Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Partially Recovered - Need More Help


  • This topic is locked This topic is locked
3 replies to this topic

#1 hhmorgan

hhmorgan

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 07 February 2012 - 11:25 PM

My WinVista laptop was infected during a search download. I was able to get most of the control back and have a clean MBAM, Sypbot S&D and MS Defender.

I am unable to connect to the Internet at all. So I'm posting from another machine after gathering the data logs.

The infection changed some of the system settings, user account control and disabled some of the Windows Functions like Windows Firewall. Also many of my desktop icons have the Administrator shield now displayed over the icon.

Below is DDS.scr, GMER (filename ARK), OTL TDSSKILLER & ASWMBR logs.

DDS.scr

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.16575 BrowserJavaVersion: 1.6.0_26
Run by hmorgan at 23:07:08 on 2012-02-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.0.1252.1.1033.18.3061.1389 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SYSTEM32\astsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://cm.my.yahoo.com/?rd=nux
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 6\SnagItBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: del.icio.us Toolbar Helper: {7aa07ae6-01ef-44ec-93ca-9d7cd41ccdb6} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: del.icio.us: {981fe6a8-260c-4930-960f-c3bc82746cb0} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 6\SnagItIEAddin.dll
TB: WikiSearch: {44e7ef6c-6f5c-4aaf-a080-7725a27878ed} - c:\progra~1\wikise~1\WIKIPE~1.DLL
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Aim6]
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [FolderShare] "c:\program files\foldershare\FolderShare.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [TotalRecorderScheduler] "c:\program files\highcriteria\totalrecorder\TotRecSched.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] "c:\program files\common files\symantec shared\opc\{31011d49-d90c-4da0-878b-78d28ad507af}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\hmorgan\appdata\roaming\micros~1\windows\startm~1\programs\startup\checkf~1.lnk - c:\jts\WiseUpdt.exe
StartupFolder: c:\users\hmorgan\appdata\roaming\micros~1\windows\startm~1\programs\startup\craigs~1.lnk - c:\program files\craigslist reader pro by craigspal\craigspal-memb-run-auto.exe
StartupFolder: c:\users\hmorgan\appdata\roaming\micros~1\windows\startm~1\programs\startup\craigs~2.lnk - c:\program files\craigslist reader pro by craigspal\craigspal-memb-run-auto.exe
StartupFolder: c:\users\hmorgan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 6\SnagIt32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\VONGOT~1.LNK -
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Find on Wikipedia... - c:\program files\wikisearch toolbar\cm.html
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: buydig.com\www
Trusted Zone: ebay.com\signin
Trusted Zone: flickr.com\www
Trusted Zone: google.com\www
Trusted Zone: hilton.com\embassysuites
Trusted Zone: interactivebrokers.com\wt1
Trusted Zone: interactivebrokers.com\www
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: nytimes.com\www
Trusted Zone: pricegrabber.com\www
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: thestreet.com\www
Trusted Zone: turbotax.com
Trusted Zone: verizonwireless.com\www
Trusted Zone: vzw.com\text
Trusted Zone: yahoo.com\cm.my
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} - hxxp://www.schaeffersresearch.com/download/CfxIEAx.cab
DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} - hxxp://www.schaeffersresearch.com/Download/Cfx4Financial.cab
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: Interfaces\{2858EF7B-F60C-4561-8513-25E6F86F6514} : NameServer = 66.174.95.44 66.174.92.14
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 63.249.33.34 italian.zapto.org
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hmorgan\appdata\roaming\mozilla\firefox\profiles\obnlz9ah.default\
FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/?.src=fp
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\hmorgan\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\hmorgan\appdata\roaming\mozilla\firefox\profiles\obnlz9ah.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-12 21504]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-12-9 47640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-12 24652]
S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 81688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-10 136176]
S3 CSRBC01;CSRBC01.Sys CSR test driver;c:\windows\system32\drivers\csrbc01.sys [2007-10-25 83124]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-10 136176]
S3 kwkxusb;Kyocera CDMA Wireless Modem Driver;c:\windows\system32\drivers\kwusb2k.sys [2007-8-28 191104]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-02-04 20:53:07 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a2aff2e0-cbff-4d3f-8855-6a284502163a}\mpengine.dll
2012-01-31 03:10:04 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 03:10:04 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-31 03:10:04 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 03:10:04 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-31 03:10:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 03:10:04 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-26 03:01:15 4200024 ----a-w- c:\windows\system32\cdintf400.dll
2012-01-25 01:57:49 -------- d-----w- c:\windows\C65DD18FD39E443F912FD6CD9F4B3056.TMP
2012-01-25 01:55:08 -------- d-----w- c:\programdata\Leapfrog
2012-01-25 01:55:07 -------- d-----w- c:\program files\LeapFrog
2012-01-23 04:55:34 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-23 04:55:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-23 04:55:31 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-23 04:55:30 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-23 04:55:30 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-23 04:55:28 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-23 04:53:50 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-23 04:53:50 1314816 ----a-w- c:\windows\system32\quartz.dll
.
==================== Find3M ====================
.
2012-01-27 05:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-05 21:02:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 15:20:51 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-12-17 15:20:51 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-17 15:20:51 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-12-17 15:20:51 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 23:07:58.67 ===============

GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-07 22:51:03
Windows 6.0.6002 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL13
Running: r828ni39.exe; Driver: C:\Users\hmorgan\AppData\Local\Temp\awkciuog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001cd800bc40
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001cd800bc40 (not active ControlSet)

---- EOF - GMER 1.0.15 ----


OTL
OTL logfile created on: 2/7/2012 11:02:16 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\hmorgan\Desktop\Virus Utilities
Windows Vista Home Premium Edition (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16575)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 45.74% Memory free
6.18 Gb Paging File | 4.73 Gb Available in Paging File | 76.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.51 Gb Total Space | 22.25 Gb Free Space | 21.50% Space Free | Partition Type: NTFS
Drive D: | 8.28 Gb Total Space | 2.18 Gb Free Space | 26.39% Space Free | Partition Type: NTFS

