK".
  • Now click List Permissions and post the result (Perms.txt) that pops up.
  • A copy of Perms.txt will be saved in the same directory the tool is run.


NEXT

Please re-run ComboFix > allow it to update if it asks to do so > post the resulting log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users