Computer Name: HMORGANHPLAPTOP | User Name: hmorgan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/06 13:50:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hmorgan\Desktop\Virus Utilities\OTL.exe
PRC - [2011/12/17 10:20:58 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/12/17 10:20:51 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/11/12 12:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2009/10/26 13:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/25 01:11:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2007/09/15 02:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/09/11 00:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
PRC - [2007/08/03 15:09:34 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/02/16 18:08:14 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\AstSrv.exe
PRC - [2007/02/12 09:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 09:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/05 20:49:20 | 000,114,688 | ---- | M] (High Criteria inc.) -- C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
PRC - [2006/11/02 07:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/05/12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/14 09:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 09:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/04/23 20:11:44 | 000,339,968 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/04/23 20:11:34 | 000,237,673 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/04/23 20:11:34 | 000,114,787 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/04/23 20:11:34 | 000,032,768 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SymAppCore)
SRV - File not found [On_Demand | Stopped] -- -- (Symantec Core LC)
SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [On_Demand | Stopped] -- -- (ISPwdSvc)
SRV - File not found [Unknown | Stopped] -- -- (getPlusHelper)
SRV - File not found [On_Demand | Stopped] -- -- (comHost)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- -- (ccSetMgr)
SRV - File not found [Auto | Stopped] -- -- (ccEvtMgr)
SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
SRV - [2011/12/17 10:20:58 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/17 10:20:51 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/24 10:38:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/05/31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/23 20:11:44 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/04/23 10:18:44 | 000,491,520 | ---- | M] (Locktime Software) [Auto | Stopped] -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe -- (nlsvc)
SRV - [2007/03/29 15:59:42 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [Auto | Stopped] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2007/02/16 18:08:14 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\AstSrv.exe -- (astcc)
SRV - [2007/02/12 09:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/05/12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)


========== Driver Services (SafeList) ==========

DRV - [2011/12/17 10:20:51 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/02/25 00:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010/01/27 11:22:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/10/26 14:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/11/04 18:30:51 | 000,083,124 | ---- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\csrbc01.sys -- (CSRBC01)
DRV - [2008/02/28 14:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/12/12 10:35:52 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/09/17 07:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/08/28 16:53:28 | 000,191,104 | ---- | M] (Kyocera Wireless Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kwusb2k.sys -- (kwkxusb)
DRV - [2007/04/23 11:08:52 | 000,081,688 | ---- | M] (Locktime Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\nltdi.sys -- (nltdi)
DRV - [2007/03/01 07:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 12:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 11:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/?rd=nux
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://cm.my.yahoo.com/?.src=fp"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\hmorgan\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\hmorgan\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/09/22 15:17:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 07:24:39 | 000,000,000 | ---D | M]

[2008/09/22 15:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hmorgan\AppData\Roaming\Mozilla\Extensions
[2011/12/01 01:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hmorgan\AppData\Roaming\Mozilla\Firefox\Profiles\obnlz9ah.default\extensions
[2009/11/11 09:15:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\hmorgan\AppData\Roaming\Mozilla\Firefox\Profiles\obnlz9ah.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/11 09:27:57 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\hmorgan\AppData\Roaming\Mozilla\Firefox\Profiles\obnlz9ah.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/12/01 02:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/01 20:51:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/09 23:08:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/05 20:52:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/08 09:53:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/08/26 22:47:36 | 000,325,931 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 63.249.33.34 italian.zapto.org
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11154 more lines...
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (del.icio.us Toolbar Helper) - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O3 - HKLM\..\Toolbar: (WikiSearch) - {44E7EF6C-6F5C-4AAF-A080-7725A27878ED} - C:\Program Files\WikiSearch Toolbar\WikipediaBand.dll (www.mittermayr.com)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll File not found
O3 - HKLM\..\Toolbar: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WikiSearch) - {44E7EF6C-6F5C-4AAF-A080-7725A27878ED} - C:\Program Files\WikiSearch Toolbar\WikipediaBand.dll (www.mittermayr.com)
O3 - HKCU\..\Toolbar\WebBrowser: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe (High Criteria inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background File not found
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\hmorgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O4 - Startup: C:\Users\hmorgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CraigsList Reader Pro v4.5.1.lnk = C:\Program Files\CraigsList Reader Pro by CraigsPal\craigspal-memb-run-auto.exe ()
O4 - Startup: C:\Users\hmorgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CraigsList Reader Pro v4.5.3.lnk = C:\Program Files\CraigsList Reader Pro by CraigsPal\craigspal-memb-run-auto.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Find on Wikipedia... - C:\Program Files\WikiSearch Toolbar\cm.html ()
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: buydig.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ebay.com ([signin] https in Trusted sites)
O15 - HKCU\..Trusted Domains: flickr.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hilton.com ([embassysuites] http in Trusted sites)
O15 - HKCU\..Trusted Domains: interactivebrokers.com ([wt1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: interactivebrokers.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: interactivebrokers.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: nytimes.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pricegrabber.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: thestreet.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: vzw.com ([text] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([cm.my] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([http] in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} http://www.schaeffersresearch.com/download/CfxIEAx.cab (ChartFX Internet Control)
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} http://www.schaeffersresearch.com/Download/Cfx4Financial.cab (ChartFX Internet Financial Client 4.0)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2858EF7B-F60C-4561-8513-25E6F86F6514}: NameServer = 66.174.95.44 66.174.92.14
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/01 18:05:00 | 000,004,682 | ---- | M] () - C:\AutoEnginuity.log -- [ NTFS ]
O32 - AutoRun File - [2007/05/14 07:10:42 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{d767177f-bc98-11dc-80f9-001b24b6592b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/06 16:09:11 | 000,000,000 | ---D | C] -- C:\Users\hmorgan\Desktop\Virus Log
[2012/02/06 15:08:11 | 000,000,000 | ---D | C] -- C:\Users\hmorgan\Desktop\Virus Utilities
[2012/02/06 12:44:21 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\hmorgan\Desktop\spybotsd162.exe
[2012/02/06 11:14:33 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\hmorgan\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/06 11:14:29 | 007,956,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\hmorgan\Desktop\mbam-rules.exe
[2012/01/25 22:01:15 | 004,200,024 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf400.dll
[2012/01/25 22:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012
[2012/01/25 20:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2011
[2012/01/24 20:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/01/24 20:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
[2012/01/24 20:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
[2012/01/24 20:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2012/01/22 23:55:34 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/22 23:55:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/22 23:55:28 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/22 23:53:50 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/22 23:53:50 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/07 22:47:12 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/07 21:42:13 | 000,617,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/07 21:42:13 | 000,108,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/07 21:37:04 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/02/07 21:35:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/07 21:35:15 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 21:35:15 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 21:35:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/07 21:35:03 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/07 21:34:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/07 18:53:08 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/06 15:52:52 | 000,006,648 | ---- | M] () -- C:\Users\hmorgan\AppData\Local\d3d9caps.dat
[2012/02/06 12:46:08 | 000,001,079 | ---- | M] () -- C:\Users\hmorgan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/06 12:46:08 | 000,001,055 | ---- | M] () -- C:\Users\hmorgan\Desktop\Spybot - Search & Destroy.lnk
[2012/02/06 12:42:05 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\hmorgan\Desktop\spybotsd162.exe
[2012/02/06 12:42:02 | 006,771,368 | ---- | M] () -- C:\Users\hmorgan\Desktop\spybotsd_includes.exe
[2012/02/06 12:36:22 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 11:51:05 | 000,684,297 | ---- | M] () -- C:\Users\hmorgan\Desktop\unhide.exe
[2012/02/06 08:59:21 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\hmorgan\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/06 08:59:18 | 007,956,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\hmorgan\Desktop\mbam-rules.exe
[2012/02/04 15:51:12 | 000,366,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/25 22:01:14 | 000,001,655 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Premier 2012.lnk
[2012/01/25 22:01:14 | 000,000,353 | ---- | M] () -- C:\Users\Public\Desktop\Free Credit Report and Score.url
[2012/01/25 22:01:09 | 000,000,165 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2012/01/25 20:38:01 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk
[2012/01/25 20:33:46 | 000,000,590 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/24 20:57:48 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2012/01/24 15:59:44 | 000,215,971 | ---- | M] () -- C:\Users\hmorgan\Documents\01-24-2012 Amica Auto Policy Analysis brie.xps
[2012/01/24 12:39:56 | 005,738,252 | ---- | M] () -- C:\Windows\System32\SNAGIT6
[2012/01/10 08:39:50 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\TWS Previous Version.LNK
[2012/01/10 08:39:50 | 000,001,709 | ---- | M] () -- C:\Users\Public\Desktop\Trader Workstation 4.0.LNK
[2012/01/10 08:39:50 | 000,000,581 | ---- | M] () -- C:\Users\hmorgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk
[2012/01/10 08:39:50 | 000,000,042 | ---- | M] () -- C:\Windows\ib.ini
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/07 18:53:08 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/06 17:53:59 | 000,325,931 | R--- | C] () -- C:\Windows\System32\drivers\hosts.bak
[2012/02/06 16:15:46 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/06 12:44:18 | 006,771,368 | ---- | C] () -- C:\Users\hmorgan\Desktop\spybotsd_includes.exe
[2012/02/06 11:53:46 | 000,684,297 | ---- | C] () -- C:\Users\hmorgan\Desktop\unhide.exe
[2012/02/06 11:15:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/25 22:01:14 | 000,001,655 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Premier 2012.lnk
[2012/01/25 22:01:14 | 000,000,353 | ---- | C] () -- C:\Users\Public\Desktop\Free Credit Report and Score.url
[2012/01/25 20:30:37 | 000,000,590 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/25 20:30:17 | 000,002,523 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk
[2012/01/24 20:57:48 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2012/01/24 15:59:43 | 000,215,971 | ---- | C] () -- C:\Users\hmorgan\Documents\01-24-2012 Amica Auto Policy Analysis brie.xps
[2011/08/02 10:57:10 | 000,000,000 | ---- | C] () -- C:\Users\hmorgan\AppData\Local\{EE6C57D2-BB53-4A07-ABD2-3FAD6C3ABE7A}
[2010/12/28 23:12:53 | 000,000,264 | ---- | C] () -- C:\ProgramData\~paU1SepJcfs37xH
[2010/12/28 23:12:53 | 000,000,176 | ---- | C] () -- C:\ProgramData\~paU1SepJcfs37xHr
[2010/12/28 23:12:47 | 000,000,336 | ---- | C] () -- C:\ProgramData\paU1SepJcfs37xH
[2010/09/22 07:25:11 | 000,006,648 | ---- | C] () -- C:\Users\hmorgan\AppData\Local\d3d9caps.dat
[2010/08/31 13:52:08 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/10 22:26:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/06/10 22:26:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/04 18:36:01 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/10/19 20:46:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/22 15:17:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/16 17:22:00 | 000,002,345 | ---- | C] () -- C:\Windows\Contour.INI
[2008/02/16 17:21:43 | 000,176,128 | ---- | C] () -- C:\Windows\System32\TrackSvr.dll
[2008/02/16 17:21:43 | 000,098,304 | ---- | C] () -- C:\Windows\System32\VesGDI.dll
[2008/02/16 17:21:43 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SeafileSvr.dll
[2008/02/16 17:21:42 | 001,413,120 | ---- | C] () -- C:\Windows\System32\RouteSvr.dll
[2008/02/16 17:21:42 | 000,917,504 | ---- | C] () -- C:\Windows\System32\BSBMarkSvr.dll
[2008/02/16 17:21:42 | 000,491,520 | ---- | C] () -- C:\Windows\System32\MarkSvr.dll
[2008/02/16 17:21:42 | 000,401,408 | ---- | C] () -- C:\Windows\System32\GpsSvr.dll
[2008/02/16 17:21:42 | 000,299,008 | ---- | C] () -- C:\Windows\System32\AlarmSvr.dll
[2008/02/16 17:21:42 | 000,151,552 | ---- | C] () -- C:\Windows\System32\NTMSvr.dll
[2008/02/16 17:21:42 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MobSvr.dll
[2008/02/16 17:21:42 | 000,086,016 | ---- | C] () -- C:\Windows\System32\LatLonEditCtrl.dll
[2008/02/16 17:21:42 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Cog.dll
[2008/02/16 17:21:42 | 000,069,632 | ---- | C] () -- C:\Windows\System32\embassysvr.dll
[2008/02/16 17:21:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HelpSvr.dll
[2008/02/16 17:21:42 | 000,061,440 | ---- | C] () -- C:\Windows\System32\CNavControl.dll
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 18:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 18:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 18:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/01/06 16:57:17 | 000,003,584 | ---- | C] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/02 15:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 15:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 15:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007/12/26 10:22:32 | 000,005,632 | ---- | C] () -- C:\Users\hmorgan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/24 10:30:35 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/12/09 17:39:00 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2007/11/29 23:40:35 | 000,000,042 | ---- | C] () -- C:\Windows\ib.ini
[2007/11/29 23:40:34 | 000,027,136 | ---- | C] () -- C:\Windows\toFront.dll
[2007/11/29 23:40:34 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
[2007/10/18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/10/18 09:03:58 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/23 17:41:20 | 000,779,776 | ---- | C] () -- C:\Windows\System32\cp211_main.dll
[2007/09/23 17:41:20 | 000,285,184 | ---- | C] () -- C:\Windows\System32\cp211_graphicslarge8.dll
[2007/09/23 17:41:20 | 000,285,184 | ---- | C] () -- C:\Windows\System32\cp211_graphicslarge16.dll
[2007/09/23 17:41:20 | 000,252,416 | ---- | C] () -- C:\Windows\System32\cp211_javascript.dll
[2007/09/23 17:41:20 | 000,226,304 | ---- | C] () -- C:\Windows\System32\cp211_msjava.dll
[2007/09/23 17:41:20 | 000,167,936 | ---- | C] () -- C:\Windows\System32\cp211_graphicsmed8.dll
[2007/09/23 17:41:20 | 000,167,936 | ---- | C] () -- C:\Windows\System32\cp211_graphicsmed16.dll
[2007/09/23 17:41:20 | 000,133,120 | ---- | C] () -- C:\Windows\System32\cp211_vrml1to2.dll
[2007/09/23 17:41:20 | 000,057,856 | ---- | C] () -- C:\Windows\System32\cp211_graphicssmall8.dll
[2007/09/23 17:41:20 | 000,057,856 | ---- | C] () -- C:\Windows\System32\cp211_graphicssmall16.dll
[2007/09/23 17:41:20 | 000,049,152 | ---- | C] () -- C:\Windows\System32\cp211_lang.dll
[2007/09/23 17:41:20 | 000,026,624 | ---- | C] () -- C:\Windows\System32\cp211_basic.dll
[2007/09/23 17:41:20 | 000,013,312 | ---- | C] () -- C:\Windows\System32\cp211_graphicspos.dll
[2007/09/23 17:41:20 | 000,003,584 | ---- | C] () -- C:\Windows\System32\vrml1tovrml2.exe
[2007/05/14 07:13:40 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/05/14 07:13:40 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/05/14 06:58:55 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/05/14 04:33:25 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/05/14 04:33:25 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/02/27 15:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,366,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,617,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,108,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 07:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

< End of report >

TDSSKILLER

22:52:17.0655 3280 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
22:52:17.0686 3280 ============================================================
22:52:17.0686 3280 Current date / time: 2012/02/07 22:52:17.0686
22:52:17.0686 3280 SystemInfo:
22:52:17.0686 3280
22:52:17.0686 3280 OS Version: 6.0.6002 ServicePack: 0.0
22:52:17.0686 3280 Product type: Workstation
22:52:17.0686 3280 ComputerName: HMORGANHPLAPTOP
22:52:17.0686 3280 UserName: hmorgan
22:52:17.0686 3280 Windows directory: C:\Windows
22:52:17.0686 3280 System windows directory: C:\Windows
22:52:17.0686 3280 Processor architecture: Intel x86
22:52:17.0686 3280 Number of processors: 2
22:52:17.0686 3280 Page size: 0x1000
22:52:17.0686 3280 Boot type: Normal boot
22:52:17.0686 3280 ============================================================
22:52:18.0201 3280 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:52:18.0232 3280 \Device\Harddisk0\DR0:
22:52:18.0357 3280 MBR used
22:52:18.0357 3280 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCF03A89
22:52:18.0357 3280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xCF03AC8, BlocksNum 0x108FCF9
22:52:18.0654 3280 Initialize success
22:52:18.0654 3280 ============================================================
22:52:52.0584 0592 ============================================================
22:52:52.0584 0592 Scan started
22:52:52.0584 0592 Mode: Manual;
22:52:52.0584 0592 ============================================================
22:52:53.0208 0592 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:52:53.0208 0592 ACPI - ok
22:52:53.0332 0592 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:52:53.0348 0592 adp94xx - ok
22:52:53.0473 0592 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:52:53.0488 0592 adpahci - ok
22:52:53.0598 0592 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:52:53.0598 0592 adpu160m - ok
22:52:53.0644 0592 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:52:53.0660 0592 adpu320 - ok
22:52:53.0816 0592 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:52:53.0816 0592 AFD - ok
22:52:53.0878 0592 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:52:53.0878 0592 agp440 - ok
22:52:53.0910 0592 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:52:53.0910 0592 aic78xx - ok
22:52:54.0019 0592 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
22:52:54.0019 0592 aliide - ok
22:52:54.0050 0592 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:52:54.0050 0592 amdagp - ok
22:52:54.0081 0592 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
22:52:54.0081 0592 amdide - ok
22:52:54.0144 0592 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:52:54.0144 0592 AmdK7 - ok
22:52:54.0175 0592 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:52:54.0175 0592 AmdK8 - ok
22:52:54.0300 0592 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:52:54.0300 0592 arc - ok
22:52:54.0346 0592 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:52:54.0346 0592 arcsas - ok
22:52:54.0424 0592 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:52:54.0424 0592 AsyncMac - ok
22:52:54.0502 0592 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:52:54.0502 0592 atapi - ok
22:52:54.0705 0592 BCM43XV (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:52:54.0721 0592 BCM43XV - ok
22:52:54.0768 0592 BCM43XX (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:52:54.0783 0592 BCM43XX - ok
22:52:54.0908 0592 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:52:54.0908 0592 Beep - ok
22:52:54.0955 0592 blbdrive - ok
22:52:55.0017 0592 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:52:55.0017 0592 bowser - ok
22:52:55.0080 0592 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:52:55.0080 0592 BrFiltLo - ok
22:52:55.0173 0592 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:52:55.0173 0592 BrFiltUp - ok
22:52:55.0220 0592 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:52:55.0220 0592 Brserid - ok
22:52:55.0251 0592 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:52:55.0251 0592 BrSerWdm - ok
22:52:55.0282 0592 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:52:55.0298 0592 BrUsbMdm - ok
22:52:55.0345 0592 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:52:55.0345 0592 BrUsbSer - ok
22:52:55.0485 0592 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
22:52:55.0485 0592 BthEnum - ok
22:52:55.0532 0592 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:52:55.0532 0592 BTHMODEM - ok
22:52:55.0579 0592 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
22:52:55.0594 0592 BthPan - ok
22:52:55.0641 0592 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
22:52:55.0641 0592 BTHPORT - ok
22:52:55.0735 0592 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
22:52:55.0750 0592 BTHUSB - ok
22:52:55.0828 0592 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:52:55.0828 0592 cdfs - ok
22:52:55.0906 0592 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:52:55.0906 0592 cdrom - ok
22:52:56.0016 0592 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:52:56.0016 0592 circlass - ok
22:52:56.0094 0592 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:52:56.0094 0592 CLFS - ok
22:52:56.0250 0592 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:52:56.0250 0592 CmBatt - ok
22:52:56.0296 0592 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
22:52:56.0296 0592 cmdide - ok
22:52:56.0359 0592 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:52:56.0359 0592 Compbatt - ok
22:52:56.0390 0592 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:52:56.0390 0592 crcdisk - ok
22:52:56.0421 0592 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:52:56.0421 0592 Crusoe - ok
22:52:56.0562 0592 CSRBC01 (18121f6df202a9bb616292f224203d6a) C:\Windows\system32\Drivers\CSRBC01.sys
22:52:56.0562 0592 CSRBC01 - ok
22:52:56.0655 0592 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:52:56.0655 0592 DfsC - ok
22:52:56.0827 0592 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:52:56.0827 0592 disk - ok
22:52:56.0920 0592 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:52:56.0920 0592 drmkaud - ok
22:52:56.0998 0592 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:52:57.0014 0592 DXGKrnl - ok
22:52:57.0123 0592 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
22:52:57.0123 0592 E100B - ok
22:52:57.0186 0592 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:52:57.0186 0592 E1G60 - ok
22:52:57.0232 0592 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
22:52:57.0232 0592 eabfiltr - ok
22:52:57.0388 0592 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:52:57.0388 0592 Ecache - ok
22:52:57.0420 0592 eeCtrl - ok
22:52:57.0498 0592 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:52:57.0513 0592 elxstor - ok
22:52:57.0669 0592 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:52:57.0669 0592 exfat - ok
22:52:57.0732 0592 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:52:57.0732 0592 fastfat - ok
22:52:57.0778 0592 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:52:57.0794 0592 fdc - ok
22:52:57.0903 0592 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:52:57.0903 0592 FileInfo - ok
22:52:57.0950 0592 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:52:57.0950 0592 Filetrace - ok
22:52:57.0997 0592 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:52:57.0997 0592 flpydisk - ok
22:52:58.0075 0592 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:52:58.0075 0592 FltMgr - ok
22:52:58.0215 0592 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:52:58.0215 0592 Fs_Rec - ok
22:52:58.0262 0592 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:52:58.0278 0592 gagp30kx - ok
22:52:58.0480 0592 HBtnKey (93aee3434935fc2f805fefd8dc5ed1b4) C:\Windows\system32\DRIVERS\cpqbttn.sys
22:52:58.0480 0592 HBtnKey - ok
22:52:58.0558 0592 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
22:52:58.0558 0592 HdAudAddService - ok
22:52:58.0636 0592 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:52:58.0636 0592 HDAudBus - ok
22:52:58.0730 0592 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:52:58.0730 0592 HidBth - ok
22:52:58.0761 0592 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:52:58.0761 0592 HidIr - ok
22:52:58.0839 0592 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:52:58.0839 0592 HidUsb - ok
22:52:58.0886 0592 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:52:58.0886 0592 HpCISSs - ok
22:52:59.0011 0592 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:52:59.0026 0592 HSFHWAZL - ok
22:52:59.0089 0592 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:52:59.0120 0592 HSF_DPV - ok
22:52:59.0182 0592 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:52:59.0182 0592 HTTP - ok
22:52:59.0276 0592 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:52:59.0276 0592 i2omp - ok
22:52:59.0338 0592 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:52:59.0338 0592 i8042prt - ok
22:52:59.0479 0592 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:52:59.0494 0592 ialm - ok
22:52:59.0619 0592 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
22:52:59.0635 0592 iaStor - ok
22:52:59.0682 0592 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:52:59.0682 0592 iaStorV - ok
22:52:59.0744 0592 IDSvix86 - ok
22:52:59.0947 0592 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:52:59.0962 0592 igfx - ok
22:53:00.0072 0592 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:53:00.0072 0592 iirsp - ok
22:53:00.0243 0592 IntcAzAudAddService (1f10ed6f98c57efb4e7fb9972b2dbb71) C:\Windows\system32\drivers\RTKVHDA.sys
22:53:00.0274 0592 IntcAzAudAddService - ok
22:53:00.0368 0592 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
22:53:00.0384 0592 intelide - ok
22:53:00.0430 0592 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:53:00.0430 0592 intelppm - ok
22:53:00.0524 0592 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:53:00.0524 0592 IpFilterDriver - ok
22:53:00.0602 0592 IpInIp - ok
22:53:00.0649 0592 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:53:00.0649 0592 IPMIDRV - ok
22:53:00.0711 0592 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:53:00.0711 0592 IPNAT - ok
22:53:00.0758 0592 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:53:00.0758 0592 IRENUM - ok
22:53:00.0789 0592 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:53:00.0789 0592 isapnp - ok
22:53:00.0914 0592 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:53:00.0930 0592 iScsiPrt - ok
22:53:00.0961 0592 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:53:00.0961 0592 iteatapi - ok
22:53:00.0992 0592 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:53:00.0992 0592 iteraid - ok
22:53:01.0054 0592 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:53:01.0054 0592 kbdclass - ok
22:53:01.0117 0592 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:53:01.0117 0592 kbdhid - ok
22:53:01.0257 0592 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:53:01.0257 0592 KSecDD - ok
22:53:01.0335 0592 kwkxusb (f335b5683c682bed08bd318a6a9838c1) C:\Windows\system32\DRIVERS\kwusb2k.sys
22:53:01.0335 0592 kwkxusb - ok
22:53:01.0476 0592 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:53:01.0476 0592 lltdio - ok
22:53:01.0632 0592 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
22:53:01.0632 0592 LMIInfo - ok
22:53:01.0741 0592 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
22:53:01.0741 0592 lmimirr - ok
22:53:01.0756 0592 LMIRfsClientNP - ok
22:53:01.0819 0592 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
22:53:01.0819 0592 LMIRfsDriver - ok
22:53:01.0850 0592 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:53:01.0866 0592 LSI_FC - ok
22:53:01.0881 0592 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:53:01.0881 0592 LSI_SAS - ok
22:53:01.0912 0592 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:53:01.0912 0592 LSI_SCSI - ok
22:53:02.0022 0592 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:53:02.0022 0592 luafv - ok
22:53:02.0084 0592 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys
22:53:02.0084 0592 MCSTRM - ok
22:53:02.0131 0592 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:53:02.0146 0592 megasas - ok
22:53:02.0240 0592 MEMSWEEP2 - ok
22:53:02.0318 0592 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:53:02.0318 0592 Modem - ok
22:53:02.0380 0592 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
22:53:02.0380 0592 MODEMCSA - ok
22:53:02.0443 0592 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:53:02.0443 0592 monitor - ok
22:53:02.0552 0592 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:53:02.0552 0592 mouclass - ok
22:53:02.0583 0592 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:53:02.0583 0592 mouhid - ok
22:53:02.0630 0592 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:53:02.0646 0592 MountMgr - ok
22:53:02.0677 0592 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:53:02.0692 0592 mpio - ok
22:53:02.0739 0592 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:53:02.0739 0592 mpsdrv - ok
22:53:02.0848 0592 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:53:02.0848 0592 Mraid35x - ok
22:53:02.0911 0592 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:53:02.0911 0592 MRxDAV - ok
22:53:02.0973 0592 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:53:02.0973 0592 mrxsmb - ok
22:53:03.0036 0592 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:53:03.0036 0592 mrxsmb10 - ok
22:53:03.0129 0592 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:53:03.0129 0592 mrxsmb20 - ok
22:53:03.0176 0592 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
22:53:03.0192 0592 msahci - ok
22:53:03.0223 0592 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:53:03.0223 0592 msdsm - ok
22:53:03.0285 0592 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:53:03.0285 0592 Msfs - ok
22:53:03.0394 0592 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:53:03.0394 0592 msisadrv - ok
22:53:03.0472 0592 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:53:03.0472 0592 MSKSSRV - ok
22:53:03.0519 0592 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:53:03.0519 0592 MSPCLOCK - ok
22:53:03.0550 0592 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:53:03.0550 0592 MSPQM - ok
22:53:03.0691 0592 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:53:03.0691 0592 MsRPC - ok
22:53:03.0738 0592 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:53:03.0738 0592 mssmbios - ok
22:53:03.0784 0592 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:53:03.0784 0592 MSTEE - ok
22:53:03.0831 0592 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:53:03.0831 0592 Mup - ok
22:53:03.0956 0592 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:53:03.0956 0592 NativeWifiP - ok
22:53:03.0972 0592 NAVENG - ok
22:53:03.0987 0592 NAVEX15 - ok
22:53:04.0081 0592 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:53:04.0096 0592 NDIS - ok
22:53:04.0206 0592 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:53:04.0206 0592 NdisTapi - ok
22:53:04.0252 0592 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:53:04.0252 0592 Ndisuio - ok
22:53:04.0315 0592 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:53:04.0330 0592 NdisWan - ok
22:53:04.0377 0592 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:53:04.0377 0592 NDProxy - ok
22:53:04.0486 0592 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:53:04.0486 0592 NetBIOS - ok
22:53:04.0549 0592 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:53:04.0549 0592 netbt - ok
22:53:04.0674 0592 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
22:53:04.0720 0592 NETw3v32 - ok
22:53:04.0908 0592 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
22:53:04.0954 0592 NETw4v32 - ok
22:53:05.0048 0592 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:53:05.0064 0592 nfrd960 - ok
22:53:05.0126 0592 nltdi (19c50a0051fed34cc2544cd45114e4e5) C:\Windows\system32\drivers\nltdi.sys
22:53:05.0126 0592 nltdi - ok
22:53:05.0173 0592 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:53:05.0173 0592 Npfs - ok
22:53:05.0282 0592 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:53:05.0282 0592 nsiproxy - ok
22:53:05.0391 0592 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:53:05.0407 0592 Ntfs - ok
22:53:05.0500 0592 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:53:05.0500 0592 ntrigdigi - ok
22:53:05.0563 0592 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:53:05.0563 0592 Null - ok
22:53:05.0594 0592 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:53:05.0594 0592 nvraid - ok
22:53:05.0625 0592 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:53:05.0625 0592 nvstor - ok
22:53:05.0672 0592 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:53:05.0672 0592 nv_agp - ok
22:53:05.0766 0592 NwlnkFlt - ok
22:53:05.0781 0592 NwlnkFwd - ok
22:53:05.0859 0592 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:53:05.0875 0592 ohci1394 - ok
22:53:05.0922 0592 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:53:05.0922 0592 Parport - ok
22:53:06.0000 0592 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:53:06.0000 0592 partmgr - ok
22:53:06.0062 0592 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:53:06.0062 0592 Parvdm - ok
22:53:06.0140 0592 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:53:06.0140 0592 pci - ok
22:53:06.0202 0592 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
22:53:06.0202 0592 pciide - ok
22:53:06.0265 0592 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:53:06.0280 0592 pcmcia - ok
22:53:06.0390 0592 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:53:06.0405 0592 PEAUTH - ok
22:53:06.0530 0592 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:53:06.0530 0592 PptpMiniport - ok
22:53:06.0577 0592 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:53:06.0577 0592 Processor - ok
22:53:06.0702 0592 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:53:06.0702 0592 PSched - ok
22:53:06.0780 0592 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
22:53:06.0780 0592 PxHelp20 - ok
22:53:06.0858 0592 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:53:06.0889 0592 ql2300 - ok
22:53:06.0967 0592 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:53:06.0967 0592 ql40xx - ok
22:53:07.0060 0592 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:53:07.0060 0592 QWAVEdrv - ok
22:53:07.0107 0592 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:53:07.0107 0592 RasAcd - ok
22:53:07.0154 0592 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:53:07.0154 0592 Rasl2tp - ok
22:53:07.0263 0592 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:53:07.0263 0592 RasPppoe - ok
22:53:07.0310 0592 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:53:07.0326 0592 RasSstp - ok
22:53:07.0372 0592 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:53:07.0372 0592 rdbss - ok
22:53:07.0435 0592 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:53:07.0435 0592 RDPCDD - ok
22:53:07.0528 0592 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
22:53:07.0528 0592 rdpdr - ok
22:53:07.0575 0592 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:53:07.0575 0592 RDPENCDD - ok
22:53:07.0638 0592 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:53:07.0653 0592 RDPWD - ok
22:53:07.0731 0592 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
22:53:07.0731 0592 RFCOMM - ok
22:53:07.0840 0592 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
22:53:07.0840 0592 rimmptsk - ok
22:53:07.0918 0592 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:53:07.0918 0592 rimsptsk - ok
22:53:07.0996 0592 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
22:53:07.0996 0592 RimUsb - ok
22:53:08.0090 0592 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
22:53:08.0090 0592 RimVSerPort - ok
22:53:08.0184 0592 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
22:53:08.0184 0592 rismxdp - ok
22:53:08.0246 0592 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
22:53:08.0246 0592 ROOTMODEM - ok
22:53:08.0308 0592 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:53:08.0308 0592 rspndr - ok
22:53:08.0402 0592 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:53:08.0402 0592 RTL8169 - ok
22:53:08.0480 0592 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:53:08.0496 0592 sbp2port - ok
22:53:08.0574 0592 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
22:53:08.0574 0592 sdbus - ok
22:53:08.0605 0592 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:53:08.0605 0592 secdrv - ok
22:53:08.0698 0592 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:53:08.0698 0592 Serenum - ok
22:53:08.0776 0592 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:53:08.0776 0592 Serial - ok
22:53:08.0839 0592 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:53:08.0839 0592 sermouse - ok
22:53:08.0917 0592 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
22:53:08.0917 0592 sffdisk - ok
22:53:08.0964 0592 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:53:08.0979 0592 sffp_mmc - ok
22:53:09.0057 0592 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:53:09.0057 0592 sffp_sd - ok
22:53:09.0120 0592 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:53:09.0120 0592 sfloppy - ok
22:53:09.0151 0592 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:53:09.0166 0592 sisagp - ok
22:53:09.0198 0592 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:53:09.0213 0592 SiSRaid2 - ok
22:53:09.0244 0592 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:53:09.0244 0592 SiSRaid4 - ok
22:53:09.0354 0592 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:53:09.0354 0592 Smb - ok
22:53:09.0463 0592 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
22:53:09.0478 0592 smserial - ok
22:53:09.0556 0592 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
22:53:09.0556 0592 SMSIVZAM5 - ok
22:53:09.0619 0592 SPBBCDrv - ok
22:53:09.0728 0592 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:53:09.0728 0592 spldr - ok
22:53:09.0744 0592 SRTSP - ok
22:53:09.0775 0592 SRTSPL - ok
22:53:09.0806 0592 SRTSPX - ok
22:53:09.0884 0592 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:53:09.0884 0592 srv - ok
22:53:09.0946 0592 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:53:09.0946 0592 srv2 - ok
22:53:10.0056 0592 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:53:10.0056 0592 srvnet - ok
22:53:10.0134 0592 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:53:10.0134 0592 swenum - ok
22:53:10.0196 0592 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:53:10.0196 0592 Symc8xx - ok
22:53:10.0212 0592 SymEvent - ok
22:53:10.0274 0592 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:53:10.0274 0592 Sym_hi - ok
22:53:10.0352 0592 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:53:10.0352 0592 Sym_u3 - ok
22:53:10.0430 0592 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
22:53:10.0430 0592 SynTP - ok
22:53:10.0555 0592 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:53:10.0570 0592 Tcpip - ok
22:53:10.0648 0592 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:53:10.0664 0592 Tcpip6 - ok
22:53:10.0726 0592 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:53:10.0726 0592 tcpipreg - ok
22:53:10.0804 0592 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:53:10.0804 0592 TDPIPE - ok
22:53:10.0836 0592 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:53:10.0836 0592 TDTCP - ok
22:53:10.0898 0592 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:53:10.0898 0592 tdx - ok
22:53:11.0007 0592 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:53:11.0007 0592 TermDD - ok
22:53:11.0070 0592 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:53:11.0070 0592 tssecsrv - ok
22:53:11.0148 0592 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:53:11.0148 0592 tunmp - ok
22:53:11.0210 0592 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:53:11.0210 0592 tunnel - ok
22:53:11.0257 0592 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:53:11.0257 0592 uagp35 - ok
22:53:11.0366 0592 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:53:11.0366 0592 udfs - ok
22:53:11.0428 0592 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:53:11.0428 0592 uliagpkx - ok
22:53:11.0460 0592 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:53:11.0475 0592 uliahci - ok
22:53:11.0522 0592 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:53:11.0522 0592 UlSata - ok
22:53:11.0616 0592 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:53:11.0616 0592 ulsata2 - ok
22:53:11.0694 0592 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:53:11.0694 0592 umbus - ok
22:53:11.0756 0592 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:53:11.0756 0592 usbccgp - ok
22:53:11.0818 0592 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:53:11.0818 0592 usbcir - ok
22:53:11.0943 0592 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:53:11.0943 0592 usbehci - ok
22:53:12.0021 0592 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:53:12.0021 0592 usbhub - ok
22:53:12.0052 0592 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:53:12.0052 0592 usbohci - ok
22:53:12.0099 0592 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\drivers\usbprint.sys
22:53:12.0115 0592 usbprint - ok
22:53:12.0130 0592 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:53:12.0130 0592 usbscan - ok
22:53:12.0240 0592 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:53:12.0240 0592 USBSTOR - ok
22:53:12.0302 0592 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:53:12.0302 0592 usbuhci - ok
22:53:12.0364 0592 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
22:53:12.0380 0592 usb_rndisx - ok
22:53:12.0442 0592 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
22:53:12.0442 0592 vga - ok
22:53:12.0520 0592 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:53:12.0536 0592 VgaSave - ok
22:53:12.0583 0592 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:53:12.0583 0592 viaagp - ok
22:53:12.0630 0592 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:53:12.0630 0592 ViaC7 - ok
22:53:12.0661 0592 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
22:53:12.0661 0592 viaide - ok
22:53:12.0723 0592 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:53:12.0723 0592 volmgr - ok
22:53:12.0832 0592 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:53:12.0832 0592 volmgrx - ok
22:53:12.0910 0592 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:53:12.0926 0592 volsnap - ok
22:53:13.0004 0592 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:53:13.0004 0592 vsmraid - ok
22:53:13.0098 0592 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:53:13.0098 0592 WacomPen - ok
22:53:13.0144 0592 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:53:13.0144 0592 Wanarp - ok
22:53:13.0160 0592 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:53:13.0176 0592 Wanarpv6 - ok
22:53:13.0238 0592 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:53:13.0238 0592 Wd - ok
22:53:13.0316 0592 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:53:13.0332 0592 Wdf01000 - ok
22:53:13.0472 0592 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:53:13.0488 0592 winachsf - ok
22:53:13.0675 0592 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:53:13.0675 0592 WmiAcpi - ok
22:53:13.0815 0592 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:53:13.0815 0592 WpdUsb - ok
22:53:13.0862 0592 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:53:13.0862 0592 ws2ifsl - ok
22:53:13.0987 0592 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:53:13.0987 0592 WUDFRd - ok
22:53:14.0034 0592 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
22:53:14.0080 0592 \Device\Harddisk0\DR0 - ok
22:53:14.0080 0592 Boot (0x1200) (659a0fabda8b1f6fa896251976c5b168) \Device\Harddisk0\DR0\Partition0
22:53:14.0080 0592 \Device\Harddisk0\DR0\Partition0 - ok
22:53:14.0096 0592 Boot (0x1200) (c388820421ff0a7145873e95d51ebd71) \Device\Harddisk0\DR0\Partition1
22:53:14.0096 0592 \Device\Harddisk0\DR0\Partition1 - ok
22:53:14.0096 0592 ============================================================
22:53:14.0096 0592 Scan finished
22:53:14.0096 0592 ============================================================
22:53:14.0112 2516 Detected object count: 0
22:53:14.0112 2516 Actual detected object count: 0


ASWMBR

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-07 22:54:46
-----------------------------
22:54:46.662 OS Version: Windows 6.0.6002
22:54:46.662 Number of processors: 2 586 0xF0D
22:54:46.662 ComputerName: HMORGANHPLAPTOP UserName: hmorgan
22:54:48.347 Initialize success
22:55:03.878 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:55:03.878 Disk 0 Vendor: TOSHIBA_ DL13 Size: 114473MB BusType: 3
22:55:04.471 Disk 0 MBR read successfully
22:55:04.487 Disk 0 MBR scan
22:55:04.502 Disk 0 unknown MBR code
22:55:04.689 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 105991 MB offset 63
22:55:04.939 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8479 MB offset 217070280
22:55:05.064 Disk 0 scanning sectors +234436545
22:55:05.797 Disk 0 scanning C:\Windows\system32\drivers
22:56:54.139 Service scanning
22:56:55.761 Modules scanning
23:00:30.745 Disk 0 trace - called modules:
23:00:30.885 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll
23:00:30.885 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ebcac8]
23:00:30.901 3 CLASSPNP.SYS[8a1a78b3] -> nt!IofCallDriver -> [0x84f247c0]
23:00:30.901 Scan finished successfully
23:01:02.881 Disk 0 MBR has been saved successfully to "C:\Users\hmorgan\Desktop\Virus Log\MBR.dat"
23:01:02.897 The log file has been saved successfully to "C:\Users\hmorgan\Desktop\Virus Log\aswMBR.txt"

Attached Files



BC AdBot (Login to Remove)

 


#2 hhmorgan

hhmorgan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 09 February 2012 - 10:00 PM

Moderator - close this posting.

I recovered access to everything after running Subincl http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=23510

Edited by hhmorgan, 09 February 2012 - 10:00 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:44 PM

Posted 10 February 2012 - 11:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your logs are looking good.

Lets see if we can restore your Internet connectivity.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply for my review.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:44 PM

Posted 17 February 2012 - 11:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users